Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
JEFFER132

Hijackthis ad-aware diz mais de 100 spy

Recommended Posts

Oi to precisando de uma ajuda passei o ad-aware ele diz que tenho mais de 100 spy o kaspersky diz que são 5 e o norton diz que são 3 alguém pode me ajudar por favor

desde já abraços

ao irmãos

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:09:39, on 7/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\qttask.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.BIN

C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Agent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071908 serial=DR12WET-8164503-SGW lang=BP

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: BrOffice.org 2.4.lnk = C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213918225218

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FA28666E-5E65-447B-B174-2012D24E54F4}: NameServer = 200.149.55.140 200.165.132.147

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Agent.exe

O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Engine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 9122 bytes

ESSE É O OUTRO LOG

StartupList report, 7/7/2008, 22:03:14

StartupList version: 1.52.2

Started from : C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.EXE

Detected: Windows XP SP3 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16674)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\qttask.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.BIN

C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Agent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\JEFFERSON\Menu Iniciar\Programas\Inicializar]

BrOffice.org 2.4.lnk = C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar]

HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SMSERIAL = sm56hlpr.exe

CorelDRAW Graphics Suite 11b = C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071908 serial=DR12WET-8164503-SGW lang=BP

Adobe Reader Speed Launcher = "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

HP Software Update = "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

HP Component Manager = "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

ISUSPM Startup = C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

ISUSScheduler = "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

QuickTime Task = "C:\WINDOWS\system32\qttask.exe" -atboottime

SunJavaUpdateSched = "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

MsnMsgr = "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

SpybotSD TeaTimer = C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

=

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *

StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Editor do Registro'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - C:\Arquivos de programas\Java\jre6\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}

(no name) - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

G-Buster Browser Defense CEF - C:\Arquivos de programas\GbPlugin\gbiehcef.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540003}

JQSIEStartDetectorImpl - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Dldrv2 Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\Dldrv.ocx

CODEBASE = http://download.gigabyte.com.tw/object/Dldrv.ocx

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\System32\Adobe\Director\SwDir.dll

CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL

CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Citrix ICA Client]

InProcServer32 = C:\Progra~1\Citrix\icaweb32\WFICA.OCX

CODEBASE = http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab

[symantec AntiVirus scanner]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll

CODEBASE = http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

[symantec RuFSI Utility Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll

CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[HpProductDetection Class]

InProcServer32 = C:\Arquivos de programas\HP\Common\HPDeviceDetection.dll

CODEBASE = http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

[MUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\muweb.dll

CODEBASE = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213918225218

[HP Download Manager]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll

CODEBASE = https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

[Java Plug-in 1.6.0_10]

InProcServer32 = C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]

CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

[Java Plug-in 1.6.0_10]

InProcServer32 = C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

[Java Plug-in 1.6.0_10]

InProcServer32 = C:\Arquivos de programas\Java\jre6\bin\npjpi160_10.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9f.ocx

CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[GbpDistObj Class]

InProcServer32 = C:\Arquivos de programas\GbPlugin\gbpdist.dll

CODEBASE = https://imagem.caixa.gov.br/cab/gbpdist.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\system32\wshbth.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Ad-Aware 2007 Service: "C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart)

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

Ambiente de suporte a redes AFD: \SystemRoot\System32\drivers\afd.sys (system)

Alerta: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)

Serviço 'Gateway de camada de aplicativo': %SystemRoot%\System32\alg.exe (manual start)

Gerenciamento de aplicativo: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)

Driver de mídia assíncrona RAS: System32\DRIVERS\asyncmac.sys (manual start)

Controlador de disco rígido padrão IDE/ESDI: System32\DRIVERS\atapi.sys (system)

Protocolo de cliente ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)

Áudio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de fragmento de código de áudio: System32\DRIVERS\audstub.sys (manual start)

Serviço de transferência inteligente de plano de fundo: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Localizador de computadores: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Serviço do Enumerador Bluetooth: System32\DRIVERS\BthEnum.sys (manual start)

Driver Serial de Comunicações Bluetooth: system32\DRIVERS\bthmodem.sys (manual start)

Bluetooth Device (Personal Area Network): system32\DRIVERS\bthpan.sys (manual start)

Driver de Porta Bluetooth: System32\Drivers\BTHport.sys (manual start)

Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart)

Driver USB de Rádio Bluetooth: System32\Drivers\BTHUSB.sys (manual start)

Driver de CD-ROM: System32\DRIVERS\cdrom.sys (system)

Serviço de indexação: %SystemRoot%\system32\cisvc.exe (manual start)

Área de armazenamento: %SystemRoot%\system32\clipsrv.exe (disabled)

.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)

Aplicativo de sistema COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Serviços de criptografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Inicializador de Processo de Servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Cliente DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de disco: System32\DRIVERS\disk.sys (system)

Serviço administrativo do gerenciador de disco lógico: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Gerenciador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

Cliente DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Configuração Automática com Fio: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Serviço de EAP (Extensible Authentication Protocol): %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)

Erro ao informar o serviço: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Log de eventos: %SystemRoot%\system32\services.exe (autostart)

Sistema de eventos COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Compatibilidade com 'Troca rápida de usuário': %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de controlador de disquete: System32\DRIVERS\fdc.sys (manual start)

VIA Rhine-Family Fast-Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)

VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: System32\DRIVERS\fetnd5.sys (manual start)

VIA Rhine Family Fast Ethernet Adapter Driver Service: System32\DRIVERS\fetnd5b.sys (manual start)

Driver de disquete: System32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Windows Presentation Foundation Font Cache 3.0.0.0: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

gdrv: \??\C:\WINDOWS\gdrv.sys (manual start)

Classificador genérico de pacotes: System32\DRIVERS\msgpc.sys (manual start)

Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Acesso a dispositivo de interface humana: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Driver de classe HID da Microsoft: System32\DRIVERS\hidusb.sys (manual start)

Serviço de Gerenciamento de Certificados e Chaves de Integridade: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)

Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)

USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

Teclado i8042 e driver de porta de mouse PS/2: System32\DRIVERS\i8042prt.sys (system)

Windows CardSpace: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)

Driver de filtro de criação de CDs: System32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)

Driver de Processador Intel: System32\DRIVERS\intelppm.sys (system)

Driver de IPv6 do Firewall do Windows: system32\drivers\ip6fw.sys (manual start)

Driver de filtro de tráfego IP: System32\DRIVERS\ipfltdrv.sys (manual start)

Driver de encapsulamento IP em IP: System32\DRIVERS\ipinip.sys (manual start)

Conversor de endereços de rede IP: System32\DRIVERS\ipnat.sys (manual start)

Driver IPSEC: System32\DRIVERS\ipsec.sys (system)

Serviço enumerador IR: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

Java Quick Starter: "C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Servidor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Estação de trabalho: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Auxiliar NetBIOS TCP/IP: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Machine Debug Manager: "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)

Mensageiro: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Compartilhamento remoto da área de trabalho do NetMeeting

: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Dispositivo de filtro de fluxo unimodem: system32\drivers\MODEMCSA.sys (manual start)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)

Redirecionador do cliente WebDav: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Coordenador de transações distribuídas: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)

Proxy de serviço de fluxo contínuo Microsoft: system32\drivers\MSKSSRV.sys (manual start)

Proxy do relógio de fluxo contínuo Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

Proxy de gerenciador de qualidade de fluxo contínuo Microsoft: system32\drivers\MSPQM.sys (manual start)

Driver de BIOS de Gerenciamento de Sistema Microsoft: System32\DRIVERS\mssmbios.sys (manual start)

Agente de Proteção de Acesso à Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver TAPI NDIS de acesso remoto: System32\DRIVERS\ndistapi.sys (manual start)

Protocolo de modo de usuário E/S em dispositivos NDIS: System32\DRIVERS\ndisuio.sys (manual start)

Driver de rede remota NDIS de acesso remoto: System32\DRIVERS\ndiswan.sys (manual start)

Interface NetBIOS: System32\DRIVERS\netbios.sys (system)

NetBios em Tcpip: System32\DRIVERS\netbt.sys (system)

DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

DSDM de DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

Logon de rede: %SystemRoot%\System32\lsass.exe (manual start)

Conexões de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Net.Tcp Port Sharing Service: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)

Reconhecimento de local da rede (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Fornecedor de suporte de segurança NT LM: %SystemRoot%\System32\lsass.exe (manual start)

Armazenamento removível: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NTSIM: \??\C:\WINDOWS\System32\ntsim.sys (manual start)

Driver de filtro de tráfego IPX: System32\DRIVERS\nwlnkflt.sys (manual start)

Driver encaminhador de tráfego IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)

Office Source Engine: "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE" (manual start)

Parallel port driver: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

PD91Agent: "C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Agent.exe" (autostart)

PD91Engine: "C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Engine.exe" (manual start)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)

Serviços IPSEC: %SystemRoot%\System32\lsass.exe (autostart)

Miniporta de rede remota (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Driver de processador: System32\DRIVERS\processr.sys (system)

Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart)

Agendador de pacotes QoS: System32\DRIVERS\psched.sys (manual start)

Driver de link paralelo direto: System32\DRIVERS\ptilink.sys (manual start)

Driver de conexão automática de acesso remoto: System32\DRIVERS\rasacd.sys (system)

Gerenciador de conexão de acesso remoto automático: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Miniporta de rede remota (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Gerenciador de conexão de acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver PPPOE de acesso remoto: System32\DRIVERS\raspppoe.sys (manual start)

Paralelo direto: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Driver redirecionador de dispositivos doTerminal Server: System32\DRIVERS\rdpdr.sys (manual start)

Gerenciador de sessão de ajuda de área de trabalho remota: C:\WINDOWS\system32\sessmgr.exe (manual start)

Driver de filtro de reprodução de áudio digital de CD: System32\DRIVERS\redbook.sys (system)

Roteamento e acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Dispositivo Bluetooth (TDI do Protocolo RFCOMM): system32\DRIVERS\rfcomm.sys (manual start)

Alocador Remote Procedure Call (RPC): %SystemRoot%\System32\locator.exe (manual start)

Chama de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start)

Gerenciador de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)

Cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)

Agendador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Logon secundário: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Notificação de eventos de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Detecção do hardware do shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

smserial: system32\DRIVERS\smserial.sys (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)

Driver de filtro de restauração do sistema: System32\DRIVERS\sr.sys (system)

Serviço de restauração do sistema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

Serviço de descoberta SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Assistente de aquisição de imagens do Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{05E95384-092F-4DF2-91D1-58BA6CD9E640} (manual start)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Logs e alertas de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de protocolo TCP/IP: System32\DRIVERS\tcpip.sys (system)

Driver de dispositivo de terminal: System32\DRIVERS\termdd.sys (system)

Serviços de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)

Cliente de rastreamento de link distribuído: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Host de dispositivo Plug and Play universal: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Sistema de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)

USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)

Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)

USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)

USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)

Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader: "C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe" (manual start)

VirtualBox Service: system32\DRIVERS\VBoxDrv.sys (system)

VirtualBox USB Monitor Driver: system32\DRIVERS\VBoxUSBMon.sys (system)

Controlador de vídeo VGA.: \SystemRoot\System32\drivers\vga.sys (system)

Filtro de barramento VIA AGP: System32\DRIVERS\viaagp.sys (system)

ViaIde: System32\DRIVERS\viaide.sys (system)

Vinyl AC'97 Audio Controller (WDM): system32\drivers\viaudios.sys (manual start)

Cópia de volume em memória: %SystemRoot%\System32\vssvc.exe (manual start)

Horário do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver ARP IP de acesso remoto: System32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

Cliente da Web: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Testador de instrumentação de gerenciam. do Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Live Setup Service: "C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe" (manual start)

Serviço de Número de Série de Mídia Portátil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Extensões de driver de instrum. gerenc. do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Adaptador de desempenho WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Serviço de Compartilhamento de Rede do Windows Media Player: "C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe" (manual start)

Central de Segurança: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Atualizações automáticas: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)

Configuração zero sem fio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Serviço de Configuração de Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = PDBoot.exe

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 39.201 bytes

Report generated in 0,500 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e poste na sua próxima resposta.

    [*]Gere e cole também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Amigo aqui vai o log do hijack mas o do kaspersky desde que li sua mensagem eu tento mas o máximo que ele chega as vezes é em 41% da analise ai trava e não sai mais disso e diz que encontrou 2 objected infected

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 01:52:25, on 13/7/2008

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Boot mode: Normal

    Windows folder: C:\WINDOWS

    System folder: C:\WINDOWS\SYSTEM32

    Hosts file: C:\WINDOWS\System32\drivers\etc\hosts

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\wltrysvc.exe

    C:\WINDOWS\System32\bcmwltry.exe

    C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\Explorer.EXE

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\sm56hlpr.exe

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

    C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

    C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

    C:\WINDOWS\system32\qttask.exe

    C:\Arquivos de programas\Java\jre6\bin\jusched.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.exe

    C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.BIN

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Agent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A)

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll (filesize 214272 bytes, MD5 EE1456457E0F2DAE6F91DB9AEA83F394)

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll (filesize 1554256 bytes, MD5 5248E02EFBCB64D328647CD00E384B85)

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (filesize 320920 bytes, MD5 158CC7B202369F57C0D6AC791603C821)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 328752 bytes, MD5 59CF5BF6684AFCF906CADAD39B4214DE)

    O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (filesize 366672 bytes, MD5 285176E4BC7D6778D9740E69BC584302)

    O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (filesize 368032 bytes, MD5 7B175796380360B0AE0D020C330F2045)

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 73728 bytes, MD5 07AD0531D91009B93CAAA3363C9778D4)

    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll (filesize 457848 bytes, MD5 864B6D12D62E5A907721825EA6811C39)

    O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe (filesize 544768 bytes, MD5 7EE0D1E8033C05F22CCED0F06FDE1CFF)

    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071908 serial=DR12WET-8164503-SGW lang=BP

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" (filesize 39792 bytes, MD5 8B9145D229D4E89D15ACB820D4A3A90F)

    O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe" (filesize 49152 bytes, MD5 4FEA5B94C6A96860620A62E4A19BD07D)

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" (filesize 241664 bytes, MD5 F5F1A8CDD473D55F9BF6FE23F715B0FA)

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (filesize 221184 bytes, MD5 053D8D245118BEA6E21E1812871F67BA)

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start (filesize 81920 bytes, MD5 51F3C4FBEEF66CEBA7ABE43F4F5C1B69)

    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime (filesize 98304 bytes, MD5 76A3A30B58405C2C6D833895253A51A9)

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" (filesize 136600 bytes, MD5 144D049641EEE22305502E15454206BA)

    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp (filesize 33280 bytes, MD5 E715412E47D20EB0EBF77B65F9157343)

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY (filesize 647272 bytes, MD5 E06B0348867FE3E741CBC2C814ACBB88)

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background (filesize 5724184 bytes, MD5 359D9CA4A9E7A4787CA6BC77644A5CCD)

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Startup: BrOffice.org 2.4.lnk = C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe (filesize 393216 bytes, MD5 F5CECCFE0CF964B209DCAB226D4C1DE3)

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe (filesize 237568 bytes, MD5 DA6B945E561B1D1DA67663BB45B4B868)

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL (filesize 63840 bytes, MD5 22BDC1E6E606C9BAE68141D7099309AB)

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll (filesize 1554256 bytes, MD5 5248E02EFBCB64D328647CD00E384B85)

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll (filesize 1554256 bytes, MD5 5248E02EFBCB64D328647CD00E384B85)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 EFF5E5CCA31672BD00AF87D170590AFB)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 EFF5E5CCA31672BD00AF87D170590AFB)

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213918225218

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA28666E-5E65-447B-B174-2012D24E54F4}: NameServer = 200.149.55.140 200.165.132.147

    O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dllC:\Arquivos de programas\GbPlugin\gbiehcef.dll

    O20 - Winlogon Notify: GbPluginUni - C:\WINDOWS\Downloaded Program Files\gbiehuni.dllC:\WINDOWS\Downloaded Program Files\gbiehuni.dll

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (filesize 201984 bytes, MD5 734400F6A5733D7FF9627F70F99D9210)

    O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (filesize 201984 bytes, MD5 734400F6A5733D7FF9627F70F99D9210)

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exeC:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exeC:\Arquivos de programas\Java\jre6\bin\jqs.exe

    O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Agent.exeC:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Agent.exe

    O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Engine.exeC:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Engine.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\wltrysvc.exe

    --

    End of file - 12775 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Vamos tentar outro scan.

    Clique AQUI para ser efetuado um online scan no Clipboard06.jpg ActiveScan

    • Quando estiver no site da Panda, clique no botão 33ptol3.gif
    • Uma nova janela será aberta:
    • Selecione o seu País
    • Coloque o seu Distrito/região
    • Coloque o seu E-mail válido e clique em send
    • Selecione Utilizador em casa ou Empresa
    • Clique no botão buttoninijf4.gif
    • Se aparecer uma janela perguntando para instalar um componente ActiveX, aceite
    • Começará o download dos arquivos necessários para o scan ser efetuado. (Nota: Poderá demorar alguns minutos. Seja paciente)
    • Quando o download estiver completo, clique em pandamycomputer.gif para iniciar o scan
    • Quando o scan terminar, e caso sejam detectados arquivos maliciosos, clique no botão pandaseereport.gif, depois em pandasavereport.gif e salve esse resultado no seu PC.
    • Na sua próxima resposta, gere e cole um novo log do HijackThis e o resultado do Panda ActiveScan

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Amigo este é o log do panda

    ;***********************************************************************************************************************************************************************************

    ANALYSIS: 2008-07-18 05:59:50

    PROTECTIONS: 0

    MALWARE: 14

    SUSPECTS: 0

    ;***********************************************************************************************************************************************************************************

    PROTECTIONS

    Description Version Active Updated

    ;===================================================================================================================================================================================

    ;===================================================================================================================================================================================

    MALWARE

    Id Description Type Active Severity Disinfectable Disinfected Location

    ;===================================================================================================================================================================================

    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@doubleclick[1].txt

    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@atdmt[2].txt

    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@tribalfusion[2].txt

    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@mediaplex[1].txt

    00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@ccbill[1].txt

    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@xiti[1].txt

    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@apmebf[1].txt

    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@serving-sys[2].txt

    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@bs.serving-sys[1].txt

    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@fl01.ct2.comclick[2].txt

    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@statse.webtrendslive[2].txt

    00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@ig.com[1].txt

    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\JEFFERSON\Cookies\jefferson@overture[2].txt

    03296052 Adware/WebSearch Adware No 0 No No C:\Documents and Settings\JEFFERSON\Configurações locais\Temp\45.tmp[ActivationManager.dll]

    03296052 Adware/WebSearch Adware No 0 Yes No C:\System Volume Information\_restore{CC9482EA-1497-4FB2-9258-D7B71E0F27D1}\RP184\A0019639.dll

    ;===================================================================================================================================================================================

    SUSPECTS

    Sent Location

    ;===================================================================================================================================================================================

    ;===================================================================================================================================================================================

    VULNERABILITIES

    Id Severity Description

    ;===================================================================================================================================================================================

    ;===================================================================================================================================================================================

    e esse é o log do hijack

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 06:02:14, on 18/7/2008

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\wltrysvc.exe

    C:\WINDOWS\System32\bcmwltry.exe

    C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\Explorer.EXE

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\sm56hlpr.exe

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

    C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

    C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

    C:\WINDOWS\system32\qttask.exe

    C:\Arquivos de programas\Java\jre6\bin\jusched.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.exe

    C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.BIN

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Agent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\System32\alg.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

    O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

    O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071908 serial=DR12WET-8164503-SGW lang=BP

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Startup: BrOffice.org 2.4.lnk = C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213918225218

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA28666E-5E65-447B-B174-2012D24E54F4}: NameServer = 200.149.55.140 200.165.132.147

    O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

    O20 - Winlogon Notify: GbPluginUni - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Agent.exe

    O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Engine.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --

    End of file - 10429 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixe o ATF-Cleaner.

    • Clique em ATF-Cleaner.exe .
    • Em "Select Files To Delete", marque Select All.
    • Clique em Empty Selected.
    • Na janela Done Cleaning dê o OK e Exit.

    Atenção: Se utiliza o Firefox:

    • No topo clique em Firefox e escolha: Select All
    • Depois, clique em Empty Selected.

    Atenção: Se utiliza o Opera:

    • No topo clique em Opera e escolha: Select All
    • Depois, clique em Empty Selected.

    Parabéns, seu log está limpo.

    Desative e reative a Restauração do Sistema

    Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

    Algum problema com o computador?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×