Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
wfqueir

remover svcsrss.exe

Recommended Posts

Preciso de ajuda, o gerenciador de tarefas, msconfig, não funcionam.

Creio que seja por conta desse arquivo que não sai da minha máquina de jeito nenhum, svcsrss.exe

Aguardo retorno.

DDS

DDS (Ver_10-03-17.01) - NTFSx86

Run by Azeitona at 18:03:59,75 on qui 02/09/2010

Internet Explorer: 6.0.2900.5512

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.495.97 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Azeitona\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.globo.com/

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [ares] "c:\arquivos de programas\ares\Ares.exe" -h

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd\language\Language.exe"

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ralink~1.lnk - c:\arquivos de programas\ralink\common\RaUI.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\softwa~1.lnk - c:\arquivos de programas\kodak\kodak easyshare software\bin\EasyShare.exe

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

TCP: {BD7F578F-44E2-4327-AF6E-69CE64F7F796} = 200.225.197.37

Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\azeitona\dadosd~1\mozilla\firefox\profiles\nyaswrov.default\

FF - prefs.js: browser.startup.homepage - www.globo.com

FF - component: c:\documents and settings\azeitona\dados de aplicativos\mozilla\firefox\profiles\nyaswrov.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8873}\components\GbMzhUni.dll

FF - component: c:\documents and settings\azeitona\dados de aplicativos\mozilla\firefox\profiles\nyaswrov.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-09-02 19:02:46 77312 ----a-w- c:\windows\MBR.exe

2010-09-02 19:02:45 256512 ----a-w- c:\windows\PEV.exe

2010-09-02 19:02:44 98816 ----a-w- c:\windows\sed.exe

2010-09-02 19:02:44 161792 ----a-w- c:\windows\SWREG.exe

2010-09-02 19:01:32 0 d-----w- C:\ComboFix

2010-09-02 15:34:53 54156 ---ha-w- c:\windows\QTFont.qfn

2010-09-02 15:34:53 1409 ----a-w- c:\windows\QTFont.for

2010-08-25 19:45:09 1036 --sha-r- c:\documents and settings\azeitona\ntuser.pol

2010-08-25 19:44:16 0 d--h--w- c:\windows\system32\GroupPolicy

==================== Find3M ====================

============= FINISH: 18:04:07,40 ===============

Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/12/2009 16:33:06

System Uptime: 9/2/2010 16:13:05 (4922 hours ago)

Motherboard: MSI | | MS-7267

Processor: Processador Intel Pentium II | CPU 1 | 1596/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 30 GiB total, 18,084 GiB free.

D: is FIXED (NTFS) - 44 GiB total, 5,406 GiB free.

E: is CDROM ()

F: is FIXED (FAT32) - 4 GiB total, 4,016 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Controlador Ethernet

Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_267C1462&REV_01\4&38D2602C&0&00E1

Manufacturer:

Name: Controlador Ethernet

PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_267C1462&REV_01\4&38D2602C&0&00E1

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Modem PCI

Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&CF81C54&0&00F0

Manufacturer:

Name: Modem PCI

PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&CF81C54&0&00F0

Service:

==== System Restore Points ===================

RP42: 7/5/2010 14:58:49 - Ponto de verificação do sistema

RP43: 10/5/2010 08:53:53 - Ponto de verificação do sistema

RP44: 12/5/2010 19:05:45 - Ponto de verificação do sistema

RP45: 15/5/2010 13:38:08 - Ponto de verificação do sistema

RP46: 19/5/2010 11:07:13 - Ponto de verificação do sistema

RP47: 24/5/2010 10:24:15 - Ponto de verificação do sistema

RP48: 25/5/2010 12:21:12 - Ponto de verificação do sistema

RP49: 7/6/2010 14:03:54 - Ponto de verificação do sistema

RP50: 10/6/2010 12:21:10 - Ponto de verificação do sistema

RP51: 11/6/2010 13:42:50 - Ponto de verificação do sistema

RP52: 14/6/2010 13:58:18 - Ponto de verificação do sistema

RP53: 15/6/2010 20:19:01 - Ponto de verificação do sistema

RP54: 21/6/2010 09:57:51 - Ponto de verificação do sistema

RP55: 22/6/2010 12:01:17 - Ponto de verificação do sistema

RP56: 28/6/2010 12:49:04 - Ponto de verificação do sistema

RP57: 8/7/2010 17:07:39 - Ponto de verificação do sistema

RP58: 9/7/2010 17:38:19 - Ponto de verificação do sistema

RP59: 12/7/2010 18:36:53 - Ponto de verificação do sistema

RP60: 14/7/2010 11:03:20 - Ponto de verificação do sistema

RP61: 17/7/2010 11:10:30 - Ponto de verificação do sistema

RP62: 27/7/2010 23:49:11 - Ponto de verificação do sistema

RP63: 4/8/2010 12:14:25 - Ponto de verificação do sistema

RP64: 26/8/2010 10:25:10 - Ponto de verificação do sistema

RP65: 2/9/2010 16:03:50 - ComboFix created restore point

RP66: 2/9/2010 16:04:37 - avast! Internet Security Setup

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.4 - Português

Adobe Shockwave Player 11.5

Ares 2.1.2

Arquivo do WinRAR

Assistente de Conexão do Windows Live

CCScore

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

Ferramenta de Carregamento do Windows Live

fflink

Guitar Pro 5.1

Intel® Graphics Media Accelerator Driver

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Microsoft .NET Framework 2.0

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.5.11)

MSVCRT

Nero 7 Lite 7.9.6.0

netbrdg

OfotoXMI

PokerStars.net

PowerDVD

QuickTime

Ralink Wireless LAN Card

Real Alternative 1.9.0

Realtek High Definition Audio Driver

Segoe UI

SFR

SHASTA

skin0001

SKINXSDK

Software Kodak EasyShare

staticcr

tooltips

VPRINTOL

WebFldrs XP

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows XP Service Pack 3

WIRELESS

==== End Of File ===========================

GMER

GMER 1.0.15.15281 - http://www.gmer.net

Autostart scan 2010-09-02 18:01:15

Windows 5.1.2600 Service Pack 3

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>

dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll

igfxcui@DLLName = igfxdev.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>

MDM@ = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe"

RichVideo@ = "C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe" ??????????????????????????????????????????????????????????????

ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>

@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe

@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe

@PersistenceC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe

@RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE

@QuickTime Task"C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime = "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

@RemoteControl"C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" = "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

@LanguageShortcut"C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" = "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

@Adobe Reader Speed Launcher"C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

@Adobe ARM"C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" = "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>

@msnmsgr"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background = "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

@ares"C:\Arquivos de programas\Ares\Ares.exe" -h = "C:\Arquivos de programas\Ares\Ares.exe" -h

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>

@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Extensão do 'Painel de controle' para panorâmica de vídeo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/

@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll

@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll

@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =

@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll

@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Arquivos de programas\WinRAR\rarext.dll = C:\Arquivos de programas\WinRAR\rarext.dll

@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\MSONSEXT.DLL

@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Arquivos de programas\Microsoft Office\Office12\msohevi.dll = C:\Arquivos de programas\Microsoft Office\Office12\msohevi.dll

@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll

@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll

@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll

@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Arquivos de programas\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Arquivos de programas\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Arquivos de programas\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>

@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>

@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157

@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>

@Start Pagehttp://www.globo.com/ = http://www.globo.com/

@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>

dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll

its@CLSID = C:\WINDOWS\system32\itss.dll

livecall@CLSID = C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll

ms-help@CLSID = C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

ms-its@CLSID = C:\WINDOWS\system32\itss.dll

msnim@CLSID = C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8E8CB511-3AA4-44CF-B067-7267269E7DFC} /*Conexão de rede sem fio*/ >>>

@IPAddress192.168.1.27 = 192.168.1.27

@NameServer =

@DefaultGateway =

@Domain =

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar >>>

Ralink Wireless Utility.lnk = Ralink Wireless Utility.lnk

Software Kodak EasyShare.lnk = Software Kodak EasyShare.lnk

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vejo que já executou alguns programas de segurança. Está recebendo ajuda em outro fórum?

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Não, comecei a pesquisar nesse mesmo fórum outros posts, porém, percebi que havia uma orientação que era bem específica para o resultado do scan do Combofix para um certo usuário, então não fazer mais nada por conta própria e solicitar ajuda.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Mas o ComboFix foi executado. Poste seu log presente em C:\Combofix.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 10-09-01.04 - Azeitona 02/09/2010 16:06:41.1.1 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.495.180 [GMT -3:00]

    Executando de: c:\documents and settings\Azeitona\Desktop\ComboFix.exe

    AV: avast! Internet Security *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    * Criado um novo ponto de restauração

    ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\arquivos de programas\Internet Explorer\_file0000.tmp

    c:\arquivos de programas\Internet Explorer\acpi.vxd

    c:\arquivos de programas\Internet Explorer\ielowutil2.exe

    c:\arquivos de programas\Internet Explorer\pdm2.dll

    C:\Autorun.inf

    c:\cmos\id

    c:\cmos\xln.cpl

    c:\cmos\xlr.exe

    c:\cmos\xlr2.exe

    c:\cmos\xlxb.cpl

    C:\datagyn

    c:\documents and settings\Azeitona\Recent\Thumbs.db

    C:\svcsrss.exe

    c:\windows\system32\acpi.vxd

    c:\windows\system32\csrcs.exe

    c:\windows\system32\ntkrnlp.exe

    c:\windows\system32\svcsrss.exe

    D:\Autorun.inf

    F:\Autorun.inf

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_SRVWINUPD

    -------\Service_srvwinupd

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-08-02 to 2010-09-02 ))))))))))))))))))))))))))))

    .

    2010-08-25 19:44 . 2010-08-25 19:44 -------- d--h--w- c:\windows\system32\GroupPolicy

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-08-20 17:41 . 2009-12-09 19:04 -------- d-----w- c:\arquivos de programas\PokerStars.NET

    2010-08-02 22:50 . 2010-08-02 22:50 -------- d-----w- c:\documents and settings\Azeitona\Dados de aplicativos\Media Player Classic

    2010-07-21 01:38 . 2010-02-06 15:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

    "ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-11-05 954368]

    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

    "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]

    "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2008-02-01 385024]

    "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]

    "LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

    "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

    "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

    Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2009-12-9 589824]

    Software Kodak EasyShare.lnk - c:\arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

    2009-11-05 20:36 954368 ----a-w- c:\arquivos de programas\Ares\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "avast! Web Scanner"=3 (0x3)

    "avast! Mail Scanner"=3 (0x3)

    "avast! Antivirus"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\Ares\\Ares.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

    "c:\\WINDOWS\\system32\\ftp.exe"=

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.globo.com/

    uInternet Connection Wizard,ShellNext = iexplore

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

    TCP: {BD7F578F-44E2-4327-AF6E-69CE64F7F796} = 200.225.197.37

    FF - ProfilePath - c:\documents and settings\Azeitona\Dados de aplicativos\Mozilla\Firefox\Profiles\nyaswrov.default\

    FF - prefs.js: browser.startup.homepage - www.globo.com

    FF - component: c:\documents and settings\Azeitona\Dados de aplicativos\Mozilla\Firefox\Profiles\nyaswrov.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

    FF - component: c:\documents and settings\Azeitona\Dados de aplicativos\Mozilla\Firefox\Profiles\nyaswrov.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    BHO-{36E2C9CC-76BA-4598-9000-58D32A790A4B} - c:\arquiv~1\INTERN~1\pdm2.dll

    HKCU-Run-CoolSMS - c:\arquivos de programas\CoolSMS\CoolSMS.exe

    HKLM-Run-xln - c:\cmos\xln.cpl

    HKLM-Run-xlr - c:\cmos\xlr.exe

    HKLM-Run-xlxb - c:\cmos\xlxb.cpl

    HKLM-Run-xlr2 - c:\cmos\xlr2.exe

    MSConfigStartUp-avast5 - c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe

    AddRemove-{BCF2CEFB-E23D-42EF-A5FA-F9ED2A085821}_is1 - c:\arquivos de programas\CoolSMS\unins000.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-09-02 16:14

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

    "ImagePath"="\??\c:\arquivos de programas\CyberLink\PowerDVD\000.fcl"

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

    c:\arquivos de programas\CyberLink\Shared files\RichVideo.exe

    c:\windows\system32\wscntfy.exe

    c:\windows\RTHDCPL.EXE

    .

    **************************************************************************

    .

    Tempo para conclusão: 2010-09-02 16:18:40 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2010-09-02 19:18

    Pré-execução: 6 pasta(s) 11.672.936.448 bytes disponíveis

    Pós execução: 8 pasta(s) 19.349.209.088 bytes disponíveis

    - - End Of File - - FE3CAA800CD62A5F3BA6D8983A86D7D6

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    O console de recuperação não foi instalado como se devia.

    Leia as instruções contidas neste link:

    Faça uma nova execução e instale o console para darmos início à análise.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 10-09-01.04 - Azeitona 03/09/2010 11:55:29.2.1 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.495.165 [GMT -3:00]

    Executando de: c:\documents and settings\Azeitona\Desktop\ComboFix.exe

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-08-03 to 2010-09-03 ))))))))))))))))))))))))))))

    .

    2010-09-03 14:18 . 2008-12-23 18:49 113640 ----a-w- c:\documents and settings\Azeitona\Dados de aplicativos\Mozilla\Firefox\Profiles\nyaswrov.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll

    2010-09-03 13:02 . 2010-09-03 13:03 -------- d-----w- c:\arquivos de programas\PokerStars

    2010-08-25 19:44 . 2010-08-25 19:44 -------- d--h--w- c:\windows\system32\GroupPolicy

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-09-03 14:19 . 2010-02-06 15:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

    2010-09-03 01:31 . 2009-12-09 19:04 -------- d-----w- c:\arquivos de programas\PokerStars.NET

    2010-08-02 22:50 . 2010-08-02 22:50 -------- d-----w- c:\documents and settings\Azeitona\Dados de aplicativos\Media Player Classic

    .

    ((((((((((((((((((((((((((((( SnapShot@2010-09-02_19.14.09 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2010-09-03 12:53 . 2010-09-03 12:53 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe

    + 2009-10-28 03:40 . 2010-09-03 12:53 5969360 c:\windows\system32\Macromed\Flash\NPSWF32.dll

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

    "ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-11-05 954368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

    "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]

    "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2008-02-01 385024]

    "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]

    "LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

    "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

    "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

    Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2009-12-9 589824]

    Software Kodak EasyShare.lnk - c:\arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

    2009-11-05 20:36 954368 ----a-w- c:\arquivos de programas\Ares\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "avast! Web Scanner"=3 (0x3)

    "avast! Mail Scanner"=3 (0x3)

    "avast! Antivirus"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\Ares\\Ares.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

    "c:\\WINDOWS\\system32\\ftp.exe"=

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.globo.com/

    uInternet Connection Wizard,ShellNext = iexplore

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

    TCP: {BD7F578F-44E2-4327-AF6E-69CE64F7F796} = 200.225.197.37

    FF - ProfilePath - c:\documents and settings\Azeitona\Dados de aplicativos\Mozilla\Firefox\Profiles\nyaswrov.default\

    FF - prefs.js: browser.startup.homepage - www.globo.com

    FF - component: c:\documents and settings\Azeitona\Dados de aplicativos\Mozilla\Firefox\Profiles\nyaswrov.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll

    FF - component: c:\documents and settings\Azeitona\Dados de aplicativos\Mozilla\Firefox\Profiles\nyaswrov.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

    FF - component: c:\documents and settings\Azeitona\Dados de aplicativos\Mozilla\Firefox\Profiles\nyaswrov.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-09-03 11:58

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

    "ImagePath"="\??\c:\arquivos de programas\CyberLink\PowerDVD\000.fcl"

    .

    Tempo para conclusão: 2010-09-03 12:00:43

    ComboFix-quarantined-files.txt 2010-09-03 15:00

    ComboFix2.txt 2010-09-02 19:18

    Pré-execução: 7 pasta(s) 19.758.612.480 bytes disponíveis

    Pós execução: 8 pasta(s) 19.750.981.632 bytes disponíveis

    WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 1B2E9179566DE801676E4533DDB3875F

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia atentamente toda a instrução abaixo antes de executar o programa.

    Faça download do Kaspersky Removal Tool e salve em seu desktop.

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela do programa clique nas opções:
      • Meu computador
      • Hidden Startup objects
      • Disk boot sectors
      • System Memory

      [*]Clique no botão Start Scan.[*]Seja paciente, o scan é demorado![*]Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.[*]Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:

      • Desinfection (quando possível)
      • Delete
      • Skip
    • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
    • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
      • Autoscan
      • Group by result
      • All Events

      [*]Expanda Autoscan clicando no sinal ao lado de +[*]Expanda Result: Detected.[*]Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.[*]Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.[*]Abra o Bloco de Notas e cole (ctrl + v)[*]Dê um nome para o arquivo e salve numa pasta de sua preferência.[*]Feche o resultado clicando no botão Exit.[*]Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.[*]Reinicie o computador quando for pedido.[*]Poste o conteúdo desse arquivo em sua próxima resposta.

    OBSERVAÇÃO1:
    Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,

    • verde
      :
      baixo risco
    • amarelo
      :
      médio risco
    • vermelho
      :
      alto risco

    Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
    Skip
    .

    OBSERVAÇÃO2:
    Se no resultado final do scan apenas tiver
    Result:
    OK
    , não precisa gerar um relatório, apenas informe deste.

    OBSERVAÇÃO3:
    Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
    c:\
    QooBox
    . Caso isto aconteça escolha a opção
    Skip
    , pois a mesma pertence ao
    ComboFix
    e será removida quando o mesmo for desinstalado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Autoscan: completed 15 minutes ago (events: 347307, objects: 320841, time: 02:51:54)

    Result: OK (events: 306774)

    Result: Detected (events: 272)

    3/9/2010 23:31:08 C:\Qoobox\Quarantine\C\svcsrss.exe.vir/data.bat

    3/9/2010 23:31:08 C:\Qoobox\Quarantine\C\Arquivos de programas\Internet Explorer\ielowutil2.exe.vir

    3/9/2010 23:31:08 C:\Qoobox\Quarantine\C\Autorun.inf.vir

    3/9/2010 23:32:26 C:\Qoobox\Quarantine.rar/Quarantine/C/Arquivos de programas/Internet Explorer/ielowutil2.exe.vir

    3/9/2010 23:59:22 C:\Qoobox\Quarantine\C\Arquivos de programas\Internet Explorer\pdm2.dll.vir

    3/9/2010 23:59:36 C:\Qoobox\Quarantine\C\cmos\xln.cpl.vir

    3/9/2010 23:59:39 C:\Qoobox\Quarantine\C\cmos\xlxb.cpl.vir

    3/9/2010 23:59:46 C:\Qoobox\Quarantine\C\WINDOWS\system32\csrcs.exe.vir/UPX/script.au3

    3/9/2010 23:59:47 C:\Qoobox\Quarantine.rar/Quarantine/C/Arquivos de programas/Internet Explorer/pdm2.dll.vir

    3/9/2010 23:59:47 C:\Qoobox\Quarantine\C\WINDOWS\system32\svcsrss.exe.vir/data.bat

    3/9/2010 23:59:47 C:\Qoobox\Quarantine\D\Autorun.inf.vir

    3/9/2010 23:59:50 C:\Qoobox\Quarantine\F\Autorun.inf.vir

    4/9/2010 00:00:00 C:\Qoobox\Quarantine.rar/Quarantine/C/Autorun.inf.vir

    4/9/2010 00:00:07 C:\Qoobox\Quarantine.rar/Quarantine/C/cmos/xln.cpl.vir

    4/9/2010 00:00:09 C:\Qoobox\Quarantine.rar/Quarantine/C/cmos/xlxb.cpl.vir

    4/9/2010 00:00:09 C:\Qoobox\Quarantine.rar/Quarantine/C/svcsrss.exe.vir/data.bat

    4/9/2010 00:00:11 C:\Qoobox\Quarantine.rar/Quarantine/C/WINDOWS/system32/csrcs.exe.vir/UPX/script.au3

    4/9/2010 00:00:15 C:\Qoobox\Quarantine.rar/Quarantine/C/WINDOWS/system32/svcsrss.exe.vir By hash

    4/9/2010 00:00:15 C:\Qoobox\Quarantine.rar/Quarantine/D/Autorun.inf.vir

    4/9/2010 00:00:16 C:\Qoobox\Quarantine.rar/Quarantine/F/Autorun.inf.vir

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028769.exe/data.bat

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028738.inf

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028760.inf

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029766.exe/data.bat

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029760.inf

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029779.inf

    4/9/2010 00:01:20 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029800.inf

    4/9/2010 00:01:20 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029819.inf

    4/9/2010 00:01:20 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029827.exe/data.bat

    4/9/2010 00:01:21 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029839.inf

    4/9/2010 00:01:21 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029843.exe/data.bat

    4/9/2010 00:01:21 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029861.inf

    4/9/2010 00:01:21 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029869.exe/data.bat

    4/9/2010 00:01:22 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029870.inf

    4/9/2010 00:01:23 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029886.inf

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029899.exe/data.bat

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029915.inf

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029932.inf

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029953.inf

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029970.inf

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029987.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030004.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030025.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030044.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030068.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030085.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030102.inf

    4/9/2010 00:01:32 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030110.exe/data.bat

    4/9/2010 00:01:32 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030124.inf

    4/9/2010 00:01:32 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030142.inf

    4/9/2010 00:01:32 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030156.inf

    4/9/2010 00:01:32 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030173.inf

    4/9/2010 00:01:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030192.inf

    4/9/2010 00:01:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030209.inf

    4/9/2010 00:01:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030215.inf

    4/9/2010 00:01:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030216.exe/data.bat

    4/9/2010 00:01:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030217.exe/data.bat

    4/9/2010 00:01:34 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030232.inf

    4/9/2010 00:01:34 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030250.inf

    4/9/2010 00:01:35 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030269.inf

    4/9/2010 00:01:36 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030286.inf

    4/9/2010 00:01:41 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030307.inf

    4/9/2010 00:01:41 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031307.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031344.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031363.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031382.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031401.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031418.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031438.inf

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031446.exe/data.bat

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031449.inf

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031450.exe/data.bat

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031451.inf

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031452.exe/data.bat

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031453.inf

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031454.exe/data.bat

    4/9/2010 00:01:48 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031537.inf

    4/9/2010 00:01:48 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031555.inf

    4/9/2010 00:01:48 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031576.inf

    4/9/2010 00:01:50 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031600.exe/data.bat

    4/9/2010 00:01:50 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031633.inf

    4/9/2010 00:01:51 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031653.inf

    4/9/2010 00:01:52 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031674.inf

    4/9/2010 00:01:52 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031693.inf

    4/9/2010 00:01:54 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031712.inf

    4/9/2010 00:01:54 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031724.exe/data.bat

    4/9/2010 00:01:54 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031759.inf

    4/9/2010 00:01:54 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031740.inf

    4/9/2010 00:01:55 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031776.inf

    4/9/2010 00:01:55 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031790.inf

    4/9/2010 00:01:56 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031793.inf

    4/9/2010 00:01:56 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031807.inf

    4/9/2010 00:01:56 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031816.exe/data.bat

    4/9/2010 00:01:56 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031828.inf

    4/9/2010 00:01:57 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031849.inf

    4/9/2010 00:01:57 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031877.exe/data.bat

    4/9/2010 00:01:57 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031893.inf

    4/9/2010 00:01:58 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031904.exe/data.bat

    4/9/2010 00:01:58 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031919.inf

    4/9/2010 00:01:59 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031943.inf

    4/9/2010 00:02:00 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031961.exe/data.bat

    4/9/2010 00:02:01 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031973.inf

    4/9/2010 00:02:01 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031993.inf

    4/9/2010 00:02:01 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032012.inf

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032031.inf

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032055.exe/data.bat

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032069.inf

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032088.inf

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032120.inf

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032129.exe/data.bat

    4/9/2010 00:02:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032271.inf

    4/9/2010 00:02:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032270.dll

    4/9/2010 00:02:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032269.exe

    4/9/2010 00:02:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032272.cpl

    4/9/2010 00:02:34 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032275.cpl

    4/9/2010 00:02:35 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032276.exe/data.bat

    4/9/2010 00:02:36 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032280.exe/data.bat

    4/9/2010 00:02:41 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032278.exe/UPX/script.au3

    4/9/2010 00:02:51 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032588.inf

    4/9/2010 00:02:51 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032589.exe/data.bat

    4/9/2010 00:08:53 D:\install_brstock.exe/data0002

    4/9/2010 00:20:17 D:\svcsrss.exe/data.bat

    7/9/2010 22:48:19 D:\Documentos\Loja Rafiny\sic5shareware.exe/data0005

    7/9/2010 22:51:52 D:\Documentos\Programas\CyberScript30.exe/data0005 Information

    7/9/2010 22:52:25 D:\Documentos\Programas\Programa de vendas da loja.exe/UPX/ASLVendas.exe

    7/9/2010 22:55:38 D:\MP3\ivete multishow (new album).mp3

    7/9/2010 22:58:30 D:\Músicas\entra na minha casa regis dane.mp3

    7/9/2010 22:58:30 D:\Músicas\deja vu pitty.mp3

    7/9/2010 22:58:32 D:\Músicas\SIC - Sistema Integrado Comercial v5.0.0.2\ATUALIZA SIC 5.002\sic500.zip/sic500.exe/data0002

    7/9/2010 22:58:53 D:\Músicas\sonhos verdes detonautas.wma

    7/9/2010 22:58:53 D:\Músicas\medo pitty.au

    7/9/2010 22:59:07 D:\Músicas\SIC - Sistema Integrado Comercial v5.0.0.2\ATUALIZA SIC 5.002\sic500.exe/data0002

    7/9/2010 22:59:16 D:\Músicas\SIC - Sistema Integrado Comercial v5.0.0.2\Demonstrativa\Instalar.exe/data0005

    7/9/2010 22:59:16 D:\Músicas\SIC - Sistema Integrado Comercial v5.0.0.2\Instalar.exe/data0004

    7/9/2010 23:12:24 D:\Nova pasta\A\Drives\FullT14.exe/FullT.exe Information

    7/9/2010 23:14:00 D:\Nova pasta\A\Drives\klitekpp210e.exe/data0020/FSG

    7/9/2010 23:14:19 D:\Nova pasta\A\Drives\scoop2003.exe/scoop.exe Information

    7/9/2010 23:23:08 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028739.inf

    7/9/2010 23:23:08 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028761.inf

    7/9/2010 23:23:09 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029761.inf

    7/9/2010 23:23:09 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029780.inf

    7/9/2010 23:23:09 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029801.inf

    7/9/2010 23:23:09 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029820.inf

    7/9/2010 23:23:09 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029840.inf

    7/9/2010 23:23:10 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029862.inf

    7/9/2010 23:23:12 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029871.inf

    7/9/2010 23:23:12 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029887.inf

    7/9/2010 23:23:13 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029916.inf

    7/9/2010 23:23:13 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029933.inf

    7/9/2010 23:23:13 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029954.inf

    7/9/2010 23:23:14 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029971.inf

    7/9/2010 23:23:14 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029988.inf

    7/9/2010 23:23:14 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030005.inf

    7/9/2010 23:23:14 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030026.inf

    7/9/2010 23:23:15 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030045.inf

    7/9/2010 23:23:15 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030069.inf

    7/9/2010 23:23:16 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030086.inf

    7/9/2010 23:23:16 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030103.inf

    7/9/2010 23:23:16 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030125.inf

    7/9/2010 23:23:16 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030143.inf

    7/9/2010 23:23:17 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030157.inf

    7/9/2010 23:23:17 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030174.inf

    7/9/2010 23:23:18 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030210.inf

    7/9/2010 23:23:18 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030193.inf

    7/9/2010 23:23:18 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030233.inf

    7/9/2010 23:23:19 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030251.inf

    7/9/2010 23:23:19 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030270.inf

    7/9/2010 23:23:19 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030287.inf

    7/9/2010 23:23:20 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030308.inf

    7/9/2010 23:23:20 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031308.inf

    7/9/2010 23:23:20 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031364.inf

    7/9/2010 23:23:20 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031345.inf

    7/9/2010 23:23:21 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031383.inf

    7/9/2010 23:23:21 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031402.inf

    7/9/2010 23:23:22 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031419.inf

    7/9/2010 23:23:22 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031439.inf

    7/9/2010 23:23:22 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031538.inf

    7/9/2010 23:23:23 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031556.inf

    7/9/2010 23:23:23 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031577.inf

    7/9/2010 23:23:23 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031634.inf

    7/9/2010 23:23:23 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031655.inf

    7/9/2010 23:23:24 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031675.inf

    7/9/2010 23:23:24 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031694.inf

    7/9/2010 23:23:25 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031713.inf

    7/9/2010 23:23:25 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031741.inf

    7/9/2010 23:23:25 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031760.inf

    7/9/2010 23:23:25 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031777.inf

    7/9/2010 23:23:25 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031791.inf

    7/9/2010 23:23:34 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031794.inf

    7/9/2010 23:23:34 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031808.inf

    7/9/2010 23:23:35 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031829.inf

    7/9/2010 23:23:35 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031850.inf

    7/9/2010 23:23:36 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031894.inf

    7/9/2010 23:23:36 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031920.inf

    7/9/2010 23:23:36 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031944.inf

    7/9/2010 23:23:36 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031974.inf

    7/9/2010 23:23:37 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031994.inf

    7/9/2010 23:23:37 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032013.inf

    7/9/2010 23:23:37 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032032.inf

    7/9/2010 23:23:38 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032070.inf

    7/9/2010 23:23:38 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032089.inf

    7/9/2010 23:23:39 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032121.inf

    7/9/2010 23:23:42 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032281.inf

    7/9/2010 23:25:49 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032725.exe/data0002

    7/9/2010 23:51:56 D:\WSL\Administrativo\programas\Ponto Secullum\psec-henry.exe/data0022/instfim.exe

    8/9/2010 01:27:51 F:\svcsrss.exe/data.bat

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028740.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028762.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029762.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029781.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029802.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029821.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029841.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029863.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031539.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029872.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029888.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029917.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029934.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029955.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029989.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029972.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030006.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030027.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030046.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030070.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030087.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030104.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030126.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030158.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030144.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030175.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030211.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030194.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030234.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030252.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030271.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030288.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030309.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031309.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031346.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031365.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031384.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031403.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031420.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031440.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031557.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031578.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031635.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031656.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031676.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031695.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031714.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031742.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031761.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031778.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031792.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031795.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031809.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031830.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031851.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031921.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031895.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031945.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031975.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031995.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032014.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032033.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032071.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032090.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032122.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032282.inf

    Result: Archive (events: 38499)

    Result: Packed (events: 1326)

    Result: Untreated (events: 267)

    Result: Deleted (events: 2)

    Result: Backed up (events: 2)

    Result: Not processed (events: 2)

    Result: Processing error (events: 1)

    Result: Password protected (events: 158)

    Result: Task started (events: 2)

    Result: Task stopped (events: 1)

    Result: Task completed (events: 1)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Autoscan: completed 15 minutes ago (events: 347307, objects: 320841, time: 02:51:54)

    Result: OK (events: 306774)

    Result: Detected (events: 272)

    3/9/2010 23:31:08 C:\Qoobox\Quarantine\C\svcsrss.exe.vir/data.bat

    3/9/2010 23:31:08 C:\Qoobox\Quarantine\C\Arquivos de programas\Internet Explorer\ielowutil2.exe.vir

    3/9/2010 23:31:08 C:\Qoobox\Quarantine\C\Autorun.inf.vir

    3/9/2010 23:32:26 C:\Qoobox\Quarantine.rar/Quarantine/C/Arquivos de programas/Internet Explorer/ielowutil2.exe.vir

    3/9/2010 23:59:22 C:\Qoobox\Quarantine\C\Arquivos de programas\Internet Explorer\pdm2.dll.vir

    3/9/2010 23:59:36 C:\Qoobox\Quarantine\C\cmos\xln.cpl.vir

    3/9/2010 23:59:39 C:\Qoobox\Quarantine\C\cmos\xlxb.cpl.vir

    3/9/2010 23:59:46 C:\Qoobox\Quarantine\C\WINDOWS\system32\csrcs.exe.vir/UPX/script.au3

    3/9/2010 23:59:47 C:\Qoobox\Quarantine.rar/Quarantine/C/Arquivos de programas/Internet Explorer/pdm2.dll.vir

    3/9/2010 23:59:47 C:\Qoobox\Quarantine\C\WINDOWS\system32\svcsrss.exe.vir/data.bat

    3/9/2010 23:59:47 C:\Qoobox\Quarantine\D\Autorun.inf.vir

    3/9/2010 23:59:50 C:\Qoobox\Quarantine\F\Autorun.inf.vir

    4/9/2010 00:00:00 C:\Qoobox\Quarantine.rar/Quarantine/C/Autorun.inf.vir

    4/9/2010 00:00:07 C:\Qoobox\Quarantine.rar/Quarantine/C/cmos/xln.cpl.vir

    4/9/2010 00:00:09 C:\Qoobox\Quarantine.rar/Quarantine/C/cmos/xlxb.cpl.vir

    4/9/2010 00:00:09 C:\Qoobox\Quarantine.rar/Quarantine/C/svcsrss.exe.vir/data.bat

    4/9/2010 00:00:11 C:\Qoobox\Quarantine.rar/Quarantine/C/WINDOWS/system32/csrcs.exe.vir/UPX/script.au3

    4/9/2010 00:00:15 C:\Qoobox\Quarantine.rar/Quarantine/C/WINDOWS/system32/svcsrss.exe.vir By hash

    4/9/2010 00:00:15 C:\Qoobox\Quarantine.rar/Quarantine/D/Autorun.inf.vir

    4/9/2010 00:00:16 C:\Qoobox\Quarantine.rar/Quarantine/F/Autorun.inf.vir

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028769.exe/data.bat

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028738.inf

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028760.inf

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029766.exe/data.bat

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029760.inf

    4/9/2010 00:01:19 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029779.inf

    4/9/2010 00:01:20 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029800.inf

    4/9/2010 00:01:20 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029819.inf

    4/9/2010 00:01:20 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029827.exe/data.bat

    4/9/2010 00:01:21 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029839.inf

    4/9/2010 00:01:21 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029843.exe/data.bat

    4/9/2010 00:01:21 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029861.inf

    4/9/2010 00:01:21 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029869.exe/data.bat

    4/9/2010 00:01:22 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029870.inf

    4/9/2010 00:01:23 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029886.inf

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029899.exe/data.bat

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029915.inf

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029932.inf

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029953.inf

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029970.inf

    4/9/2010 00:01:30 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029987.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030004.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030025.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030044.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030068.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030085.inf

    4/9/2010 00:01:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030102.inf

    4/9/2010 00:01:32 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030110.exe/data.bat

    4/9/2010 00:01:32 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030124.inf

    4/9/2010 00:01:32 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030142.inf

    4/9/2010 00:01:32 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030156.inf

    4/9/2010 00:01:32 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030173.inf

    4/9/2010 00:01:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030192.inf

    4/9/2010 00:01:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030209.inf

    4/9/2010 00:01:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030215.inf

    4/9/2010 00:01:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030216.exe/data.bat

    4/9/2010 00:01:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030217.exe/data.bat

    4/9/2010 00:01:34 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030232.inf

    4/9/2010 00:01:34 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030250.inf

    4/9/2010 00:01:35 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030269.inf

    4/9/2010 00:01:36 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030286.inf

    4/9/2010 00:01:41 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030307.inf

    4/9/2010 00:01:41 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031307.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031344.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031363.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031382.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031401.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031418.inf

    4/9/2010 00:01:42 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031438.inf

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031446.exe/data.bat

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031449.inf

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031450.exe/data.bat

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031451.inf

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031452.exe/data.bat

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031453.inf

    4/9/2010 00:01:43 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031454.exe/data.bat

    4/9/2010 00:01:48 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031537.inf

    4/9/2010 00:01:48 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031555.inf

    4/9/2010 00:01:48 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031576.inf

    4/9/2010 00:01:50 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031600.exe/data.bat

    4/9/2010 00:01:50 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031633.inf

    4/9/2010 00:01:51 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031653.inf

    4/9/2010 00:01:52 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031674.inf

    4/9/2010 00:01:52 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031693.inf

    4/9/2010 00:01:54 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031712.inf

    4/9/2010 00:01:54 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031724.exe/data.bat

    4/9/2010 00:01:54 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031759.inf

    4/9/2010 00:01:54 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031740.inf

    4/9/2010 00:01:55 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031776.inf

    4/9/2010 00:01:55 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031790.inf

    4/9/2010 00:01:56 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031793.inf

    4/9/2010 00:01:56 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031807.inf

    4/9/2010 00:01:56 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031816.exe/data.bat

    4/9/2010 00:01:56 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031828.inf

    4/9/2010 00:01:57 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031849.inf

    4/9/2010 00:01:57 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031877.exe/data.bat

    4/9/2010 00:01:57 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031893.inf

    4/9/2010 00:01:58 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031904.exe/data.bat

    4/9/2010 00:01:58 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031919.inf

    4/9/2010 00:01:59 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031943.inf

    4/9/2010 00:02:00 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031961.exe/data.bat

    4/9/2010 00:02:01 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031973.inf

    4/9/2010 00:02:01 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031993.inf

    4/9/2010 00:02:01 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032012.inf

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032031.inf

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032055.exe/data.bat

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032069.inf

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032088.inf

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032120.inf

    4/9/2010 00:02:02 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032129.exe/data.bat

    4/9/2010 00:02:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032271.inf

    4/9/2010 00:02:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032270.dll

    4/9/2010 00:02:31 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032269.exe

    4/9/2010 00:02:33 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032272.cpl

    4/9/2010 00:02:34 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032275.cpl

    4/9/2010 00:02:35 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032276.exe/data.bat

    4/9/2010 00:02:36 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032280.exe/data.bat

    4/9/2010 00:02:41 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032278.exe/UPX/script.au3

    4/9/2010 00:02:51 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032588.inf

    4/9/2010 00:02:51 C:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032589.exe/data.bat

    4/9/2010 00:08:53 D:\install_brstock.exe/data0002

    4/9/2010 00:20:17 D:\svcsrss.exe/data.bat

    7/9/2010 22:48:19 D:\Documentos\Loja Rafiny\sic5shareware.exe/data0005

    7/9/2010 22:51:52 D:\Documentos\Programas\CyberScript30.exe/data0005 Information

    7/9/2010 22:52:25 D:\Documentos\Programas\Programa de vendas da loja.exe/UPX/ASLVendas.exe

    7/9/2010 22:55:38 D:\MP3\ivete multishow (new album).mp3

    7/9/2010 22:58:30 D:\Músicas\entra na minha casa regis dane.mp3

    7/9/2010 22:58:30 D:\Músicas\deja vu pitty.mp3

    7/9/2010 22:58:32 D:\Músicas\SIC - Sistema Integrado Comercial v5.0.0.2\ATUALIZA SIC 5.002\sic500.zip/sic500.exe/data0002

    7/9/2010 22:58:53 D:\Músicas\sonhos verdes detonautas.wma

    7/9/2010 22:58:53 D:\Músicas\medo pitty.au

    7/9/2010 22:59:07 D:\Músicas\SIC - Sistema Integrado Comercial v5.0.0.2\ATUALIZA SIC 5.002\sic500.exe/data0002

    7/9/2010 22:59:16 D:\Músicas\SIC - Sistema Integrado Comercial v5.0.0.2\Demonstrativa\Instalar.exe/data0005

    7/9/2010 22:59:16 D:\Músicas\SIC - Sistema Integrado Comercial v5.0.0.2\Instalar.exe/data0004

    7/9/2010 23:12:24 D:\Nova pasta\A\Drives\FullT14.exe/FullT.exe Information

    7/9/2010 23:14:00 D:\Nova pasta\A\Drives\klitekpp210e.exe/data0020/FSG

    7/9/2010 23:14:19 D:\Nova pasta\A\Drives\scoop2003.exe/scoop.exe Information

    7/9/2010 23:23:08 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028739.inf

    7/9/2010 23:23:08 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028761.inf

    7/9/2010 23:23:09 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029761.inf

    7/9/2010 23:23:09 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029780.inf

    7/9/2010 23:23:09 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029801.inf

    7/9/2010 23:23:09 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029820.inf

    7/9/2010 23:23:09 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029840.inf

    7/9/2010 23:23:10 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029862.inf

    7/9/2010 23:23:12 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029871.inf

    7/9/2010 23:23:12 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029887.inf

    7/9/2010 23:23:13 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029916.inf

    7/9/2010 23:23:13 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029933.inf

    7/9/2010 23:23:13 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029954.inf

    7/9/2010 23:23:14 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029971.inf

    7/9/2010 23:23:14 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029988.inf

    7/9/2010 23:23:14 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030005.inf

    7/9/2010 23:23:14 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030026.inf

    7/9/2010 23:23:15 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030045.inf

    7/9/2010 23:23:15 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030069.inf

    7/9/2010 23:23:16 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030086.inf

    7/9/2010 23:23:16 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030103.inf

    7/9/2010 23:23:16 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030125.inf

    7/9/2010 23:23:16 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030143.inf

    7/9/2010 23:23:17 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030157.inf

    7/9/2010 23:23:17 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030174.inf

    7/9/2010 23:23:18 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030210.inf

    7/9/2010 23:23:18 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030193.inf

    7/9/2010 23:23:18 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030233.inf

    7/9/2010 23:23:19 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030251.inf

    7/9/2010 23:23:19 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030270.inf

    7/9/2010 23:23:19 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030287.inf

    7/9/2010 23:23:20 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030308.inf

    7/9/2010 23:23:20 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031308.inf

    7/9/2010 23:23:20 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031364.inf

    7/9/2010 23:23:20 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031345.inf

    7/9/2010 23:23:21 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031383.inf

    7/9/2010 23:23:21 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031402.inf

    7/9/2010 23:23:22 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031419.inf

    7/9/2010 23:23:22 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031439.inf

    7/9/2010 23:23:22 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031538.inf

    7/9/2010 23:23:23 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031556.inf

    7/9/2010 23:23:23 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031577.inf

    7/9/2010 23:23:23 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031634.inf

    7/9/2010 23:23:23 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031655.inf

    7/9/2010 23:23:24 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031675.inf

    7/9/2010 23:23:24 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031694.inf

    7/9/2010 23:23:25 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031713.inf

    7/9/2010 23:23:25 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031741.inf

    7/9/2010 23:23:25 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031760.inf

    7/9/2010 23:23:25 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031777.inf

    7/9/2010 23:23:25 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031791.inf

    7/9/2010 23:23:34 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031794.inf

    7/9/2010 23:23:34 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031808.inf

    7/9/2010 23:23:35 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031829.inf

    7/9/2010 23:23:35 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031850.inf

    7/9/2010 23:23:36 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031894.inf

    7/9/2010 23:23:36 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031920.inf

    7/9/2010 23:23:36 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031944.inf

    7/9/2010 23:23:36 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031974.inf

    7/9/2010 23:23:37 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031994.inf

    7/9/2010 23:23:37 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032013.inf

    7/9/2010 23:23:37 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032032.inf

    7/9/2010 23:23:38 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032070.inf

    7/9/2010 23:23:38 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032089.inf

    7/9/2010 23:23:39 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032121.inf

    7/9/2010 23:23:42 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032281.inf

    7/9/2010 23:25:49 D:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032725.exe/data0002

    7/9/2010 23:51:56 D:\WSL\Administrativo\programas\Ponto Secullum\psec-henry.exe/data0022/instfim.exe

    8/9/2010 01:27:51 F:\svcsrss.exe/data.bat

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028740.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0028762.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029762.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029781.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029802.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029821.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029841.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP62\A0029863.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031539.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029872.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029888.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029917.inf

    8/9/2010 01:27:51 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029934.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029955.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029989.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0029972.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030006.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030027.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030046.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030070.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030087.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030104.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030126.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030158.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030144.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030175.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030211.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030194.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030234.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030252.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030271.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030288.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0030309.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031309.inf

    8/9/2010 01:27:52 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031346.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031365.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031384.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031403.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031420.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031440.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031557.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031578.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031635.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031656.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031676.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031695.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031714.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031742.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031761.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031778.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP63\A0031792.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031795.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031809.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031830.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031851.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031921.inf

    8/9/2010 01:27:53 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031895.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031945.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031975.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0031995.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032014.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032033.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032071.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032090.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP64\A0032122.inf

    8/9/2010 01:27:54 F:\System Volume Information\_restore{392BCA8D-8A32-4616-A59B-FC72CC1EF9E5}\RP66\A0032282.inf

    Result: Archive (events: 38499)

    Result: Packed (events: 1326)

    Result: Untreated (events: 267)

    Result: Deleted (events: 2)

    Result: Backed up (events: 2)

    Result: Not processed (events: 2)

    Result: Processing error (events: 1)

    Result: Password protected (events: 158)

    Result: Task started (events: 2)

    Result: Task stopped (events: 1)

    Result: Task completed (events: 1)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • DDS

    DDS (Ver_10-03-17.01) - NTFSx86

    Run by Azeitona at 11:21:12,89 on s*b 11/09/2010

    Internet Explorer: 6.0.2900.5512

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.495.73 [GMT -3:00]

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

    C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    C:\Arquivos de programas\Ares\Ares.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\RALINK\Common\RaUI.exe

    C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

    C:\Documents and Settings\Azeitona\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.globo.com/

    uInternet Connection Wizard,ShellNext = iexplore

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

    uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

    uRun: [ares] "c:\arquivos de programas\ares\Ares.exe" -h

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [RTHDCPL] RTHDCPL.EXE

    mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

    mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

    mRun: [LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd\language\Language.exe"

    mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

    StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ralink~1.lnk - c:\arquivos de programas\ralink\common\RaUI.exe

    StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\softwa~1.lnk - c:\arquivos de programas\kodak\kodak easyshare software\bin\EasyShare.exe

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~3\office12\EXCEL.EXE/3000

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office12\REFIEBAR.DLL

    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    TCP: {BD7F578F-44E2-4327-AF6E-69CE64F7F796} = 200.225.197.37

    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\azeitona\dadosd~1\mozilla\firefox\profiles\nyaswrov.default\

    FF - prefs.js: browser.startup.homepage - www.globo.com

    FF - component: c:\documents and settings\azeitona\dados de aplicativos\mozilla\firefox\profiles\nyaswrov.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886d}\components\GbMzhCef.dll

    FF - component: c:\documents and settings\azeitona\dados de aplicativos\mozilla\firefox\profiles\nyaswrov.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8873}\components\GbMzhUni.dll

    FF - component: c:\documents and settings\azeitona\dados de aplicativos\mozilla\firefox\profiles\nyaswrov.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    =============== Created Last 30 ================

    2010-09-08 02:26:06 204 --sha-w- c:\windows\setup_9.0.0.722_04.09.2010_00-18drv.spi

    2010-09-03 14:54:31 0 d-sha-r- C:\cmdcons

    2010-09-03 14:50:53 0 d-----w- C:\ComboFix

    2010-09-03 13:02:47 0 d-----w- c:\arquivos de programas\PokerStars

    2010-09-02 19:02:46 77312 ----a-w- c:\windows\MBR.exe

    2010-09-02 19:02:45 256512 ----a-w- c:\windows\PEV.exe

    2010-09-02 19:02:44 98816 ----a-w- c:\windows\sed.exe

    2010-09-02 19:02:44 161792 ----a-w- c:\windows\SWREG.exe

    2010-09-02 15:34:53 54156 ---ha-w- c:\windows\QTFont.qfn

    2010-09-02 15:34:53 1409 ----a-w- c:\windows\QTFont.for

    2010-08-25 19:45:09 1036 --sha-r- c:\documents and settings\azeitona\ntuser.pol

    2010-08-25 19:44:16 0 d--h--w- c:\windows\system32\GroupPolicy

    ==================== Find3M ====================

    ============= FINISH: 11:21:35,56 ===============

    Attach

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume2

    Install Date: 9/12/2009 16:33:06

    System Uptime: 9/11/2010 10:56:47 (-1415 hours ago)

    Motherboard: MSI | | MS-7267

    Processor: Processador Intel Pentium II | CPU 1 | 1596/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 30 GiB total, 18,076 GiB free.

    D: is FIXED (NTFS) - 44 GiB total, 5,412 GiB free.

    E: is CDROM ()

    F: is FIXED (FAT32) - 4 GiB total, 4,016 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

    Description: Controlador Ethernet

    Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_267C1462&REV_01\4&38D2602C&0&00E1

    Manufacturer:

    Name: Controlador Ethernet

    PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_267C1462&REV_01\4&38D2602C&0&00E1

    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

    Description: Modem PCI

    Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&CF81C54&0&00F0

    Manufacturer:

    Name: Modem PCI

    PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&CF81C54&0&00F0

    Service:

    ==== System Restore Points ===================

    RP49: 7/6/2010 14:03:54 - Ponto de verificação do sistema

    RP50: 10/6/2010 12:21:10 - Ponto de verificação do sistema

    RP51: 11/6/2010 13:42:50 - Ponto de verificação do sistema

    RP52: 14/6/2010 13:58:18 - Ponto de verificação do sistema

    RP53: 15/6/2010 20:19:01 - Ponto de verificação do sistema

    RP54: 21/6/2010 09:57:51 - Ponto de verificação do sistema

    RP55: 22/6/2010 12:01:17 - Ponto de verificação do sistema

    RP56: 28/6/2010 12:49:04 - Ponto de verificação do sistema

    RP57: 8/7/2010 17:07:39 - Ponto de verificação do sistema

    RP58: 9/7/2010 17:38:19 - Ponto de verificação do sistema

    RP59: 12/7/2010 18:36:53 - Ponto de verificação do sistema

    RP60: 14/7/2010 11:03:20 - Ponto de verificação do sistema

    RP61: 17/7/2010 11:10:30 - Ponto de verificação do sistema

    RP62: 27/7/2010 23:49:11 - Ponto de verificação do sistema

    RP63: 4/8/2010 12:14:25 - Ponto de verificação do sistema

    RP64: 26/8/2010 10:25:10 - Ponto de verificação do sistema

    RP65: 2/9/2010 16:03:50 - ComboFix created restore point

    RP66: 2/9/2010 16:04:37 - avast! Internet Security Setup

    RP67: 5/9/2010 12:41:55 - Ponto de verificação do sistema

    RP68: 6/9/2010 17:44:55 - Ponto de verificação do sistema

    RP69: 9/9/2010 13:27:22 - Ponto de verificação do sistema

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Reader 9.3.4 - Português

    Adobe Shockwave Player 11.5

    Ares 2.1.2

    Arquivo do WinRAR

    Assistente de Conexão do Windows Live

    CCScore

    ESSBrwr

    ESSCDBK

    ESScore

    ESSgui

    ESSini

    ESSPCD

    ESSPDock

    ESSSONIC

    ESSTOOLS

    essvatgt

    Ferramenta de Carregamento do Windows Live

    fflink

    Guitar Pro 5.1

    Intel® Graphics Media Accelerator Driver

    kgcbaby

    kgcbase

    kgchday

    kgchlwn

    kgcinvt

    kgckids

    kgcmove

    kgcvday

    Microsoft .NET Framework 2.0

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Office Access MUI (Portuguese (Brazil)) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

    Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (Portuguese (Brazil)) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (Portuguese (Brazil)) 2007

    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

    Microsoft Office Word MUI (Portuguese (Brazil)) 2007

    Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Mozilla Firefox (3.6.9)

    MSVCRT

    Nero 7 Lite 7.9.6.0

    netbrdg

    OfotoXMI

    PokerStars

    PowerDVD

    QuickTime

    Ralink Wireless LAN Card

    Real Alternative 1.9.0

    Realtek High Definition Audio Driver

    Segoe UI

    SFR

    SHASTA

    skin0001

    SKINXSDK

    Software Kodak EasyShare

    staticcr

    tooltips

    VPRINTOL

    WebFldrs XP

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Messenger

    Windows XP Service Pack 3

    WIRELESS

    ==== End Of File ===========================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Esta em pleno funcionamento, porém, não consigo executar as funções que foram perdidas como Gerenciador de Tarefas, msconfig, etc.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Estranho, não vi restrição no último log, poste um novo log do DDS, por gentileza.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • DDS

    DDS (Ver_10-03-17.01) - NTFSx86

    Run by Azeitona at 22:28:51,89 on dom 12/09/2010

    Internet Explorer: 6.0.2900.5512

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.495.84 [GMT -3:00]

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

    C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\RALINK\Common\RaUI.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

    C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

    C:\Documents and Settings\Azeitona\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.globo.com/

    uInternet Connection Wizard,ShellNext = iexplore

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

    uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

    uRun: [ares] "c:\arquivos de programas\ares\Ares.exe" -h

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [RTHDCPL] RTHDCPL.EXE

    mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

    mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

    mRun: [LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd\language\Language.exe"

    mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

    StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ralink~1.lnk - c:\arquivos de programas\ralink\common\RaUI.exe

    StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\softwa~1.lnk - c:\arquivos de programas\kodak\kodak easyshare software\bin\EasyShare.exe

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~3\office12\EXCEL.EXE/3000

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office12\REFIEBAR.DLL

    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    TCP: {BD7F578F-44E2-4327-AF6E-69CE64F7F796} = 200.225.197.37

    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\azeitona\dadosd~1\mozilla\firefox\profiles\nyaswrov.default\

    FF - prefs.js: browser.startup.homepage - www.globo.com

    FF - component: c:\documents and settings\azeitona\dados de aplicativos\mozilla\firefox\profiles\nyaswrov.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886d}\components\GbMzhCef.dll

    FF - component: c:\documents and settings\azeitona\dados de aplicativos\mozilla\firefox\profiles\nyaswrov.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8873}\components\GbMzhUni.dll

    FF - component: c:\documents and settings\azeitona\dados de aplicativos\mozilla\firefox\profiles\nyaswrov.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    =============== Created Last 30 ================

    2010-09-08 02:26:06 204 --sha-w- c:\windows\setup_9.0.0.722_04.09.2010_00-18drv.spi

    2010-09-03 14:54:31 0 d-sha-r- C:\cmdcons

    2010-09-03 14:50:53 0 d-----w- C:\ComboFix

    2010-09-03 13:02:47 0 d-----w- c:\arquivos de programas\PokerStars

    2010-09-02 19:02:46 77312 ----a-w- c:\windows\MBR.exe

    2010-09-02 19:02:45 256512 ----a-w- c:\windows\PEV.exe

    2010-09-02 19:02:44 98816 ----a-w- c:\windows\sed.exe

    2010-09-02 19:02:44 161792 ----a-w- c:\windows\SWREG.exe

    2010-09-02 15:34:53 54156 ---ha-w- c:\windows\QTFont.qfn

    2010-09-02 15:34:53 1409 ----a-w- c:\windows\QTFont.for

    2010-08-25 19:45:09 1036 --sha-r- c:\documents and settings\azeitona\ntuser.pol

    2010-08-25 19:44:16 0 d--h--w- c:\windows\system32\GroupPolicy

    ==================== Find3M ====================

    ============= FINISH: 22:29:17,37 ===============

    Attach

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume2

    Install Date: 9/12/2009 16:33:06

    System Uptime: 9/12/2010 20:27:24 (-2110 hours ago)

    Motherboard: MSI | | MS-7267

    Processor: Processador Intel Pentium II | CPU 1 | 1596/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 30 GiB total, 17,819 GiB free.

    D: is FIXED (NTFS) - 44 GiB total, 5,412 GiB free.

    E: is CDROM ()

    F: is FIXED (FAT32) - 4 GiB total, 4,016 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

    Description: Controlador Ethernet

    Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_267C1462&REV_01\4&38D2602C&0&00E1

    Manufacturer:

    Name: Controlador Ethernet

    PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_267C1462&REV_01\4&38D2602C&0&00E1

    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

    Description: Modem PCI

    Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&CF81C54&0&00F0

    Manufacturer:

    Name: Modem PCI

    PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&CF81C54&0&00F0

    Service:

    ==== System Restore Points ===================

    RP49: 7/6/2010 14:03:54 - Ponto de verificação do sistema

    RP50: 10/6/2010 12:21:10 - Ponto de verificação do sistema

    RP51: 11/6/2010 13:42:50 - Ponto de verificação do sistema

    RP52: 14/6/2010 13:58:18 - Ponto de verificação do sistema

    RP53: 15/6/2010 20:19:01 - Ponto de verificação do sistema

    RP54: 21/6/2010 09:57:51 - Ponto de verificação do sistema

    RP55: 22/6/2010 12:01:17 - Ponto de verificação do sistema

    RP56: 28/6/2010 12:49:04 - Ponto de verificação do sistema

    RP57: 8/7/2010 17:07:39 - Ponto de verificação do sistema

    RP58: 9/7/2010 17:38:19 - Ponto de verificação do sistema

    RP59: 12/7/2010 18:36:53 - Ponto de verificação do sistema

    RP60: 14/7/2010 11:03:20 - Ponto de verificação do sistema

    RP61: 17/7/2010 11:10:30 - Ponto de verificação do sistema

    RP62: 27/7/2010 23:49:11 - Ponto de verificação do sistema

    RP63: 4/8/2010 12:14:25 - Ponto de verificação do sistema

    RP64: 26/8/2010 10:25:10 - Ponto de verificação do sistema

    RP65: 2/9/2010 16:03:50 - ComboFix created restore point

    RP66: 2/9/2010 16:04:37 - avast! Internet Security Setup

    RP67: 5/9/2010 12:41:55 - Ponto de verificação do sistema

    RP68: 6/9/2010 17:44:55 - Ponto de verificação do sistema

    RP69: 9/9/2010 13:27:22 - Ponto de verificação do sistema

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Reader 9.3.4 - Português

    Adobe Shockwave Player 11.5

    Ares 2.1.2

    Arquivo do WinRAR

    Assistente de Conexão do Windows Live

    CCScore

    ESSBrwr

    ESSCDBK

    ESScore

    ESSgui

    ESSini

    ESSPCD

    ESSPDock

    ESSSONIC

    ESSTOOLS

    essvatgt

    Ferramenta de Carregamento do Windows Live

    fflink

    Guitar Pro 5.1

    Intel® Graphics Media Accelerator Driver

    kgcbaby

    kgcbase

    kgchday

    kgchlwn

    kgcinvt

    kgckids

    kgcmove

    kgcvday

    Microsoft .NET Framework 2.0

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Office Access MUI (Portuguese (Brazil)) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

    Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (Portuguese (Brazil)) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (Portuguese (Brazil)) 2007

    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

    Microsoft Office Word MUI (Portuguese (Brazil)) 2007

    Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Mozilla Firefox (3.6.9)

    MSVCRT

    Nero 7 Lite 7.9.6.0

    netbrdg

    OfotoXMI

    PokerStars

    PowerDVD

    QuickTime

    Ralink Wireless LAN Card

    Real Alternative 1.9.0

    Realtek High Definition Audio Driver

    Segoe UI

    SFR

    SHASTA

    skin0001

    SKINXSDK

    Software Kodak EasyShare

    staticcr

    tooltips

    VPRINTOL

    WebFldrs XP

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Messenger

    Windows XP Service Pack 3

    WIRELESS

    ==== End Of File ===========================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • simplesmente, Ctrl+Alt+Del nao acontece nada, msconfig volta com um mensagem que o Windows não pode acessar o dispositivo, caminho ou arquivo especificado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Ok, execute e poste novo log do ComboFix.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×