[Resolvido!] Windows reinicia repetidamente

[miguelino3ol 0]

De repente, meu computador ficou com a tela preta, parecia que tinha desligado, mas a luzinha do LED continuava acesa. Pouco tempo depois, começou a reiniciar e fez a verificação do disco, entrou no windows e, pouco tempo depois, tudo se repetiu, várias vezes. Até que desliguei no botão e não deixei mais fazer a varredura dos discos.

Após alguns dias funcionando bem, agora, novamente o problema ocorreu, por duas vezes.

 

Agradeço se puderem me ajudar.

 

Segue log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:54:37, on 1/7/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe

C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\FaxTalk Communicator\FAPIEXE.EXE

C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mcshield.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\McAfee\VirusScan\mcods.exe

D:\MIGUEL DOCS\20091025 Limpeza do virus\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\arquiv~1\mcafee\msk\mskapbho.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20100518202649.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CallControl 4.5] C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe /autoload

O4 - HKLM\..\Run: [Office XP crack (nao remover)] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [Opware15] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe"

O4 - HKLM\..\Run: [OpScheduler] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\OpScheduler.exe"

O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PCTVRemote] C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Arquivos de programas\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [4shared Update] "C:\Arquivos de programas\4shared Desktop\checkUpdate.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_link.htm

O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.abntcatalogo.com.br

O15 - Trusted Zone: http://www.abntnet.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 12947 bytes

[wings 22]

Boa tarde....

 

 

*Desative temporariamente seu antivírus

 

Abra o programa, dando dois cliques no ícone dele ao lado do relógio ->

À esquerda do painel clique no botão Configure, em seguida clique no botão Advanced;

No item Ignored Problems, marque a opção: SystemGuard Protection is disable;

Clique em OK para salvar e feche o programa.

*Baixe o USBFix e salve-o no desktop

 

*Conecte o Pendrive no PC

*Duplo clique em UsbFix

*Clique em [Pesquisa] e aguarde o término

 

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

[miguelino3ol 0]

Primeiro, coloquei um dos meus pendrive e deu o seguinte log:

 

############################## | UsbFix 7.015 | [Pesquisa]

 

Usuário: a (Administrador) # HOME [ ]

Atualizado em 01/07/10 por El Desaparecido / C_XX

Começou em 17:21:19 | 03/07/2010

Site: http://pagesperso-orange.fr/NosTools/index.html

Contato: FindyKill.Contact@gmail.com

 

CPU: AMD Athlon 64 Processor 3000+

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Habilitado

Antivirus: McAfee VirusScan [(!) Disabled | Updated]

Firewall: McAfee Personal Firewall [Enabled]

RAM -> 1535 Mb

C:\ (%systemdrive%) -> Disco fixo # 146 Gb (84 Mb livre - 57%) [] # FAT32

D:\ -> Disco fixo # 151 Gb (16 Mb livre - 11%) [] # FAT32

E:\ -> CD-ROM

F:\ -> Disco fixo # 20 Gb (9 Mb livre - 47%) [] # NTFS

G:\ -> Disco removível # 7 Gb (946 Mb livre - 12%) [PATRIOT] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

Presente ! C:\Arquivos de programas\GbPlugin

 

################## | Registro |

 

Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kxva

 

################## | Mountpoints2 |

 

HKCU\.\.\.\.\Explorer\MountPoints2\{330a3796-fe6a-11d5-aa08-806d6172696f}

Shell\AutoRun\Command = E:\SETUP.EXE

 

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | E.O.F |

 

Depois, coloquei também os outros dois pendrives, e rodei de novo o usbfix:

 

 

############################## | UsbFix 7.015 | [Pesquisa]

 

Usuário: a (Administrador) # HOME [ ]

Atualizado em 01/07/10 por El Desaparecido / C_XX

Começou em 17:36:01 | 03/07/2010

Site: http://pagesperso-orange.fr/NosTools/index.html

Contato: FindyKill.Contact@gmail.com

 

CPU: AMD Athlon 64 Processor 3000+

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Habilitado

Antivirus: McAfee VirusScan [(!) Disabled | Updated]

Firewall: McAfee Personal Firewall [Enabled]

RAM -> 1535 Mb

C:\ (%systemdrive%) -> Disco fixo # 146 Gb (84 Mb livre - 57%) [] # FAT32

D:\ -> Disco fixo # 151 Gb (16 Mb livre - 11%) [] # FAT32

E:\ -> CD-ROM

F:\ -> Disco fixo # 20 Gb (10 Mb livre - 49%) [] # NTFS

G:\ -> Disco removível # 7 Gb (946 Mb livre - 12%) [PATRIOT] # FAT32

H:\ -> Disco removível # 7 Gb (7 Mb livre - 97%) [PATRIOT] # FAT32

I:\ -> Disco removível # 490 Mb (89 Mb livre - 18%) [KINGSTON] # FAT

 

################## | Ficheiros # pastas infeciosos |

 

Presente ! C:\Arquivos de programas\GbPlugin

Presente ! G:\AUTORUN.INF

Presente ! G:\mk28sp.exe

Presente ! H:\AUTORUN.INF

Presente ! I:\AUTORUN.INF

 

################## | Registro |

 

Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kxva

 

################## | Mountpoints2 |

 

HKCU\.\.\.\.\Explorer\MountPoints2\{330a3796-fe6a-11d5-aa08-806d6172696f}

Shell\AutoRun\Command = E:\SETUP.EXE

 

 

################## | Vaccin |

 

G:\Autorun.inf -> Folder criado por Panda USB Vaccine

H:\Autorun.inf -> Folder criado por Panda USB Vaccine

I:\Autorun.inf -> Folder criado por Panda USB Vaccine

 

################## | E.O.F |

[wings 22]

*Conecte novamente o segundo Pendrive no PC

*Duplo clique em UsbFix

*Clique em [supressão] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

[miguelino3ol 0]

*Conecte novamente o segundo Pendrive no PC

*Duplo clique em UsbFix

*Clique em [supressão] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

 

Aí vai:

 

 

############################## | UsbFix 7.015 | [supressão]

 

Usuário: a (Administrador) # HOME [ ]

Atualizado em 01/07/10 por El Desaparecido / C_XX

Começou em 00:01:13 | 12/07/2010

Site: http://pagesperso-orange.fr/NosTools/index.html

Contato: FindyKill.Contact@gmail.com

 

CPU: AMD Athlon 64 Processor 3000+

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Habilitado

Antivirus: McAfee VirusScan [Enabled | Updated]

Firewall: McAfee Personal Firewall [Enabled]

RAM -> 1535 Mb

C:\ (%systemdrive%) -> Disco fixo # 146 Gb (84 Mb livre - 57%) [] # FAT32

D:\ -> Disco fixo # 151 Gb (16 Mb livre - 11%) [] # FAT32

E:\ -> CD-ROM

F:\ -> Disco fixo # 20 Gb (10 Mb livre - 49%) [] # NTFS

H:\ -> Disco removível # 7 Gb (7 Mb livre - 97%) [PATRIOT] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

Não supprimido ! C:\Arquivos de programas\GbPlugin

Não supprimido ! H:\AUTORUN.INF

 

################## | Registro |

 

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kxva

 

################## | Mountpoints2 |

 

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{330a3796-fe6a-11d5-aa08-806d6172696f}

 

################## | Listing |

 

[11/07/2010 - 21:49:58 | ASH | 1609355264] C:\hiberfil.sys

[15/01/2004 - 16:33:52 | D ] C:\WINDOWS

[23/04/2010 - 10:16:52 | SHD ] C:\FOUND.000

[15/01/2004 - 16:38:14 | D ] C:\Documents and Settings

[01/01/2002 - 02:33:04 | RD ] C:\Arquivos de programas

[15/01/2004 - 16:50:24 | A | 0] C:\CONFIG.SYS

[15/01/2004 - 16:50:24 | A | 0] C:\AUTOEXEC.BAT

[15/01/2004 - 16:50:24 | RASH | 0] C:\IO.SYS

[15/01/2004 - 16:50:24 | RASH | 0] C:\MSDOS.SYS

[15/01/2004 - 16:55:18 | SHD ] C:\System Volume Information

[15/01/2004 - 18:22:34 | D ] C:\WUTemp

[01/01/2002 - 01:32:50 | SHD ] C:\Recycled

[01/01/2002 - 01:55:40 | A | 4952] C:\Bootfont.bin

[04/08/2004 - 01:59:34 | RASH | 251168] C:\ntldr

[04/08/2004 - 01:38:34 | RASH | 47564] C:\NTDETECT.COM

[05/11/2009 - 08:10:16 | SH | 211] C:\boot.ini

[03/03/2010 - 01:28:36 | D ] C:\MyWorks

[04/03/2010 - 04:58:14 | D ] C:\JVC Videos

[05/09/2001 - 21:00:58 | A | 1700352] C:\gdiplus.dll

[11/07/2010 - 21:49:58 | ASH | 805306368] C:\pagefile.sys

[05/11/2009 - 06:42:20 | N | 397] C:\Win32.Worm.Downladup.Gen.log

[02/04/2010 - 20:32:38 | A | 91] C:\Documents

[16/06/2010 - 13:13:38 | SHD ] C:\FOUND.001

[05/11/2009 - 07:53:28 | A | 13973] C:\SAFEBOOT_REPAIR.TXT

[15/06/2010 - 10:04:14 | D ] C:\Autodesk

[26/04/2010 - 00:46:46 | D ] C:\Arquivos de Programas RFB

[15/06/2010 - 12:59:30 | D ] C:\58eef1b04f51bb1fa1

[19/06/2010 - 01:42:06 | SHD ] C:\FOUND.002

[30/06/2010 - 10:01:52 | SHD ] C:\FOUND.003

[03/07/2010 - 17:19:26 | D ] C:\UsbFix

[12/07/2010 - 00:01:14 | A | 1096] C:\UsbFix.txt

[21/06/2009 - 19:49:42 | D ] C:\Office 2003 BR

[21/06/2009 - 20:07:52 | D ] C:\Office XP

[01/01/2002 - 01:16:34 | SHD ] D:\System Volume Information

[01/01/2002 - 02:49:26 | D ] D:\MyWorks

[18/08/2005 - 18:10:38 | SHD ] D:\Recycled

[23/06/2009 - 23:57:06 | D ] D:\Bkp Filme Geshe

[24/06/2009 - 00:19:50 | D ] D:\Downloads

[24/06/2009 - 00:20:12 | D ] D:\Filme Geshe Ngawang Sherab

[24/06/2009 - 00:41:52 | RD ] D:\JU DOCS

[24/06/2009 - 00:47:40 | RD ] D:\MIGUEL DOCS

[24/06/2009 - 01:01:32 | D ] D:\Madhyamakavatara DKR San Francisco

[24/06/2009 - 01:04:28 | D ] D:\OUTROS DOCS

[24/06/2009 - 01:05:08 | D ] D:\transferir configurações

[24/06/2009 - 01:05:48 | D ] D:\BkpGhst

[29/10/2008 - 00:22:57 | RD ] F:\Arquivos de programas

[27/09/2008 - 04:14:25 | A | 7680] F:\AssistentGraph.grf

[20/09/2008 - 20:55:17 | A | 0] F:\AUTOEXEC.BAT

[20/09/2008 - 21:52:53 | D ] F:\BodYig

[21/09/2008 - 22:17:20 | ASH | 211] F:\boot.ini

[28/10/2001 - 12:06:10 | RASH | 4952] F:\Bootfont.bin

[27/09/2008 - 23:36:24 | D ] F:\canonscanner

[20/09/2008 - 20:55:17 | A | 0] F:\CONFIG.SYS

[20/09/2008 - 22:03:19 | D ] F:\Documents and Settings

[20/09/2008 - 20:55:17 | RASH | 0] F:\IO.SYS

[28/09/2008 - 19:49:54 | D ] F:\KPCMS

[20/09/2008 - 20:55:17 | RASH | 0] F:\MSDOS.SYS

[21/06/2009 - 20:34:45 | RHD ] F:\MSOCache

[21/09/2008 - 22:13:04 | RASH | 47564] F:\NTDETECT.COM

[29/09/2008 - 00:10:53 | RASH | 251696] F:\ntldr

[11/07/2010 - 12:17:00 | ASH | 805306368] F:\pagefile.sys

[21/09/2008 - 00:38:22 | D ] F:\Program Files

[12/07/2010 - 00:05:54 | SHD ] F:\RECYCLER

[15/01/2009 - 00:40:51 | A | 76288] F:\Relatório NIT-RS 2008.doc

[08/09/2009 - 08:36:30 | SHD ] F:\System Volume Information

[20/09/2008 - 21:23:44 | D ] F:\Transfer configurações miguel

[22/11/2008 - 02:01:06 | A | 27262976] F:\VIRTPART.DAT

[18/04/2009 - 09:23:59 | D ] F:\WINDOWS

[01/07/2010 - 09:39:02 | H | 16] H:\AUTORUN.INF

[04/09/2009 - 18:20:18 | RSHD ] H:\RECYCLER

[16/10/2009 - 14:52:50 | A | 9584640] H:\Denúncias Unico 151009.mdb

[23/10/2009 - 16:58:36 | D ] H:\Animação

[23/10/2009 - 16:58:42 | D ] H:\Dharma

[01/07/2010 - 09:39:32 | D ] H:\Livro EI 20100629 casa mosiris

 

################## | Vaccin |

 

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

F:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

H:\Autorun.inf -> Folder criado por Panda USB Vaccine

 

################## | Upload |

 

Favor enviar o arquivo: C:\UsbFix_Upload_Me_HOME.zip

http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição.

 

################## | E.O.F |

[wings 22]

1.

Favor enviar o arquivo: C:\UsbFix_Upload_Me_HOME.zip

http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição.

 

2.

*Duplo clique em UsbFix

*Clique em [uninstall]

 

3.

*Baixe o RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole o relatório criado em C:\rsit\log.txt

[miguelino3ol 0]

1.

Favor enviar o arquivo: C:\UsbFix_Upload_Me_HOME.zip

http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição.

 

2.

*Duplo clique em UsbFix

*Clique em [uninstall]

 

3.

*Baixe o RSIT'>http://images.malwareremoval.com/random/RSIT.exe"]RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole o relatório criado em C:\rsit\log.txt

Logfile of random's system information tool 1.08 (written by random/random)

Run by a at 2010-07-13 10:32:09

Microsoft Windows XP Professional Service Pack 2

System drive C: has 90 GB (60%) free of 150 GB

Total RAM: 1535 MB (67% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:32:56, on 13/7/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe

C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe

C:\Arquivos de programas\FaxTalk Communicator\FAPIEXE.EXE

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mcshield.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\a\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\a.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R3 - URLSearchHook: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\arquiv~1\mcafee\msk\mskapbho.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20100518202649.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CallControl 4.5] C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe /autoload

O4 - HKLM\..\Run: [Office XP crack (nao remover)] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [Opware15] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe"

O4 - HKLM\..\Run: [OpScheduler] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\OpScheduler.exe"

O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PCTVRemote] C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Arquivos de programas\CyberLink\PowerBackup\PBKScheduler.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [4shared Update] "C:\Arquivos de programas\4shared Desktop\checkUpdate.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\a\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_link.htm

O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.abntcatalogo.com.br

O15 - Trusted Zone: http://www.abntnet.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{25D6EAF2-CF98-4885-9677-A4CBAA5DC325}: NameServer = 201.10.1.2,201.10.120.3

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 13328 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\PandaUSBVaccine.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1957994488-725345543-1003Core1cb18ddfeca925e.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]

McAfee Phishing Filter - c:\arquiv~1\mcafee\msk\mskapbho.dll [2009-12-21 245272]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-17 329312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20100518202649.dll [2010-04-27 73288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]

Babylon IE plugin - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2010-06-15 269752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

myBabylon English Toolbar - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll [2010-05-20 2675296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2010-05-26 335136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-12-28 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-28 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}]

Online Radio Brazil Toolbar - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll [2010-04-27 2393184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]

{f4c23ca5-ed6c-4376-80ad-62f9161a7286} - Online Radio Brazil Toolbar - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll [2010-04-27 2393184]

{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - myBabylon English Toolbar - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll [2010-05-20 2675296]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-09-01 53248]

"RemoteControl"=C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]

"InCD"=C:\Arquivos de programas\Ahead\InCD\InCD.exe [2004-09-07 1400944]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"CallControl 4.5"=C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe [2003-06-03 120320]

"Office XP crack (nao remover)"=C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe [2001-06-16 110639]

"SSBkgdUpdate"=C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]

"Opware15"=C:\Arquivos de programas\ScanSoft\OmniPage15.0\Opware15.exe [2005-07-06 69632]

"OpScheduler"=C:\Arquivos de programas\ScanSoft\OmniPage15.0\OpScheduler.exe []

"PDF3 Registry Controller"=C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe [2005-04-12 106496]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2009-05-26 413696]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-12-28 149280]

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2010-01-17 198160]

"PCTVRemote"=C:\Arquivos de programas\Pinnacle\PCTV Stereo\Remote\Remoterm.exe [2002-10-11 61699]

"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"=C:\Arquivos de programas\CyberLink\PowerBackup\PBKScheduler.exe [2005-04-11 69721]

"mcui_exe"=C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe [2010-04-01 1180976]

"4shared Update"=C:\Arquivos de programas\4shared Desktop\checkUpdate.exe [2010-06-03 603136]

"Babylon Client"=C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe [2010-06-15 3808696]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

""= []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"NvMediaCenter"=C:\WINDOWS\System32\NVMCTRAY.DLL [2003-12-03 49152]

"PowerBar"= []

"Google Update"=C:\Documents [2010-04-02 91]

"Skype"=C:\Arquivos de programas\Skype\\Phone\Skype.exe [2010-05-13 26192168]

"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2004-08-04 1667584]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

VIA RAID TOOL.lnk - C:\Arquivos de programas\VIA\RAID\raid_tool.exe

Pinnacle Scheduler.lnk - C:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\Arquivos de programas\GbPlugin\gbieh.dll [2010-05-26 335136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2010-05-26 335136]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=0

"NoDriveAutorun"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=0

"NoDriveAutoRun"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Arquivos de programas\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe"="C:\Arquivos de programas\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"

"C:\Arquivos de programas\SPSSInc\PASWStatistics17\statistics.exe"="C:\Arquivos de programas\SPSSInc\PASWStatistics17\statistics.exe:*:Disabled:Statistics17:deprecated exe"

"C:\Arquivos de programas\SPSSInc\PASWStatistics17\paswstat.com"="C:\Arquivos de programas\SPSSInc\PASWStatistics17\paswstat.com:*:Disabled:Statistics17:com"

"C:\Arquivos de programas\SPSSInc\PASWStatistics17\statistics.com"="C:\Arquivos de programas\SPSSInc\PASWStatistics17\statistics.com:*:Disabled:Statistics17:deprecated com"

"C:\Arquivos de programas\SPSSInc\PASWStatistics17\paswstat.exe"="C:\Arquivos de programas\SPSSInc\PASWStatistics17\paswstat.exe:*:Disabled:Statistics17:exe"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Arquivos comuns\McAfee\MNA\McNASvc.exe"="C:\Arquivos de programas\Arquivos comuns\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\Arquivos de programas\BitTorrent\bittorrent.exe"="C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe"="C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

======File associations======

 

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"

.scr - install -

.scr - config -

 

======List of files/folders created in the last 1 months======

 

2010-07-13 10:32:10 ----D---- C:\Arquivos de programas\trend micro

2010-07-13 10:32:09 ----D---- C:\rsit

2010-07-12 00:06:33 ----RASHD---- C:\Autorun.inf

2010-07-03 17:19:25 ----D---- C:\UsbFix

2010-06-30 10:01:52 ----SHD---- C:\FOUND.003

2010-06-27 00:41:44 ----D---- C:\Arquivos de programas\Translation Tool

2010-06-19 02:44:00 ----D---- C:\Arquivos de programas\myBabylon_English

2010-06-19 02:43:57 ----D---- C:\Arquivos de programas\Babylon

2010-06-19 02:42:44 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

2010-06-19 02:42:44 ----D---- C:\Documents and Settings\a\Dados de aplicativos\Babylon

2010-06-19 01:42:06 ----SHD---- C:\FOUND.002

2010-06-16 13:13:38 ----SHD---- C:\FOUND.001

2010-06-15 13:33:54 ----D---- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2010-06-15 13:33:38 ----A---- C:\WINDOWS\system32\d3dx10_41.dll

2010-06-15 13:33:38 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll

2010-06-15 13:33:37 ----A---- C:\WINDOWS\system32\D3DX9_41.dll

2010-06-15 13:33:30 ----A---- C:\WINDOWS\system32\d3dx9_30.dll

2010-06-15 13:33:08 ----D---- C:\WINDOWS\Logs

2010-06-15 12:59:28 ----D---- C:\58eef1b04f51bb1fa1

2010-06-15 12:59:04 ----D---- C:\WINDOWS\SxsCaPendDel

2010-06-15 11:45:38 ----D---- C:\Arquivos de programas\Autodesk

2010-06-15 11:16:40 ----HD---- C:\WINDOWS\$NtUninstallXPSEPSCLP$

2010-06-15 11:14:29 ----D---- C:\Arquivos de programas\MSBuild

2010-06-15 11:14:25 ----D---- C:\WINDOWS\system32\XPSViewer

2010-06-15 11:14:22 ----D---- C:\WINDOWS\system32\en-us

2010-06-15 11:14:21 ----D---- C:\Arquivos de programas\Reference Assemblies

2010-06-15 11:13:51 ----N---- C:\WINDOWS\system32\spmsg2.dll

2010-06-15 11:11:03 ----HD---- C:\WINDOWS\$NtUninstallWIC$

2010-06-15 11:11:00 ----D---- C:\Arquivos de programas\MSXML 6.0

2010-06-15 10:08:17 ----D---- C:\Documents and Settings\a\Dados de aplicativos\Autodesk

2010-06-15 10:08:16 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk

2010-06-15 10:07:10 ----HD---- C:\WINDOWS\$NtUninstallKB942288-v3$

2010-06-15 10:04:13 ----D---- C:\Autodesk

2010-06-14 20:22:07 ----D---- C:\Arquivos de programas\Arquivos comuns\Skype

 

======List of files/folders modified in the last 1 months======

 

2010-07-12 22:09:26 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-07-05 12:37:26 ----A---- C:\WINDOWS\ModemLog_LM-I56N #2.txt

2010-06-15 12:56:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-06-15 11:11:12 ----A---- C:\WINDOWS\imsins.BAK

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 GbpKm;Gbp KernelMode; C:\WINDOWS\system32\drivers\gbpkm.sys [2010-05-26 45472]

R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-04-27 385880]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]

R0 RecAgent;RecAgent; C:\WINDOWS\System32\DRIVERS\RecAgent.sys [2004-05-03 13920]

R0 viaagp1;VIA AGP Filter; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [2003-07-02 27904]

R0 viasraid;viasraid; C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-10-31 77312]

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-07 28544]

R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2010-04-27 82952]

R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2010-04-27 55456]

R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-04-27 95568]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-04-27 152320]

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-04-27 51688]

R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2010-04-27 312616]

R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-04-27 88480]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

R3 pctvvbi;PCTVVBI; C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 6400]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2004-08-18 189568]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-09-07 91136]

S3 3xHybrid;Pinnacle PCTV Stereo service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2003-12-05 556416]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys []

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-01-01 9600]

S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []

S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-04-27 88480]

S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-04-27 83496]

S3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2004-05-03 230664]

S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2004-05-03 1302680]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2004-05-03 180640]

S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]

S3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]

S3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]

S3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]

S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8029.SYS []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 Slntamr;NetoDragon AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2004-05-03 632960]

S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2004-05-03 95768]

S3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2004-05-03 13288]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-09-27 173440]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 CCALib8;Canon Camera Access Library 8; C:\Arquivos de programas\Canon\CAL\CALMAIN.exe [2007-01-31 96370]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2010-05-26 55072]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe [2004-09-07 1151090]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-12-28 153376]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 206112]

R2 McMPFSvc;McAfee Personal Firewall; C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]

R2 mcmscsvc;McAfee Services; C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]

R2 McNaiAnn;McAfee VirusScan Announcer; C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]

R2 McNASvc;McAfee Network Agent; C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]

R2 McProxy;McAfee Proxy Service; C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]

R2 McShield;McShield; C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe [2010-01-05 170144]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]

R2 mfefire;McAfee Firewall Core Service; C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]

R2 mfevtp;McAfee Validation Trust Protection Service; C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]

R2 MSK80Service;McAfee Anti-Spam Service; C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]

R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-05-03 45056]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 McODS;McAfee Scanner; C:\Arquivos de programas\McAfee\VirusScan\mcods.exe [2010-03-10 364216]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 NetTcpPortSharing;Serviço de Compartilhamento de Porta Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[wings 22]

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[miguelino3ol 0]

Executado Malwarebytes' Anti-Malware.

Segue log:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4376

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

1/8/2010 12:42:29

mbam-log-2010-08-01 (12-42-29).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|F:\|)

Objetos escaneados: 318079

Tempo decorrido: 3 hora(s), 52 minuto(s), 0 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

[wings 22]

OK...o PC está limpo.

 

1.

*Delete o RSIT e seus relatórios.

[miguelino3ol 0]

OK...o PC está limpo.

Muito obrigado, Wings!

 

 

1.

*Delete o RSIT e seus relatórios.

Desculpe, mas o que é o RSIT?

[wings 22]

Desculpe, mas o que é o RSIT?

O programa que eu havia solicitado para usar conforme minha citação abaixo, postada em 12/07:

 

*Baixe o RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole o relatório criado em C:\rsit\log.txt

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.