Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

hygorsandro

[Arquivado] &nbspanalise de Log , nao abre site Microsoft

Recommended Posts

nao abre o site da microsoft =/

 

analise de log por favor!

 

Logfile of HijackThis v1.99.1Scan saved at 01:55:10, on 07/10/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Java\jre6\bin\jqs.exeC:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\alg.exeC:\WINDOWS\RTHDCPL.EXEC:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Arquivos de programas\Atheros WLAN Client\ACU.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Documents and Settings\Administrador\jcriel.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\Arquivos de programas\Mozilla Firefox\plugin-container.exeC:\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspxO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [ACU] "C:\Arquivos de programas\Atheros WLAN Client\ACU.exe" -noguiO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -hO4 - HKCU\..\Run: [jcriel] C:\Documents and Settings\Administrador\jcriel.exeO9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXEO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO14 - IERESET.INF: START_PAGE_URL=http://www.google.comO15 - Trusted Zone: www.bb.com.brO15 - Trusted Zone: www14.bancobrasil.com.brO15 - Trusted Zone: www2.bancobrasil.com.brO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9A6F740A-4D4C-4047-BAEB-C736F3380452}: NameServer = 200.87.100.10,200.87.100.40O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dllO20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dllO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exeO23 - Service: Gbp Service (GbpSv) -   - C:\ARQUIV~1\GbPlugin\GbpSv.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, hygorsandro!

 

Por gentileza, desinstale o hijackthis presente na sua máquina e siga os procedimentos abaixo:

 

*Baixe o HijackThis'>http://go.trendmicro.com/free-tools/hijackthis/HiJackThis.exe"]HijackThis e salve-o no desktop

*Execute-o

*Clique em [scan].

*Copie e Cole o relatório aqui.

 

No aguardo!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Primeiro, obrigado por me ajudar

segui seu pedido aqui esta o log:

 

Logfile of HijackThis v1.99.1Scan saved at 02:05:52, on 08/10/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Java\jre6\bin\jqs.exeC:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\alg.exeC:\WINDOWS\RTHDCPL.EXEC:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exeC:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Arquivos de programas\Atheros WLAN Client\ACU.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Documents and Settings\Administrador\jcriel.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Arquivos de programas\Windows Live\Contacts\wlcomm.exeC:\Arquivos de programas\Windows Media Player\wmplayer.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\Arquivos de programas\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\Administrador\Desktop\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspxO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [ACU] "C:\Arquivos de programas\Atheros WLAN Client\ACU.exe" -noguiO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -hO4 - HKCU\..\Run: [jcriel] C:\Documents and Settings\Administrador\jcriel.exeO9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXEO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO14 - IERESET.INF: START_PAGE_URL=http://www.google.comO15 - Trusted Zone: www.bb.com.brO15 - Trusted Zone: www14.bancobrasil.com.brO15 - Trusted Zone: www2.bancobrasil.com.brO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9A6F740A-4D4C-4047-BAEB-C736F3380452}: NameServer = 200.87.100.10,200.87.100.40O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dllO20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dllO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exeO23 - Service: Gbp Service (GbpSv) -   - C:\ARQUIV~1\GbPlugin\GbpSv.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

hygorsandro,

 

O HIjackthis ainda está na versão antiga.

 

Favor, siga como descrito abaixo:

* Vá em Iniciar > Configurações > Painel de Controle > Adicionar ou Remover Programas > Desinstale o Hijackthis 1.99.

 

*Baixe o RSIT'>http://images.malwareremoval.com/random/RSIT.exe"]RSIT e salve-o no desktop

*Execute o RSIT e clique em [Continue]

*Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

hygorsandro,

 

O HIjackthis ainda está na versão antiga.

 

Favor, siga como descrito abaixo:

* Vá em Iniciar > Configurações > Painel de Controle > Adicionar ou Remover Programas > Desinstale o Hijackthis 1.99.

 

*Baixe o RSIT'>http://images.malwareremoval.com/random/RSIT.exe"]RSIT e salve-o no desktop

*Execute o RSIT e clique em [Continue]

*Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt

 

 

amigo nao estou dando conta de acessar essa URL =/

aparesce que o link nao existe.

ja tentei por 3 navegadores e indo direto pelo google tambem.

 

gracias

 

log.txt

 

Logfile of random's system information tool 1.06 (written by random/random)Run by Administrador at 2010-10-13 19:12:32Microsoft Windows XP Professional Service Pack 3System drive C: has 22 GB (28%) free of 76 GBTotal RAM: 1014 MB (40% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:12:34, on 13/10/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Java\jre6\bin\jqs.exeC:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\RTHDCPL.EXEC:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exeC:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exeC:\Arquivos de programas\Atheros WLAN Client\ACU.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Documents and Settings\Administrador\jcriel.exeC:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Arquivos de programas\Windows Live\Contacts\wlcomm.exeC:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exeE:\jcrIEl.EXEC:\Documents and Settings\Administrador\alg.exeC:\WINDOWS\Explorer.exeC:\Arquivos de programas\McAfee Security Scan\2.0.181\McUICnt.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\Arquivos de programas\Mozilla Firefox\plugin-container.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32Info.exeC:\Documents and Settings\Administrador\Desktop\RSIT.exeC:\Arquivos de programas\trend micro\Administrador.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspxO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [ACU] "C:\Arquivos de programas\Atheros WLAN Client\ACU.exe" -noguiO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -hO4 - HKCU\..\Run: [jcriel] C:\Documents and Settings\Administrador\jcriel.exeO4 - Global Startup: McAfee Security Scan Plus.lnk = ?O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXEO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO14 - IERESET.INF: START_PAGE_URL=http://www.google.comO15 - Trusted Zone: www.bb.com.brO15 - Trusted Zone: www14.bancobrasil.com.brO15 - Trusted Zone: www2.bancobrasil.com.brO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9A6F740A-4D4C-4047-BAEB-C736F3380452}: NameServer = 200.87.100.10,200.87.100.40O20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dllO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exeO23 - Service: Gbp Service (GbpSv) -   - C:\ARQUIV~1\GbPlugin\GbpSv.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exeO23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe--End of file - 7208 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1580436667-527237240-500Core.jobC:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1580436667-527237240-500UA.jobC:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1580436667-527237240-500.jobC:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1580436667-527237240-500.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-04-28 341600][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]Search Helper - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbieh.dll [2010-09-29 342304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java(tm) Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-07-04 41760][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]Windows Live Toolbar Helper - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-04 79648][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]"SynTPEnh"=C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe [2008-08-28 1044480]"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2010-04-28 202256]"QuickTime Task"=C:\Arquivos de programas\QuickTime\QTTask.exe [2009-05-26 413696]"SunJavaUpdateSched"=C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2010-02-18 248040]"ACU"=C:\Arquivos de programas\Atheros WLAN Client\ACU.exe [2009-05-12 479320]"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]"Adobe ARM"=C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Google Update"=C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2010-04-21 136176]"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2002-04-11 1458448]"ares"=C:\Arquivos de programas\Ares\Ares.exe -h []"jcriel"=C:\Documents and Settings\Administrador\jcriel.exe [2010-09-30 131072][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]C:\WINDOWS\system32\hkcmd.exe [2009-02-18 166424][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]C:\WINDOWS\system32\igfxtray.exe [2009-02-18 141848][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jcriel]C:\Documents and Settings\Administrador\jcriel.exe [2010-09-30 131072][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]C:\WINDOWS\system32\igfxpers.exe [2009-02-18 137752]C:\Documents and Settings\All Users\Menu Iniciar\Programas\InicializarMcAfee Security Scan Plus.lnk - C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]C:\Arquivos de programas\GbPlugin\gbieh.dll [2010-09-29 342304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\Arquivos de programas\GbPlugin\gbieh.dll [2010-09-29 342304][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=181"NoDriveAutoRun"=E0FFFF03[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Messenger""C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync""C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows""C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager""C:\Arquivos de programas\REALTEK Wireless LAN Software\RtWLan.exe"="C:\Arquivos de programas\REALTEK Wireless LAN Software\RtWLan.exe:*:Enabled:RtWlan""C:\Arquivos de programas\CyberScript32\CyberScript.exe"="C:\Arquivos de programas\CyberScript32\CyberScript.exe:*:Enabled:mIRC"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]shell\AutoRun\command - E:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05b82316-b3c9-11df-a4f3-002454108def}]shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f9795d0-aef4-11df-a4e3-002454108def}]shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cbb7eae-62c5-11df-a492-002454108def}]shell\AutoRun\command - E:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cbb7eb1-62c5-11df-a492-002454108def}]shell\AutoRun\command - E:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae0fa865-70f2-11df-a4a2-002454108def}]shell\AutoRun\command - E:\program.exeshell\open\command - E:\program.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c389f416-6480-11df-a497-002454108def}]shell\AutoRun\command - E:\AutoRun.exe======File associations======.js - edit - "C:\Arquivos de programas\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"======List of files/folders created in the last 1 months======2010-10-13 19:11:43 ----D---- C:\rsit2010-10-13 19:11:43 ----D---- C:\Arquivos de programas\trend micro2010-10-12 20:21:31 ----D---- C:\WINDOWS\Applian FLV Player2010-10-12 20:21:31 ----D---- C:\Arquivos de programas\FLV Player2010-10-12 10:04:13 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe2010-10-12 10:04:13 ----D---- C:\Arquivos de programas\Adobe2010-10-11 17:57:13 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee Security Scan2010-10-11 17:57:13 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee2010-10-11 17:57:10 ----D---- C:\Arquivos de programas\McAfee Security Scan2010-10-07 01:43:10 ----A---- C:\WINDOWS\setuplog.txt2010-10-02 13:57:42 ----D---- C:\WINDOWS\pss2010-09-27 18:52:22 ----D---- C:\Arquivos de programas\XML Copy Editor2010-09-27 15:53:57 ----D---- C:\Arquivos de programas\CyberScript322010-09-17 01:15:41 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla2010-09-17 01:14:43 ----D---- C:\Arquivos de programas\Mozilla Firefox2010-09-14 23:59:05 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt2010-09-14 23:55:38 ----D---- C:\Arquivos de programas\Internet Tigo2010-09-14 02:18:18 ----D---- C:\LinhaDefensiva======List of files/folders modified in the last 1 months======2010-10-13 19:11:43 ----RD---- C:\Arquivos de programas2010-10-13 19:08:15 ----D---- C:\WINDOWS\Network Diagnostic2010-10-13 19:08:14 ----D---- C:\WINDOWS\Prefetch2010-10-13 14:43:02 ----SD---- C:\WINDOWS\Tasks2010-10-13 13:16:22 ----A---- C:\WINDOWS\KeyTube.ini2010-10-13 13:16:02 ----D---- C:\Arquivos de programas\KeepTube2010-10-12 21:55:44 ----D---- C:\WINDOWS\system32\CatRoot22010-10-12 20:21:31 ----D---- C:\WINDOWS2010-10-12 18:27:26 ----D---- C:\WINDOWS\Temp2010-10-12 18:27:24 ----AD---- C:\WINDOWS\system322010-10-12 18:27:12 ----D---- C:\Config.Msi2010-10-12 18:27:01 ----AD---- C:\WINDOWS\system32\drivers2010-10-12 13:45:46 ----A---- C:\WINDOWS\SchedLgU.Txt2010-10-12 10:05:06 ----SHD---- C:\WINDOWS\Installer2010-10-12 10:04:24 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe2010-10-12 10:04:13 ----D---- C:\Arquivos de programas\Arquivos comuns2010-10-04 23:19:48 ----A---- C:\WINDOWS\TB50.INI2010-10-04 11:50:49 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin2010-10-04 11:50:46 ----D---- C:\Arquivos de programas\GbPlugin2010-10-02 13:58:33 ----A---- C:\WINDOWS\win.ini2010-10-02 13:58:33 ----A---- C:\WINDOWS\system.ini2010-10-02 13:58:33 ----A---- C:\boot.ini2010-09-28 11:59:47 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia2010-09-28 11:57:00 ----D---- C:\Arquivos de programas\Arquivos comuns\Macromedia2010-09-28 11:55:46 ----D---- C:\Arquivos de programas\Macromedia2010-09-28 11:54:21 ----D---- C:\WINDOWS\Downloaded Installations2010-09-27 15:54:05 ----RSD---- C:\WINDOWS\Fonts2010-09-16 21:03:07 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic2010-09-16 16:27:26 ----D---- C:\WINDOWS\system32\config2010-09-16 16:27:14 ----D---- C:\WINDOWS\system32\wbem2010-09-16 16:27:13 ----D---- C:\WINDOWS\Registration2010-09-15 08:32:27 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt2010-09-14 23:56:11 ----HD---- C:\WINDOWS\inf2010-09-14 02:26:31 ----D---- C:\WINDOWS\Debug======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-08-19 21035]R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2010-04-28 54760]R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2010-06-04 1606368]R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-05-22 5082624]R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-07-28 143360]R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-28 224736]R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]R3 VMC33F;Vimicro Camera Service VMC33F; C:\WINDOWS\System32\Drivers\VMC33F.sys [2009-06-30 237952]S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 usbvideo;Dispositivo de vídeo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]S3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2009-03-16 58208]S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2010-09-29 55072]R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-07-04 153376]R2 SeaPort;SeaPort; C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]S2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2009-05-12 495700]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]S3 fsssvc;Serviço Windows Live Proteção para a Família; C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]-----------------EOF-----------------

 

 

info.txt

info.txt logfile of random's system information tool 1.06 2010-10-13 19:12:21======Uninstall list======-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activexAdobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain pluginAdobe Reader 9.4.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A94000000001}Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Arquivos de programas\FLV Player\Uninstall\uninstall.xml"Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exeAssistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}Atheros WLAN Client-->"C:\Arquivos de programas\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe" -runfromtemp -l0x040c -removeonlyCompatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}CyberScript v3.2-->"C:\Arquivos de programas\CyberScript32\unins000.exe"Discador Oi-->"C:\Arquivos de programas\OI\Oi3G\unins000.exe"Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstallIntel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstallJava(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}KeepTube-->C:\Arquivos de programas\KeepTube\uninstall.exeK-Lite Mega Codec Pack 6.3.0-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}McAfee Security Scan Plus-->"C:\Arquivos de programas\McAfee Security Scan\uninstall.exe"Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exeMicrosoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}mIRC-->"C:\Arquivos de programas\CyberScript32\CyberScript.exe" -uninstallMozilla Firefox (3.6.10)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exeMSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}Pacote de Compatibilidade para o sistema Office 2007-->MsiExec.exe /X{90120000-0020-0416-0000-0000000FF1CE}QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Arquivos de programas\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonlyRealtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x416  -removeonlyRealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}Synaptics Pointing Device Driver-->rundll32.exe "C:\Arquivos de programas\Synaptics\

 

pode analizar por favor?

 

obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia hygorsandro!

 

*Baixe o MalwareBytes'>http://www.malwarebytes.org/mbam-download.php"]MalwareBytes Anti-Malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

 

No aguardo!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.