Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
De repente, meu computador ficou com a tela preta, parecia que tinha desligado, mas a luzinha do LED continuava acesa. Pouco tempo depois, começou a reiniciar e fez a verificação do disco, entrou no windows e, pouco tempo depois, tudo se repetiu, várias vezes. Até que desliguei no botão e não deixei mais fazer a varredura dos discos.
Após alguns dias funcionando bem, agora, novamente o problema ocorreu, por duas vezes.
Agradeço se puderem me ajudar.
Segue log do Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:54:37, on 1/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe
C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\FaxTalk Communicator\FAPIEXE.EXE
C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\VIA\RAID\raid_tool.exe
C:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mcshield.exe
C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe
C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\McAfee\VirusScan\mcods.exe
D:\MIGUEL DOCS\20091025 Limpeza do virus\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\arquiv~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20100518202649.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CallControl 4.5] C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [Office XP crack (nao remover)] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCTVRemote] C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Arquivos de programas\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [4shared Update] "C:\Arquivos de programas\4shared Desktop\checkUpdate.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_link.htm
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://www.abntcatalogo.com.br
O15 - Trusted Zone: http://www.abntnet.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 12947 bytes
Primeiro, coloquei um dos meus pendrive e deu o seguinte log:
############################## | UsbFix 7.015 | [Pesquisa]
Usuário: a (Administrador) # HOME [ ]
Atualizado em 01/07/10 por El Desaparecido / C_XX
Começou em 17:21:19 | 03/07/2010
Site: http://pagesperso-orange.fr/NosTools/index.html
Contato: FindyKill.Contact@gmail.com
CPU: AMD Athlon 64 Processor 3000+
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall: Habilitado
Antivirus: McAfee VirusScan [(!) Disabled | Updated]
Firewall: McAfee Personal Firewall [Enabled]
RAM -> 1535 Mb
C:\ (%systemdrive%) -> Disco fixo # 146 Gb (84 Mb livre - 57%) [] # FAT32
D:\ -> Disco fixo # 151 Gb (16 Mb livre - 11%) [] # FAT32
E:\ -> CD-ROM
F:\ -> Disco fixo # 20 Gb (9 Mb livre - 47%) [] # NTFS
G:\ -> Disco removível # 7 Gb (946 Mb livre - 12%) [PATRIOT] # FAT32
################## | Ficheiros # pastas infeciosos |
Presente ! C:\Arquivos de programas\GbPlugin
################## | Registro |
Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kxva
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{330a3796-fe6a-11d5-aa08-806d6172696f}
Shell\AutoRun\Command = E:\SETUP.EXE
################## | Vaccin |
(!) Este computador não é vacinada!
################## | E.O.F |
Depois, coloquei também os outros dois pendrives, e rodei de novo o usbfix:
############################## | UsbFix 7.015 | [Pesquisa]
Usuário: a (Administrador) # HOME [ ]
Atualizado em 01/07/10 por El Desaparecido / C_XX
Começou em 17:36:01 | 03/07/2010
Site: http://pagesperso-orange.fr/NosTools/index.html
Contato: FindyKill.Contact@gmail.com
CPU: AMD Athlon 64 Processor 3000+
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall: Habilitado
Antivirus: McAfee VirusScan [(!) Disabled | Updated]
Firewall: McAfee Personal Firewall [Enabled]
RAM -> 1535 Mb
C:\ (%systemdrive%) -> Disco fixo # 146 Gb (84 Mb livre - 57%) [] # FAT32
D:\ -> Disco fixo # 151 Gb (16 Mb livre - 11%) [] # FAT32
E:\ -> CD-ROM
F:\ -> Disco fixo # 20 Gb (10 Mb livre - 49%) [] # NTFS
G:\ -> Disco removível # 7 Gb (946 Mb livre - 12%) [PATRIOT] # FAT32
H:\ -> Disco removível # 7 Gb (7 Mb livre - 97%) [PATRIOT] # FAT32
I:\ -> Disco removível # 490 Mb (89 Mb livre - 18%) [KINGSTON] # FAT
################## | Ficheiros # pastas infeciosos |
Presente ! C:\Arquivos de programas\GbPlugin
Presente ! G:\AUTORUN.INF
Presente ! G:\mk28sp.exe
Presente ! H:\AUTORUN.INF
Presente ! I:\AUTORUN.INF
################## | Registro |
Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kxva
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{330a3796-fe6a-11d5-aa08-806d6172696f}
Shell\AutoRun\Command = E:\SETUP.EXE
################## | Vaccin |
G:\Autorun.inf -> Folder criado por Panda USB Vaccine
H:\Autorun.inf -> Folder criado por Panda USB Vaccine
I:\Autorun.inf -> Folder criado por Panda USB Vaccine
################## | E.O.F |
*Conecte novamente o segundo Pendrive no PC
*Duplo clique em UsbFix
*Clique em [supressão] e aguarde o término
*Remova o Pendrive
*Cole o relatório criado em C:\UsbFix.txt
>
*Conecte novamente o segundo Pendrive no PC
*Duplo clique em UsbFix
*Clique em [supressão] e aguarde o término
*Remova o Pendrive
*Cole o relatório criado em C:\UsbFix.txt
Aí vai:
############################## | UsbFix 7.015 | [supressão]
Usuário: a (Administrador) # HOME [ ]
Atualizado em 01/07/10 por El Desaparecido / C_XX
Começou em 00:01:13 | 12/07/2010
Site: http://pagesperso-orange.fr/NosTools/index.html
Contato: FindyKill.Contact@gmail.com
CPU: AMD Athlon 64 Processor 3000+
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall: Habilitado
Antivirus: McAfee VirusScan [Enabled | Updated]
Firewall: McAfee Personal Firewall [Enabled]
RAM -> 1535 Mb
C:\ (%systemdrive%) -> Disco fixo # 146 Gb (84 Mb livre - 57%) [] # FAT32
D:\ -> Disco fixo # 151 Gb (16 Mb livre - 11%) [] # FAT32
E:\ -> CD-ROM
F:\ -> Disco fixo # 20 Gb (10 Mb livre - 49%) [] # NTFS
H:\ -> Disco removível # 7 Gb (7 Mb livre - 97%) [PATRIOT] # FAT32
################## | Ficheiros # pastas infeciosos |
Não supprimido ! C:\Arquivos de programas\GbPlugin
Não supprimido ! H:\AUTORUN.INF
################## | Registro |
Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kxva
################## | Mountpoints2 |
Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{330a3796-fe6a-11d5-aa08-806d6172696f}
################## | Listing |
[11/07/2010 - 21:49:58 | ASH | 1609355264] C:\hiberfil.sys
[15/01/2004 - 16:33:52 | D ] C:\WINDOWS
[23/04/2010 - 10:16:52 | SHD ] C:\FOUND.000
[15/01/2004 - 16:38:14 | D ] C:\Documents and Settings
[01/01/2002 - 02:33:04 | RD ] C:\Arquivos de programas
[15/01/2004 - 16:50:24 | A | 0] C:\CONFIG.SYS
[15/01/2004 - 16:50:24 | A | 0] C:\AUTOEXEC.BAT
[15/01/2004 - 16:50:24 | RASH | 0] C:\IO.SYS
[15/01/2004 - 16:50:24 | RASH | 0] C:\MSDOS.SYS
[15/01/2004 - 16:55:18 | SHD ] C:\System Volume Information
[15/01/2004 - 18:22:34 | D ] C:\WUTemp
[01/01/2002 - 01:32:50 | SHD ] C:\Recycled
[01/01/2002 - 01:55:40 | A | 4952] C:\Bootfont.bin
[04/08/2004 - 01:59:34 | RASH | 251168] C:\ntldr
[04/08/2004 - 01:38:34 | RASH | 47564] C:\NTDETECT.COM
[05/11/2009 - 08:10:16 | SH | 211] C:\boot.ini
[03/03/2010 - 01:28:36 | D ] C:\MyWorks
[04/03/2010 - 04:58:14 | D ] C:\JVC Videos
[05/09/2001 - 21:00:58 | A | 1700352] C:\gdiplus.dll
[11/07/2010 - 21:49:58 | ASH | 805306368] C:\pagefile.sys
[05/11/2009 - 06:42:20 | N | 397] C:\Win32.Worm.Downladup.Gen.log
[02/04/2010 - 20:32:38 | A | 91] C:\Documents
[16/06/2010 - 13:13:38 | SHD ] C:\FOUND.001
[05/11/2009 - 07:53:28 | A | 13973] C:\SAFEBOOT_REPAIR.TXT
[15/06/2010 - 10:04:14 | D ] C:\Autodesk
[26/04/2010 - 00:46:46 | D ] C:\Arquivos de Programas RFB
[15/06/2010 - 12:59:30 | D ] C:\58eef1b04f51bb1fa1
[19/06/2010 - 01:42:06 | SHD ] C:\FOUND.002
[30/06/2010 - 10:01:52 | SHD ] C:\FOUND.003
[03/07/2010 - 17:19:26 | D ] C:\UsbFix
[12/07/2010 - 00:01:14 | A | 1096] C:\UsbFix.txt
[21/06/2009 - 19:49:42 | D ] C:\Office 2003 BR
[21/06/2009 - 20:07:52 | D ] C:\Office XP
[01/01/2002 - 01:16:34 | SHD ] D:\System Volume Information
[01/01/2002 - 02:49:26 | D ] D:\MyWorks
[18/08/2005 - 18:10:38 | SHD ] D:\Recycled
[23/06/2009 - 23:57:06 | D ] D:\Bkp Filme Geshe
[24/06/2009 - 00:19:50 | D ] D:\Downloads
[24/06/2009 - 00:20:12 | D ] D:\Filme Geshe Ngawang Sherab
[24/06/2009 - 00:41:52 | RD ] D:\JU DOCS
[24/06/2009 - 00:47:40 | RD ] D:\MIGUEL DOCS
[24/06/2009 - 01:01:32 | D ] D:\Madhyamakavatara DKR San Francisco
[24/06/2009 - 01:04:28 | D ] D:\OUTROS DOCS
[24/06/2009 - 01:05:08 | D ] D:\transferir configurações
[24/06/2009 - 01:05:48 | D ] D:\BkpGhst
[29/10/2008 - 00:22:57 | RD ] F:\Arquivos de programas
[27/09/2008 - 04:14:25 | A | 7680] F:\AssistentGraph.grf
[20/09/2008 - 20:55:17 | A | 0] F:\AUTOEXEC.BAT
[20/09/2008 - 21:52:53 | D ] F:\BodYig
[21/09/2008 - 22:17:20 | ASH | 211] F:\boot.ini
[28/10/2001 - 12:06:10 | RASH | 4952] F:\Bootfont.bin
[27/09/2008 - 23:36:24 | D ] F:\canonscanner
[20/09/2008 - 20:55:17 | A | 0] F:\CONFIG.SYS
[20/09/2008 - 22:03:19 | D ] F:\Documents and Settings
[20/09/2008 - 20:55:17 | RASH | 0] F:\IO.SYS
[28/09/2008 - 19:49:54 | D ] F:\KPCMS
[20/09/2008 - 20:55:17 | RASH | 0] F:\MSDOS.SYS
[21/06/2009 - 20:34:45 | RHD ] F:\MSOCache
[21/09/2008 - 22:13:04 | RASH | 47564] F:\NTDETECT.COM
[29/09/2008 - 00:10:53 | RASH | 251696] F:\ntldr
[11/07/2010 - 12:17:00 | ASH | 805306368] F:\pagefile.sys
[21/09/2008 - 00:38:22 | D ] F:\Program Files
[12/07/2010 - 00:05:54 | SHD ] F:\RECYCLER
[15/01/2009 - 00:40:51 | A | 76288] F:\Relatório NIT-RS 2008.doc
[08/09/2009 - 08:36:30 | SHD ] F:\System Volume Information
[20/09/2008 - 21:23:44 | D ] F:\Transfer configurações miguel
[22/11/2008 - 02:01:06 | A | 27262976] F:\VIRTPART.DAT
[18/04/2009 - 09:23:59 | D ] F:\WINDOWS
[01/07/2010 - 09:39:02 | H | 16] H:\AUTORUN.INF
[04/09/2009 - 18:20:18 | RSHD ] H:\RECYCLER
[16/10/2009 - 14:52:50 | A | 9584640] H:\Denúncias Unico 151009.mdb
[23/10/2009 - 16:58:36 | D ] H:\Animação
[23/10/2009 - 16:58:42 | D ] H:\Dharma
[01/07/2010 - 09:39:32 | D ] H:\Livro EI 20100629 casa mosiris
################## | Vaccin |
C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder criado por Panda USB Vaccine
################## | Upload |
Favor enviar o arquivo: C:\UsbFix_Upload_Me_HOME.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Obrigado pela sua contribuição.
################## | E.O.F |
1.
Favor enviar o arquivo: C:\UsbFix_Upload_Me_HOME.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Obrigado pela sua contribuição.
2.
*Duplo clique em UsbFix
*Clique em [uninstall]
3.
*Baixe o RSIT e salve-o no desktop
*Duplo clique em RSIT
*Clique em [Continue]
*Ao término do processo, cole o relatório criado em C:\rsit\log.txt
>
1.
Favor enviar o arquivo: C:\UsbFix_Upload_Me_HOME.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Obrigado pela sua contribuição.
2.
*Duplo clique em UsbFix
*Clique em [uninstall]
3.
*Baixe o RSIT'>http://images.malwareremoval.com/random/RSIT.exe"]RSIT e salve-o no desktop
*Duplo clique em RSIT
*Clique em [Continue]
*Ao término do processo, cole o relatório criado em C:\rsit\log.txt
Logfile of random's system information tool 1.08 (written by random/random)
Run by a at 2010-07-13 10:32:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 90 GB (60%) free of 150 GB
Total RAM: 1535 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:32:56, on 13/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe
C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\Arquivos de programas\FaxTalk Communicator\FAPIEXE.EXE
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\VIA\RAID\raid_tool.exe
C:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mcshield.exe
C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe
C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\a\Desktop\RSIT.exe
C:\Arquivos de programas\trend micro\a.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R3 - URLSearchHook: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\arquiv~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20100518202649.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CallControl 4.5] C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [Office XP crack (nao remover)] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCTVRemote] C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Arquivos de programas\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [4shared Update] "C:\Arquivos de programas\4shared Desktop\checkUpdate.exe"
O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_link.htm
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://www.abntcatalogo.com.br
O15 - Trusted Zone: http://www.abntnet.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 13328 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\PandaUSBVaccine.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1957994488-725345543-1003Core1cb18ddfeca925e.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\arquiv~1\mcafee\msk\mskapbho.dll [2009-12-21 245272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-17 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20100518202649.dll [2010-04-27 73288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2010-06-15 269752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
myBabylon English Toolbar - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll [2010-05-20 2675296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2010-05-26 335136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-12-28 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-28 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}]
Online Radio Brazil Toolbar - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll [2010-04-27 2393184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]
{f4c23ca5-ed6c-4376-80ad-62f9161a7286} - Online Radio Brazil Toolbar - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll [2010-04-27 2393184]
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - myBabylon English Toolbar - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll [2010-05-20 2675296]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-09-01 53248]
"RemoteControl"=C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"InCD"=C:\Arquivos de programas\Ahead\InCD\InCD.exe [2004-09-07 1400944]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"CallControl 4.5"=C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe [2003-06-03 120320]
"Office XP crack (nao remover)"=C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe [2001-06-16 110639]
"SSBkgdUpdate"=C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
"Opware15"=C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe [2005-07-06 69632]
"OpScheduler"=C:\Arquivos de programas\ScanSoft\OmniPage15.0\OpScheduler.exe []
"PDF3 Registry Controller"=C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe [2005-04-12 106496]
"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2009-05-26 413696]
"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-12-28 149280]
"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2010-01-17 198160]
"PCTVRemote"=C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe [2002-10-11 61699]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"=C:\Arquivos de programas\CyberLink\PowerBackup\PBKScheduler.exe [2005-04-11 69721]
"mcui_exe"=C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe [2010-04-01 1180976]
"4shared Update"=C:\Arquivos de programas\4shared Desktop\checkUpdate.exe [2010-06-03 603136]
"Babylon Client"=C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe [2010-06-15 3808696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"NvMediaCenter"=C:\WINDOWS\System32\NVMCTRAY.DLL [2003-12-03 49152]
"PowerBar"= []
"Google Update"=C:\Documents [2010-04-02 91]
"Skype"=C:\Arquivos de programas\Skype\\Phone\Skype.exe [2010-05-13 26192168]
"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2004-08-04 1667584]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar
VIA RAID TOOL.lnk - C:\Arquivos de programas\VIA\RAID\raid_tool.exe
Pinnacle Scheduler.lnk - C:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
C:\Arquivos de programas\GbPlugin\gbieh.dll [2010-05-26 335136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2010-05-26 335136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutorun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Arquivos de programas\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe"="C:\Arquivos de programas\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Arquivos de programas\SPSSInc\PASWStatistics17\statistics.exe"="C:\Arquivos de programas\SPSSInc\PASWStatistics17\statistics.exe:*:Disabled:Statistics17:deprecated exe"
"C:\Arquivos de programas\SPSSInc\PASWStatistics17\paswstat.com"="C:\Arquivos de programas\SPSSInc\PASWStatistics17\paswstat.com:*:Disabled:Statistics17:com"
"C:\Arquivos de programas\SPSSInc\PASWStatistics17\statistics.com"="C:\Arquivos de programas\SPSSInc\PASWStatistics17\statistics.com:*:Disabled:Statistics17:deprecated com"
"C:\Arquivos de programas\SPSSInc\PASWStatistics17\paswstat.exe"="C:\Arquivos de programas\SPSSInc\PASWStatistics17\paswstat.exe:*:Disabled:Statistics17:exe"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Arquivos de programas\Arquivos comuns\McAfee\MNA\McNASvc.exe"="C:\Arquivos de programas\Arquivos comuns\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Arquivos de programas\BitTorrent\bittorrent.exe"="C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe"="C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"
"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-07-13 10:32:10 ----D---- C:\Arquivos de programas\trend micro
2010-07-13 10:32:09 ----D---- C:\rsit
2010-07-12 00:06:33 ----RASHD---- C:\Autorun.inf
2010-07-03 17:19:25 ----D---- C:\UsbFix
2010-06-30 10:01:52 ----SHD---- C:\FOUND.003
2010-06-27 00:41:44 ----D---- C:\Arquivos de programas\Translation Tool
2010-06-19 02:44:00 ----D---- C:\Arquivos de programas\myBabylon_English
2010-06-19 02:43:57 ----D---- C:\Arquivos de programas\Babylon
2010-06-19 02:42:44 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
2010-06-19 02:42:44 ----D---- C:\Documents and Settings\a\Dados de aplicativos\Babylon
2010-06-19 01:42:06 ----SHD---- C:\FOUND.002
2010-06-16 13:13:38 ----SHD---- C:\FOUND.001
2010-06-15 13:33:54 ----D---- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared
2010-06-15 13:33:38 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-06-15 13:33:38 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-06-15 13:33:37 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-06-15 13:33:30 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-06-15 13:33:08 ----D---- C:\WINDOWS\Logs
2010-06-15 12:59:28 ----D---- C:\58eef1b04f51bb1fa1
2010-06-15 12:59:04 ----D---- C:\WINDOWS\SxsCaPendDel
2010-06-15 11:45:38 ----D---- C:\Arquivos de programas\Autodesk
2010-06-15 11:16:40 ----HD---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-06-15 11:14:29 ----D---- C:\Arquivos de programas\MSBuild
2010-06-15 11:14:25 ----D---- C:\WINDOWS\system32\XPSViewer
2010-06-15 11:14:22 ----D---- C:\WINDOWS\system32\en-us
2010-06-15 11:14:21 ----D---- C:\Arquivos de programas\Reference Assemblies
2010-06-15 11:13:51 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-06-15 11:11:03 ----HD---- C:\WINDOWS\$NtUninstallWIC$
2010-06-15 11:11:00 ----D---- C:\Arquivos de programas\MSXML 6.0
2010-06-15 10:08:17 ----D---- C:\Documents and Settings\a\Dados de aplicativos\Autodesk
2010-06-15 10:08:16 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk
2010-06-15 10:07:10 ----HD---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-06-15 10:04:13 ----D---- C:\Autodesk
2010-06-14 20:22:07 ----D---- C:\Arquivos de programas\Arquivos comuns\Skype
======List of files/folders modified in the last 1 months======
2010-07-12 22:09:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-05 12:37:26 ----A---- C:\WINDOWS\ModemLog_LM-I56N #2.txt
2010-06-15 12:56:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-15 11:11:12 ----A---- C:\WINDOWS\imsins.BAK
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 GbpKm;Gbp KernelMode; C:\WINDOWS\system32\drivers\gbpkm.sys [2010-05-26 45472]
R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-04-27 385880]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 RecAgent;RecAgent; C:\WINDOWS\System32\DRIVERS\RecAgent.sys [2004-05-03 13920]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viasraid;viasraid; C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-10-31 77312]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-07 28544]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2010-04-27 82952]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2010-04-27 55456]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-04-27 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-04-27 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-04-27 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2010-04-27 312616]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-04-27 88480]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 pctvvbi;PCTVVBI; C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 6400]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2004-08-18 189568]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-09-07 91136]
S3 3xHybrid;Pinnacle PCTV Stereo service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2003-12-05 556416]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys []
S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-01-01 9600]
S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-04-27 88480]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-04-27 83496]
S3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2004-05-03 230664]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2004-05-03 1302680]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2004-05-03 180640]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
S3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]
S3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8029.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 Slntamr;NetoDragon AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2004-05-03 632960]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2004-05-03 95768]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2004-05-03 13288]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-09-27 173440]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CCALib8;Canon Camera Access Library 8; C:\Arquivos de programas\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2010-05-26 55072]
R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe [2004-09-07 1151090]
R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-12-28 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 206112]
R2 McMPFSvc;McAfee Personal Firewall; C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 mcmscsvc;McAfee Services; C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McNASvc;McAfee Network Agent; C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McProxy;McAfee Proxy Service; C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McShield;McShield; C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe [2010-01-05 170144]
R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 mfefire;McAfee Firewall Core Service; C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-05-03 45056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\Arquivos de programas\McAfee\VirusScan\mcods.exe [2010-03-10 364216]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Serviço de Compartilhamento de Porta Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
*Baixe o MalwareBytes Anti-malware e salve-o no desktop
*Instale o programa
*Se alguma atualização existir,o download será automático. Aguarde...
*O programa será aberto automaticamente.
*Na aba [Verificação], selecione a opção [Verificação completa]
*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)
*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]
*Clique em [Remover Selecionados]
*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.
*Cole-o na sua próxima resposta
Executado Malwarebytes' Anti-Malware.
Segue log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Versão da Base de Dados: 4376
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
1/8/2010 12:42:29
mbam-log-2010-08-01 (12-42-29).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|F:\|)
Objetos escaneados: 318079
Tempo decorrido: 3 hora(s), 52 minuto(s), 0 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 3
Pastas Infectadas: 0
Arquivos Infectados: 0
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
(Não foram detectados ítens maliciosos)
OK...o PC está limpo.
1.
*Delete o RSIT e seus relatórios.
OK...o PC está limpo.
Muito obrigado, Wings!
>
1.
*Delete o RSIT e seus relatórios.
Desculpe, mas o que é o RSIT?
>
Desculpe, mas o que é o RSIT?
O programa que eu havia solicitado para usar conforme minha citação abaixo, postada em 12/07:
Baixe o RSIT e salve-o no desktopDuplo clique em RSIT
*Clique em [Continue]
*Ao término do processo, cole o relatório criado em C:\rsit\log.txt
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa tarde....
*Desative temporariamente seu antivírus
Clique em OK para salvar e feche o programa.
*Baixe o USBFix e salve-o no desktop
*Conecte o Pendrive no PC
*Duplo clique em UsbFix
*Clique em [Pesquisa] e aguarde o término
*Remova o Pendrive
** *Cole o relatório criado em C:\UsbFix.txt**