[Arquivado] Virus não permite executar anti-virus

[Lia Sergia 0]

Olha eu aqui de novo, tentando dar jeito nesse micro da minha mãe.

 

Ela pegou um virus aqui, e acho que foi pelo msn. Quando estou online, e ela se conecta desta máquina, sempre fico recebendo mensagens como se fosse ela me enviando um arquivo, mas sempre com um texto em espanhol.

 

Tentei executar o bankerfix, e ele não rodou. Fui ver se o AVG estava sendo passado regularmente, e descobri que ele não pode ser ativado. Se eu tento rodar o HijackThis, ele não executa. Se eu tento iniciar em modo de segurança, quando está perto de finalizar a iniciação, ele reinicia sozinho a máquina em modo normal.

 

Gente... não sei mais como proceder.

 

Alguma idéia pra me ajudar?

 

Abraço!

Lia Sérgia.

[PedroN 1]

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrirá a janela Auto Scan. Aguarde!

- Digite a opção para continuar! >> Enter

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste o relatório: C:\ComboFix.txt

[Lia Sergia 0]

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrirá a janela Auto Scan. Aguarde!

- Digite a opção para continuar! >> Enter

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste o relatório: C:\ComboFix.txt

 

 

O firewall aqui já é desativado normalmente. O Antivirus está desabilitado, mas o link não funciona ou algo o bloqueia. Não consigo baixar o combofix. Tem outro endereço que eu possa tentar?

[PedroN 1]

Tente por esse link:

 

http://rapidshare.com/files/152563349/ComboFix.exe.html

[Lia Sergia 0]

Consegui baixar, mas, como já esperava, ele não executa.

E continua não iniciando o modo de segurança... Aliás, nem o prompt de comando, quando tento abrir pelo Windows, ele abre. Está complicado.

 

Acho que o jeito vai ser formatar.... :(

[PedroN 1]

-------------------------

<@> BAIXE: < Kaspersky Virus Removal Tool >

-------------------------

<@> Faça o download da atualização mais recente! <-- Observe as datas!

<@> Salve-o em Arquivos de Programas!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Execute a ferramenta,com um duplo-clique,em seu executável.

<@> Abrir-se-á,a seguinte janela:

 

 

<@> Na opção: Manual Cure,marque todas as caixas e clique em Scan.

<@> Terminando o scan,copie e poste o relatório.

[Lia Sergia 0]

Vou baixar e tentar executar. Mas, como eu disse nas postagens anteriores, o computador NÃO está iniciando em modo de segurança. O vírus não deixa. Antes de completar a inicialização, ele dá reboot.

 

Assim que baixar eu posto aqui de novo pra dizer o resultado.

[Lia Sergia 0]

Pensando melhor... vou baixar o arquivo, mas não vou tentar executar até você me dizer que isso pode ser feito sem o computador estar em modo seguro. Do contrário, no way. Não tem "reza forte" que faça esse bicho iniciar em modo seguro. :(

[PedroN 1]

O procedimento acima pode ser feito em modo normal ;)

[Lia Sergia 0]

Como costuma dizer uma moça lá da faculdade: "Tô garrando um ódio desse vírus!!!"

 

Seguinte... Baixei, executei. Você disse que era pra marcar todas as opções em "manual cure", mas nessa aba não havia qualquer opção pra ser marcada. Marquei as opções em Automatic Scan e cliquei em "scan". Durante 3 horas ele só havia scaneado 51%, quando, de repente, o micro reiniciou sozinho.

 

Antes dele reiniciar, ele tinha detectado e removido 19 trojans. :blink:o.O (Cara... queria muito saber o que minha mãe faz nesse micro.. <_<:S ) Acho que, nesse caso, o scan anterior é todo perdido, não é?

 

Bom, recomecei do zero, mas dei um print só pra você ver o que acontece com o AVG e se estou marcando no lugar certo.

 

Daqui umas 10 horas, se esse bicho completar o scan, eu volto.

 

Segue o print:

 

[PedroN 1]

Faça o download do SafeBootKeyRepair

http://download.bleepingcomputer.com/sUBs/...otKeyRepair.exe

 

◘ Rode a ferramenta.

◘ Quando a ferramenta terminar, gerará um log C:\SafeBoot_Repair.txt

◘ Na sua próxima resposta cole o conteúdo desse log, juntamente com um novo log do HijackThis.

◘ Informe também o estado do seu PC e se já consegue entrar em Modo Seguro.

 

Abraço,

[Lia Sergia 0]

Consegui rodar o Kaspersky até o fim. Ele não pôde remover um dos problemas encontrados. Achei o log extenso... mas vou copiar aqui assim mesmo. Espero que seja este e que sirva.

 

Me diga, depois que olhar isso, se devo executar ainda a ferramenta acima.

 

Por enquanto, ele não está iniciando em modo seguro e continua apresetando os mesmos problemas. O virus está ativo.

 

Results of system analysis

Kaspersky Virus Removal Tool 7.0.0.242 (database released 11/10/2008; 02:02)

 

List of processes

File name PID Description Copyright MD5 Information

c:\arquiv~1\avg\avg8\avgtray.exe

Script: Quarantine, Delete, BC delete, Terminate 208 AVG Tray Monitor Copyright © 2008 AVG Technologies CZ, s.r.o. ?? 1205.77 kb, rsAh,

created: 2/10/2008 16:17:16,

modified: 2/10/2008 16:17:16

Command line:

"C:\ARQUIV~1\AVG\AVG8\avgtray.exe"

c:\windows\explorer.exe

Script: Quarantine, Delete, BC delete, Terminate 1796 Windows Explorer © Microsoft Corporation. Todos os direitos reservados. ?? 1011.00 kb, rsAh,

created: 4/8/2004 00:45:34,

modified: 13/6/2007 10:21:56

Command line:

C:\WINDOWS\Explorer.EXE

c:\arquiv~1\gbplugin\gbpsv.exe

Script: Quarantine, Delete, BC delete, Terminate 1848 G-Buster Browser Defense - Service Copyright © 2003-2008, G-Buster Browser Defense ?? 45.32 kb, rsAh,

created: 13/3/2008 14:27:18,

modified: 15/4/2008 09:37:00

Command line:

C:\ARQUIV~1\GbPlugin\GbpSv.exe

c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe

Script: Quarantine, Delete, BC delete, Terminate 200 InstallShield Update Service Scheduler Copyright © 1990-2004 InstallShield Software Corporation ?? 80.00 kb, rsAh,

created: 19/9/2003 13:26:10,

modified: 9/8/2004 05:03:38

Command line:

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

c:\arquivos de programas\java\jre1.6.0_07\bin\jusched.exe

Script: Quarantine, Delete, BC delete, Terminate 156 Java Platform SE binary Copyright © 2004 ?? 141.39 kb, rsAh,

created: 22/8/2008 19:12:57,

modified: 10/6/2008 04:27:04

Command line:

"C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

c:\arquivos de programas\msn messenger\msnmsgr.exe

Script: Quarantine, Delete, BC delete, Terminate 236 Messenger Copyright © Microsoft Corporation. All rights reserved. ?? 5541.36 kb, rsAh,

created: 19/1/2007 12:54:34,

modified: 19/1/2007 12:54:34

Command line:

"C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

c:\windows\system32\spoolsv.exe

Script: Quarantine, Delete, BC delete, Terminate 1964 Spooler SubSystem App © Microsoft Corporation. All rights reserved. ?? 56.50 kb, rsAh,

created: 4/8/2004 00:45:44,

modified: 10/6/2005 20:53:32

Command line:

C:\WINDOWS\system32\spoolsv.exe

c:\windows\system32\symldsm.exe

Script: Quarantine, Delete, BC delete, Terminate 1804 Symantec Security Systems ?? ?,68.00 kb, RSaH,

created: 7/10/2008 15:28:32,

modified: 7/10/2008 10:43:14

Command line:

"C:\WINDOWS\system32\symldsm.exe"

c:\windows\system32\winlogon.exe

Script: Quarantine, Delete, BC delete, Terminate 660 Aplicativo de logon do Windows NT © Microsoft Corporation. Todos os direitos reservados. ?? 492.50 kb, rsAh,

created: 4/8/2004 00:45:46,

modified: 4/8/2004 00:45:46

Command line:

winlogon.exe

Detected:28, recognized as trusted 22

Module name Handle Description Copyright MD5 Used by processes

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

Script: Quarantine, Delete, BC delete 4194304 InstallShield Update Service Scheduler Copyright © 1990-2004 InstallShield Software Corporation ?? 200

C:\Arquivos de programas\AVG\AVG8\avgcfgx.dll

Script: Quarantine, Delete, BC delete 11862016 AVG Configuration Module Copyright © 2008 AVG Technologies CZ, s.r.o. -- 208

C:\Arquivos de programas\AVG\AVG8\avglngx.dll

Script: Quarantine, Delete, BC delete 12517376 AVG Language Module Copyright © 2008 AVG Technologies CZ, s.r.o. -- 208

C:\Arquivos de programas\AVG\AVG8\avglogx.dll

Script: Quarantine, Delete, BC delete 268435456 AVG Logging Library Copyright © 2008 AVG Technologies CZ, s.r.o. -- 208

C:\Arquivos de programas\AVG\AVG8\avgsrmx.dll

Script: Quarantine, Delete, BC delete 12910592 AVG Scan Result Manager Module Copyright © 2008 AVG Technologies CZ, s.r.o. -- 208

C:\Arquivos de programas\AVG\AVG8\AVGUIRES.DLL

Script: Quarantine, Delete, BC delete 14221312 AVG User Interface Resource Library Copyright © 2008 AVG Technologies CZ, s.r.o. -- 208

C:\Arquivos de programas\AVG\AVG8\avgvvx.dll

Script: Quarantine, Delete, BC delete 13369344 AVG Virus Vault Module Copyright © 2008 AVG Technologies CZ, s.r.o. -- 208

C:\Arquivos de programas\Haali\MatroskaSplitter\mkunicode.dll

Script: Quarantine, Delete, BC delete 39911424 -- 1796

C:\Arquivos de programas\Haali\MatroskaSplitter\mmfinfo.dll

Script: Quarantine, Delete, BC delete 39845888 -- 1796

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

Script: Quarantine, Delete, BC delete 4194304 Java Platform SE binary Copyright © 2004 ?? 156

C:\Arquivos de programas\Messenger Plus! Live\Detoured.dll

Script: Quarantine, Delete, BC delete 251658240 -- 236

C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll

Script: Quarantine, Delete, BC delete 671088640 Messenger Plus! Live Add-On Copyright © 2001-2007 Patchou -- 236

C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLiveRes.dll

Script: Quarantine, Delete, BC delete 687865856 Messenger Plus! Live Resources Copyright © 2001-2007 Patchou -- 236

C:\Arquivos de programas\MSN Messenger\lcres.dll

Script: Quarantine, Delete, BC delete 2047868928 LC Resource DLL © Microsoft Corporation. All rights reserved. -- 236

C:\Arquivos de programas\MSN Messenger\msgslang.8.1.0178.00.dll

Script: Quarantine, Delete, BC delete 1496317952 Messenger Language Specific Resources Copyright © Microsoft Corporation. Todos os direitos reservados. -- 236

C:\Arquivos de programas\MSN Messenger\MSIMG32.dll

Script: Quarantine, Delete, BC delete 637534208 Loader for Messenger Plus! Live Copyright © 2001-2007 Patchou -- 236

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

Script: Quarantine, Delete, BC delete 4194304 Messenger Copyright © Microsoft Corporation. All rights reserved. ?? 236

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

Script: Quarantine, Delete, BC delete 4194304 AVG Tray Monitor Copyright © 2008 AVG Technologies CZ, s.r.o. ?? 208

C:\ARQUIV~1\GBPLUGIN\gbieh.dll

Script: Quarantine, Delete, BC delete 268435456 Gbieh Module Copyright © 2003-2007, Banco do Brasil -- 1796, 660

C:\ARQUIV~1\GbPlugin\GbpSv.exe

Script: Quarantine, Delete, BC delete 4194304 G-Buster Browser Defense - Service Copyright © 2003-2008, G-Buster Browser Defense ?? 1848

C:\ARQUIV~1\MSNMES~1\MSGSC8~1.DLL

Script: Quarantine, Delete, BC delete 1493172224 MSN Messenger Service Copyright © Microsoft Corporation. All rights reserved. -- 236

C:\WINDOWS\system32\sc0cLMON.DLL

Script: Quarantine, Delete, BC delete 268435456 SHARP AL-1200(USB) series Language Monitor Copyright © 2002 SHARP Corporation. -- 1964

C:\WINDOWS\system32\symldsm.exe

Script: Quarantine, Delete, BC delete 34275328 Symantec Security Systems ?? 1804

C:\WINDOWS\system32\WgaLogon.dll

Script: Quarantine, Delete, BC delete 22740992 Notificaзхes do Programa de Vantagens do Windows Original © 1995-2007 Microsoft Corporation -- 660

Modules detected:346, recognized as trusted 322

 

Kernel Space Modules Viewer

Module Base address Size in memory Description Manufacturer

C:\WINDOWS\System32\Drivers\avgldx86.sys

Script: Quarantine, Delete, BC delete EE9A6000 017000 (94208) AVG AVI Loader Driver Copyright © 2008 AVG Technologies CZ, s.r.o.

C:\WINDOWS\System32\Drivers\avgmfx86.sys

Script: Quarantine, Delete, BC delete F7B3D000 005000 (20480) AVG Resident Shield Minifilter Driver Copyright © 2008 AVG Technologies CZ, s.r.o.

C:\WINDOWS\System32\Drivers\avgtdix.sys

Script: Quarantine, Delete, BC delete F429A000 011000 (69632) AVG Network connection watcher Copyright © 2008 AVG Technologies CZ, s.r.o.

C:\WINDOWS\System32\Drivers\dump_atapi.sys

Script: Quarantine, Delete, BC delete EE98E000 018000 (98304)

C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Script: Quarantine, Delete, BC delete F7DF9000 002000 (8192)

C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

Script: Quarantine, Delete, BC delete F7B35000 005000 (20480) ElbyCD Windows NT/2000/XP I/O driver Copyright © 2000 - 2007 Elaborate Bytes AG

C:\WINDOWS\System32\Drivers\ElbyDelay.sys

Script: Quarantine, Delete, BC delete F7DAD000 002000 (8192) Elby Delay Lower Filter Driver Copyright © 2003 - 2006 Elaborate Bytes AG

C:\WINDOWS\system32\DRIVERS\hamachi.sys

Script: Quarantine, Delete, BC delete F7C25000 005000 (20480) Hamachi Virtual Network Interface Driver © LogMeIn, Inc. 2004-2007

C:\WINDOWS\system32\Drivers\PROCEXP90.SYS

Script: Quarantine, Delete, BC delete F7DE7000 002000 (8192)

Modules detected - 120, recognized as trusted - 111

 

Services

Service Description Status File Group Dependencies

GbpSv

Service: Stop, Delete, Disable Gbp Service Running C:\ARQUIV~1\GbPlugin\GbpSv.exe

Script: Quarantine, Delete, BC delete GbPlugin Group

Adobe LM Service

Service: Stop, Delete, Disable Adobe LM Service Not started C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

Script: Quarantine, Delete, BC delete

avg8emc

Service: Stop, Delete, Disable AVG8 E-mail Scanner Not started C:\ARQUIV~1\AVG\AVG8\avgemc.exe

Script: Quarantine, Delete, BC delete RPCSS

avg8wd

Service: Stop, Delete, Disable AVG8 WatchDog Not started C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

Script: Quarantine, Delete, BC delete

Detected - 86, recognized as trusted - 82

 

Drivers

Service Description Status File Group Dependencies

AvgLdx86

Driver: Unload, Delete, Disable AVG AVI Loader Driver x86 Running C:\WINDOWS\System32\Drivers\avgldx86.sys

Script: Quarantine, Delete, BC delete AVG

AvgMfx86

Driver: Unload, Delete, Disable AVG On-access Scanner Minifilter Driver x86 Running C:\WINDOWS\System32\Drivers\avgmfx86.sys

Script: Quarantine, Delete, BC delete AVG

AvgTdiX

Driver: Unload, Delete, Disable AVG8 Network Redirector Running C:\WINDOWS\System32\Drivers\avgtdix.sys

Script: Quarantine, Delete, BC delete

ElbyCDIO

Driver: Unload, Delete, Disable ElbyCDIO Driver Running C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

Script: Quarantine, Delete, BC delete

ElbyDelay

Driver: Unload, Delete, Disable ElbyDelay Running C:\WINDOWS\system32\Drivers\ElbyDelay.sys

Script: Quarantine, Delete, BC delete

hamachi

Driver: Unload, Delete, Disable Hamachi Network Interface Running C:\WINDOWS\system32\DRIVERS\hamachi.sys

Script: Quarantine, Delete, BC delete NDIS

Abiosdsk

Driver: Unload, Delete, Disable Abiosdsk Not started Abiosdsk.sys

Script: Quarantine, Delete, BC delete Primary disk

abp480n5

Driver: Unload, Delete, Disable abp480n5 Not started abp480n5.sys

Script: Quarantine, Delete, BC delete SCSI miniport

adpu160m

Driver: Unload, Delete, Disable adpu160m Not started adpu160m.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Aha154x

Driver: Unload, Delete, Disable Aha154x Not started Aha154x.sys

Script: Quarantine, Delete, BC delete SCSI miniport

aic78u2

Driver: Unload, Delete, Disable aic78u2 Not started aic78u2.sys

Script: Quarantine, Delete, BC delete SCSI miniport

aic78xx

Driver: Unload, Delete, Disable aic78xx Not started aic78xx.sys

Script: Quarantine, Delete, BC delete SCSI miniport

AliIde

Driver: Unload, Delete, Disable AliIde Not started AliIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

amsint

Driver: Unload, Delete, Disable amsint Not started amsint.sys

Script: Quarantine, Delete, BC delete SCSI miniport

asc

Driver: Unload, Delete, Disable asc Not started asc.sys

Script: Quarantine, Delete, BC delete SCSI miniport

asc3350p

Driver: Unload, Delete, Disable asc3350p Not started asc3350p.sys

Script: Quarantine, Delete, BC delete SCSI miniport

asc3550

Driver: Unload, Delete, Disable asc3550 Not started asc3550.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Atdisk

Driver: Unload, Delete, Disable Atdisk Not started Atdisk.sys

Script: Quarantine, Delete, BC delete Primary disk

cd20xrnt

Driver: Unload, Delete, Disable cd20xrnt Not started cd20xrnt.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Changer

Driver: Unload, Delete, Disable Changer Not started Changer.sys

Script: Quarantine, Delete, BC delete Filter

CmdIde

Driver: Unload, Delete, Disable CmdIde Not started CmdIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

Cpqarray

Driver: Unload, Delete, Disable Cpqarray Not started Cpqarray.sys

Script: Quarantine, Delete, BC delete SCSI miniport

dac960nt

Driver: Unload, Delete, Disable dac960nt Not started dac960nt.sys

Script: Quarantine, Delete, BC delete SCSI miniport

dpti2o

Driver: Unload, Delete, Disable dpti2o Not started dpti2o.sys

Script: Quarantine, Delete, BC delete SCSI miniport

hpn

Driver: Unload, Delete, Disable hpn Not started hpn.sys

Script: Quarantine, Delete, BC delete SCSI miniport

i2omgmt

Driver: Unload, Delete, Disable i2omgmt Not started i2omgmt.sys

Script: Quarantine, Delete, BC delete SCSI Class

i2omp

Driver: Unload, Delete, Disable i2omp Not started i2omp.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ini910u

Driver: Unload, Delete, Disable ini910u Not started ini910u.sys

Script: Quarantine, Delete, BC delete SCSI miniport

IntelIde

Driver: Unload, Delete, Disable IntelIde Not started IntelIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

lbrtfdc

Driver: Unload, Delete, Disable lbrtfdc Not started lbrtfdc.sys

Script: Quarantine, Delete, BC delete System Bus Extender

mraid35x

Driver: Unload, Delete, Disable mraid35x Not started mraid35x.sys

Script: Quarantine, Delete, BC delete SCSI miniport

PCIDump

Driver: Unload, Delete, Disable PCIDump Not started PCIDump.sys

Script: Quarantine, Delete, BC delete PCI Configuration

PDCOMP

Driver: Unload, Delete, Disable PDCOMP Not started PDCOMP.sys

Script: Quarantine, Delete, BC delete

PDFRAME

Driver: Unload, Delete, Disable PDFRAME Not started PDFRAME.sys

Script: Quarantine, Delete, BC delete

PDRELI

Driver: Unload, Delete, Disable PDRELI Not started PDRELI.sys

Script: Quarantine, Delete, BC delete

PDRFRAME

Driver: Unload, Delete, Disable PDRFRAME Not started PDRFRAME.sys

Script: Quarantine, Delete, BC delete

perc2

Driver: Unload, Delete, Disable perc2 Not started perc2.sys

Script: Quarantine, Delete, BC delete SCSI miniport

perc2hib

Driver: Unload, Delete, Disable perc2hib Not started perc2hib.sys

Script: Quarantine, Delete, BC delete Filter

ql1080

Driver: Unload, Delete, Disable ql1080 Not started ql1080.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Ql10wnt

Driver: Unload, Delete, Disable Ql10wnt Not started Ql10wnt.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ql12160

Driver: Unload, Delete, Disable ql12160 Not started ql12160.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ql1240

Driver: Unload, Delete, Disable ql1240 Not started ql1240.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ql1280

Driver: Unload, Delete, Disable ql1280 Not started ql1280.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Simbad

Driver: Unload, Delete, Disable Simbad Not started Simbad.sys

Script: Quarantine, Delete, BC delete Filter

Sparrow

Driver: Unload, Delete, Disable Sparrow Not started Sparrow.sys

Script: Quarantine, Delete, BC delete SCSI miniport

sym_hi

Driver: Unload, Delete, Disable sym_hi Not started sym_hi.sys

Script: Quarantine, Delete, BC delete SCSI miniport

sym_u3

Driver: Unload, Delete, Disable sym_u3 Not started sym_u3.sys

Script: Quarantine, Delete, BC delete SCSI miniport

symc810

Driver: Unload, Delete, Disable symc810 Not started symc810.sys

Script: Quarantine, Delete, BC delete SCSI miniport

symc8xx

Driver: Unload, Delete, Disable symc8xx Not started symc8xx.sys

Script: Quarantine, Delete, BC delete SCSI miniport

TosIde

Driver: Unload, Delete, Disable TosIde Not started TosIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

ultra

Driver: Unload, Delete, Disable ultra Not started ultra.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ViaIde

Driver: Unload, Delete, Disable ViaIde Not started ViaIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

WDICA

Driver: Unload, Delete, Disable WDICA Not started WDICA.sys

Script: Quarantine, Delete, BC delete

XDva033

Driver: Unload, Delete, Disable XDva033 Not started XDva033.sys

Script: Quarantine, Delete, BC delete

XDva074

Driver: Unload, Delete, Disable XDva074 Not started XDva074.sys

Script: Quarantine, Delete, BC delete

XDva095

Driver: Unload, Delete, Disable XDva095 Not started XDva095.sys

Script: Quarantine, Delete, BC delete

XDva120

Driver: Unload, Delete, Disable XDva120 Not started XDva120.sys

Script: Quarantine, Delete, BC delete

XDva168

Driver: Unload, Delete, Disable XDva168 Not started C:\WINDOWS\system32\XDva168.sys

Script: Quarantine, Delete, BC delete

Detected - 191, recognized as trusted - 133

 

Autoruns

File name Status Startup method Description

Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator, Application path

C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, ISUSPM Startup

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, AVG8_TRAY

C:\ARQUIV~1\GBPLUGIN\gbieh.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {E37CB5F0-51F5-4395-A808-5FA49E399F83}

C:\ARQUIV~1\GBPLUGIN\gbieh.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb, DLLName

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, ISUSScheduler

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, googletalk

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SunJavaUpdateSched

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_USERS, S-1-5-21-854245398-1644491937-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run, msnmsgr

C:\Arquivos de programas\QuickTime\qttask.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, QuickTime Task

C:\WINDOWS\system32\symldsm.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Symantec Drive Maintenance

WgaLogon.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon, DLLName

Autoruns items detected - 64, recognized as trusted - 52

 

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name Type Description Manufacturer CLSID

C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

Script: Quarantine, Delete, BC delete BHO {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Delete

C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

Script: Quarantine, Delete, BC delete BHO Skype add-on for IE © Skype Technologies. All rights reserved. {22BF413B-C6D2-4d91-82A9-A0F997BA588C}

Delete

C:\Arquivos de programas\AVG\AVG8\avgssie.dll

Script: Quarantine, Delete, BC delete BHO Safe Search for Internet Explorer Copyright © 2008 AVG Technologies CZ, s.r.o. {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Delete

C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

Script: Quarantine, Delete, BC delete BHO Java Platform SE binary Copyright © 2004 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Delete

BHO {7E853D72-626A-48EC-A868-BA8D5E23E045}

Delete

C:\ARQUIV~1\GBPLUGIN\gbieh.dll

Script: Quarantine, Delete, BC delete BHO Gbieh Module Copyright © 2003-2007, Banco do Brasil {C41A1C0E-EA6C-11D4-B1B8-444553540000}

Delete

C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

Script: Quarantine, Delete, BC delete Extension module Java Platform SE binary Copyright © 2004 {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Delete

C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

Script: Quarantine, Delete, BC delete Extension module Skype add-on for IE © Skype Technologies. All rights reserved. {77BF5300-1474-4EC7-9980-D32B190E9B07}

Delete

C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

Script: Quarantine, Delete, BC delete Extension module Skype add-on for IE © Skype Technologies. All rights reserved. {92780B25-18CC-41C8-B9BE-3C9C571A8263}

Delete

C:\Arquivos de programas\Messenger\msmsgs.exe

Script: Quarantine, Delete, BC delete Extension module {FB5F1910-F110-11d2-BB9E-00C04F795683}

Delete

Elements detected - 11, recognized as trusted - 1

 

Windows Explorer extension modules

File name Destination Description Manufacturer CLSID

deskpan.dll

Script: Quarantine, Delete, BC delete Extensгo do 'Painel de controle' para panorвmica de vнdeo {42071714-76d4-11d1-8b24-00a0c9068ff3}

Extensхes do shell para compactaзгo de arquivos {764BF0E1-F219-11ce-972D-00AA00A14F56}

Menu de contexto de criptografia {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}

Barra de tarefas e menu Iniciar {0DF44EAA-FF21-4412-828E-260A8728E7F1}

rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}

Script: Quarantine, Delete, BC delete Autoplay for SlideShow {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}

Contas de usuбrio {7A9D77BD-5403-11d2-8785-2E0420524153}

C:\ARQUIV~1\MICROS~2\OFFICE11\MLSHEXT.DLL

Script: Quarantine, Delete, BC delete Microsoft Office Outlook Desktop Icon Handler Microsoft Shell Extension Library Copyright © 1995-2003 Microsoft Corporation. Todos os direitos reservados. {00020D75-0000-0000-C000-000000000046}

C:\ARQUIV~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

Script: Quarantine, Delete, BC delete Microsoft Office Outlook Custom Icon Handler Outlook Shell Hook for Start/Find Copyright © 1995-2003 Microsoft Corporation. Todos os direitos reservados. {0006F045-0000-0000-C000-000000000046}

C:\Arquivos de programas\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll

Script: Quarantine, Delete, BC delete Componente da extensгo do shell do CorelDRAW Shell Extension DLL Copyright© 2002 Corel Corporation. {4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}

CorelDRAW Shell Extension Component

C:\Arquivos de programas\AVG\AVG8\avgse.dll

Script: Quarantine, Delete, BC delete AVG8 Shell Extension AVG Shell Extension Copyright © 2008 AVG Technologies CZ, s.r.o. {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

AVG8 Find Extension {9F97547E-460A-42C5-AE0C-81C61FFAEBC3}

C:\Arquivos de programas\Haali\MatroskaSplitter\mmfinfo.dll

Script: Quarantine, Delete, BC delete Haali Column Provider {0561EC90-CE54-4f0c-9C55-E226110A740C}

Haali Matroska Thumbnail Exctractor {E4D8441D-F89C-4b5c-90AC-A857E1768F1F}

C:\ARQUIV~1\GBPLUGIN\gbieh.dll

Script: Quarantine, Delete, BC delete GbPlugin ShlObj Gbieh Module Copyright © 2003-2007, Banco do Brasil {E37CB5F0-51F5-4395-A808-5FA49E399F83}

Elements detected - 201, recognized as trusted - 186

 

Printing system extensions (print monitors, providers)

File name Type Name Description Manufacturer

C:\WINDOWS\system32\sc0cLMON.DLL

Script: Quarantine, Delete, BC delete Monitor SHARP AL-1200(USB) series Language Monitor SHARP AL-1200(USB) series Language Monitor Copyright © 2002 SHARP Corporation.

Elements detected - 10, recognized as trusted - 9

 

Task Scheduler jobs

File name Job name Job status Description Manufacturer

Elements detected - 0, recognized as trusted - 0

 

SPI/LSP settings

Namespace providers (NSP) Manufacturer Status EXE file Description GUID

Detected - 3, recognized as trusted - 3

Transport protocol providers (TSP, LSP) Manufacturer EXE file Description

Detected - 23, recognized as trusted - 23

Results of automatic SPI settings check LSP settings checked. No errors detected

 

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes

TCP ports

135 LISTENING 0.0.0.0 10435 [932] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

139 LISTENING 0.0.0.0 49379 [4] System

Script: Quarantine, Delete, BC delete, Terminate

139 LISTENING 0.0.0.0 32808 [4] System

Script: Quarantine, Delete, BC delete, Terminate

139 LISTENING 0.0.0.0 32868 [4] System

Script: Quarantine, Delete, BC delete, Terminate

445 LISTENING 0.0.0.0 39026 [4] System

Script: Quarantine, Delete, BC delete, Terminate

1033 LISTENING 0.0.0.0 8428 [2240] c:\windows\system32\alg.exe

Script: Quarantine, Delete, BC delete, Terminate

1113 ESTABLISHED 61.81.188.20 6980 [1804]

1114 CLOSE_WAIT 69.89.21.77 80 [1804]

1121 ESTABLISHED 127.0.0.1 2869 [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

2869 LISTENING 0.0.0.0 59560 [1536] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

2869 ESTABLISHED 192.168.0.2 2111 [1536] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

2869 ESTABLISHED 192.168.0.2 2113 [4] System

Script: Quarantine, Delete, BC delete, Terminate

2869 ESTABLISHED 127.0.0.1 1121 [4] System

Script: Quarantine, Delete, BC delete, Terminate

4348 TIME_WAIT 192.168.0.1 2869 [0]

4380 TIME_WAIT 192.168.0.1 2869 [0]

17457 TIME_WAIT 192.168.0.1 2869 [0]

20204 TIME_WAIT 192.168.0.1 2869 [0]

23592 TIME_WAIT 192.168.0.1 2869 [0]

24270 TIME_WAIT 192.168.0.1 2869 [0]

27896 TIME_WAIT 192.168.0.1 2869 [0]

32418 TIME_WAIT 192.168.0.1 2869 [0]

33086 TIME_WAIT 192.168.0.1 2869 [0]

35095 TIME_WAIT 192.168.0.1 2869 [0]

35648 TIME_WAIT 192.168.0.1 2869 [0]

38008 TIME_WAIT 192.168.0.1 2869 [0]

39762 TIME_WAIT 192.168.0.1 2869 [0]

44301 TIME_WAIT 192.168.0.1 2869 [0]

45390 TIME_WAIT 192.168.0.1 2869 [0]

47255 TIME_WAIT 192.168.0.1 2869 [0]

49982 TIME_WAIT 192.168.0.1 2869 [0]

51263 TIME_WAIT 192.168.0.1 2869 [0]

54886 TIME_WAIT 192.168.0.1 2869 [0]

58178 TIME_WAIT 192.168.0.1 2869 [0]

61330 TIME_WAIT 192.168.0.1 2869 [0]

62039 TIME_WAIT 192.168.0.1 2869 [0]

63571 TIME_WAIT 192.168.0.1 2869 [0]

64510 TIME_WAIT 192.168.0.1 2869 [0]

UDP ports

53 LISTENING -- -- [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

67 LISTENING -- -- [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

68 LISTENING -- -- [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

123 LISTENING -- -- [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

123 LISTENING -- -- [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

123 LISTENING -- -- [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

123 LISTENING -- -- [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

123 LISTENING -- -- [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

137 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

137 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

137 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

138 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

138 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

138 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

445 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

500 LISTENING -- -- [716] c:\windows\system32\lsass.exe

Script: Quarantine, Delete, BC delete, Terminate

1036 LISTENING -- -- [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

1037 LISTENING -- -- [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

1038 LISTENING -- -- [236] c:\arquivos de programas\msn messenger\msnmsgr.exe

Script: Quarantine, Delete, BC delete, Terminate

1115 LISTENING -- -- [1804]

1120 LISTENING -- -- [1212] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

1900 LISTENING -- -- [1536] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

1900 LISTENING -- -- [1536] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

1900 LISTENING -- -- [1536] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

1900 LISTENING -- -- [1536] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

1900 LISTENING -- -- [1536] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

4500 LISTENING -- -- [716] c:\windows\system32\lsass.exe

Script: Quarantine, Delete, BC delete, Terminate

7559 LISTENING -- -- [236] c:\arquivos de programas\msn messenger\msnmsgr.exe

Script: Quarantine, Delete, BC delete, Terminate

9850 LISTENING -- -- [236] c:\arquivos de programas\msn messenger\msnmsgr.exe

Script: Quarantine, Delete, BC delete, Terminate

14163 LISTENING -- -- [236] c:\arquivos de programas\msn messenger\msnmsgr.exe

Script: Quarantine, Delete, BC delete, Terminate

15202 LISTENING -- -- [236] c:\arquivos de programas\msn messenger\msnmsgr.exe

Script: Quarantine, Delete, BC delete, Terminate

18640 LISTENING -- -- [236] c:\arquivos de programas\msn messenger\msnmsgr.exe

Script: Quarantine, Delete, BC delete, Terminate

32921 LISTENING -- -- [236] c:\arquivos de programas\msn messenger\msnmsgr.exe

Script: Quarantine, Delete, BC delete, Terminate

35209 LISTENING -- -- [236] c:\arquivos de programas\msn messenger\msnmsgr.exe

Script: Quarantine, Delete, BC delete, Terminate

45675 LISTENING -- -- [236] c:\arquivos de programas\msn messenger\msnmsgr.exe

Script: Quarantine, Delete, BC delete, Terminate

 

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL

C:\Arquivos de programas\QuickTime\QTPlugin.ocx

Script: Quarantine, Delete, BC delete The QuickTime Control allows you to view a wide variety of multimedia content in web pages. Copyright Apple Inc. 1989-2008 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}

Delete http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

C:\WINDOWS\system32\Adobe\Director\SwDir.dll

Script: Quarantine, Delete, BC delete Shockwave ActiveX Control Copyright © 1985-2008 Adobe Systems, Inc. {166B1BCA-3F9C-11CF-8075-444553540000}

Delete http://download.macromedia.com/pub/shockwa...director/sw.cab

C:\WINDOWS\Downloaded Program Files\msgrchkr.dll

Script: Quarantine, Delete, BC delete Zone.com Checkers for MSN Messenger Copyright © 1995-2004 Microsoft Corporation {20A60F0D-9AFA-4515-A0FD-83BD84642501}

Delete http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

C:\WINDOWS\Downloaded Program Files\UploaderX.dll

Script: Quarantine, Delete, BC delete Photo Uploader Copyright 2007 {474F00F5-3853-492C-AC3A-476512BBC336}

Delete http://img2.orkut.com/activex/10035/photouploader.cab

C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll

Script: Quarantine, Delete, BC delete Uno Messenger © Microsoft. All rights reserved. {5D6F45B3-9043-443D-A792-115447494D24}

Delete http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

C:\WINDOWS\DOWNLO~1\GAMELA~1.OCX

Script: Quarantine, Delete, BC delete Acclaim GameLauncher ActiveX Control Module Copyright © 2006 {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}

Delete http://www.acclaim.com/cabs/acclaim_v4.cab

C:\WINDOWS\Downloaded Program Files\mjolauncher.dll

Script: Quarantine, Delete, BC delete MJOLauncher Module Copyright 2005 {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}

Delete http://www.atrativa.com.br/games/applets/g...mjolauncher.cab

C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

Script: Quarantine, Delete, BC delete Java Platform SE binary Copyright © 2004 {8AD9C840-044E-11D1-B3E9-00805F499D93}

Delete http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

Delete http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

C:\WINDOWS\Downloaded Program Files\ZIntro.ocx

Script: Quarantine, Delete, BC delete ZoneIntro Copyright © 1995-2004 Microsoft Corporation {B8BE5E93-A60C-4D26-A2DC-220313175592}

Delete http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

C:\WINDOWS\DOWNLO~1\SimCityX.ocx

Script: Quarantine, Delete, BC delete SimCityX ActiveX Control Module Copyright © 1998, Electronic Arts, Inc. {BF985246-09BF-11D2-BE62-006097DF57F6}

Delete http://simcity.ea.com/play/classic/SimCityX.cab

C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll

Script: Quarantine, Delete, BC delete Zone.com Stats Client for MSN Messenger Copyright © 1995-2004 Microsoft Corporation {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

Delete http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

Script: Quarantine, Delete, BC delete Java Platform SE binary Copyright © 2004 {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Delete http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

Script: Quarantine, Delete, BC delete Java Platform SE binary Copyright © 2004 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Delete http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

C:\Arquivos de programas\Java\jre1.6.0_07\bin\npjpi160_07.dll

Script: Quarantine, Delete, BC delete Java Plug-in 1.6.0_07 for Netscape Navigator (DLL Helper) Copyright © 2004 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Delete http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx

Script: Quarantine, Delete, BC delete Adobe Flash Player 9.0 r124 Adobe® Flash® Player. Copyright © 1996-2007 Adobe Systems Incorporated. All Rights Reserved. Protected by U.S. Patent 6,879,327; Patents Pending in the United States and other countries. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries. {D27CDB6E-AE6D-11CF-96B8-444553540000}

Delete http://download.macromedia.com/pub/shockwa...ash/swflash.cab

C:\ARQUIV~1\GBPLUGIN\gbpdist.dll

Script: Quarantine, Delete, BC delete GbpDist Module Copyright © 2008 {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931}

Delete https://www14.bancobrasil.com.br/plugin/GbpDist.cab

C:\WINDOWS\Downloaded Program Files\Billard8.dll

Script: Quarantine, Delete, BC delete Ganymede Technologies Copyright © 1997-2005 Ganymede Technologies {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1}

Delete http://200.212.184.212/g_bin/eng/billard8_2_0_0_35.cab

Elements detected - 19, recognized as trusted - 1

 

Control Panel Applets (CPL)

File name Description Manufacturer

C:\WINDOWS\system32\javacpl.cpl

Script: Quarantine, Delete, BC delete Java Control Panel Copyright © 2004

Elements detected - 27, recognized as trusted - 26

 

Active Setup

File name Description Manufacturer CLSID

Elements detected - 14, recognized as trusted - 14

 

HOSTS file

Hosts file record

 

127.0.0.1 msnfix.changelog.fr

127.0.0.1 www.incodesolutions.com

127.0.0.1 virusinfo.prevx.com

127.0.0.1 download.bleepingcomputer.com

127.0.0.1 www.dazhizhu.cn

127.0.0.1 www.nabble.com

127.0.0.1 lurker.clamav.net

127.0.0.1 lexikon.ikarus.at

127.0.0.1 research.sunbelt-software.com

127.0.0.1 www.virusdoctor.jp

127.0.0.1 www.elitepvpers.de

127.0.0.1 www.superuser.co.kr

127.0.0.1 ntfaq.co.kr

127.0.0.1 v.dreamwiz.com

127.0.0.1 cit.kookmin.ac.kr

127.0.0.1 forums.whatthetech.com

127.0.0.1 forum.hijackthis.de

127.0.0.1 www.huaifai.go.th

127.0.0.1 www.mostz.com

127.0.0.1 www.krupunmai.com

127.0.0.1 www.cddchiangmai.net

127.0.0.1 forum.malekal.com

127.0.0.1 tech.pantip.com

127.0.0.1 www.247fixes.com

127.0.0.1 forum.sysinternals.com

127.0.0.1 forum.telecharger.01net.com

127.0.0.1 sophos.com

127.0.0.1 foros.softonic.com

127.0.0.1 avast-home.uptodown.com

127.0.0.1 www.f-secure.com

127.0.0.1 www.chkrootkit.org

127.0.0.1 diamondcs.com.au

127.0.0.1 www.rootkit.nl

127.0.0.1 www.sysinternals.com

127.0.0.1 z-oleg.com

127.0.0.1 espanol.dir.groups.yahoo.com

127.0.0.1 www.castlecrops.com

127.0.0.1 www.misec.net

127.0.0.1 safecomputing.umn.edu

127.0.0.1 www.antirootkit.com

127.0.0.1 www.greatis.com

127.0.0.1 ar.answers.yahoo.com

127.0.0.1 www.rootkit.com

127.0.0.1 www.pctools.com

127.0.0.1 www.pcsupportadvisor.com

127.0.0.1 www.resplendence.com

127.0.0.1 www.personal.psu.edu

127.0.0.1 foro.ethek.com

127.0.0.1 vil.nail.comm

127.0.0.1 search.mcafee.com

127.0.0.1 wwww.mcafee.com

127.0.0.1 download.nai.com

127.0.0.1 wwww.experts-exchange.com

127.0.0.1 www.bakunos.com

127.0.0.1 www.Merijn.org

127.0.0.1 www.spywareinfo.com

127.0.0.1 www.spybot.info

127.0.0.1 www.viruslist.com

127.0.0.1 www.hijackthis.de

127.0.0.1 www.f-secure.com

127.0.0.1 forum.kaspersky.com

127.0.0.1 majorgeeks.com

127.0.0.1 www.avp.com

127.0.0.1 www.virustotal.com

127.0.0.1 www.sophos.com

127.0.0.1 linhadefensiva.uol.com.br

127.0.0.1 cmmings.cn

127.0.0.1 www.sergiwa.com

127.0.0.1 www.avg-antivirus.net

127.0.0.1 www.kaspersky-labs.com

127.0.0.1 www.kaspersky.com

127.0.0.1 www.bleepingcomputer.com

127.0.0.1 www.free.grisoft.com

127.0.0.1 securityresponse.symantec.com

127.0.0.1 www.analysis.seclab.tuwien.ac.at

127.0.0.1 www.symantec.com

127.0.0.1 www.kztechs.com

127.0.0.1 ad-aware-se.uptodown.com

127.0.0.1 liveupdate.symantecliveupdate.com

127.0.0.1 liveupdate.symantec.com

127.0.0.1 customer.symantec.com

127.0.0.1 update.symantec.com

127.0.0.1 www.box.net

127.0.0.1 www.mcafee.com

127.0.0.1 www.free.avg.com

127.0.0.1 download.mcafee.com

127.0.0.1 mast.mcafee.com

127.0.0.1 www.tecno-soft.com

127.0.0.1 ladooscuro.es

127.0.0.1 guru0.grisoft.cz

127.0.0.1 guru1.grisoft.cz

127.0.0.1 guru2.grisoft.cz

127.0.0.1 guru3.grisoft.cz

127.0.0.1 download.bleepingcomputer.com

127.0.0.1 it.answers.yahoo.com

127.0.0.1 guru4.grisoft.cz

127.0.0.1 guru5.grisoft.cz

127.0.0.1 www.virusspy.com

127.0.0.1 www.download.f-secure.com

127.0.0.1 www.malwareremoval.com

127.0.0.1 forums.cnet.com

127.0.0.1 hjt-data.trend-braintree.com

127.0.0.1 www.pantip.com

127.0.0.1 secubox.aldria.com

127.0.0.1 www.forospyware.com

127.0.0.1 www.manuelruvalcaba.com

127.0.0.1 www.siteadvisor.com

127.0.0.1 blog.threatfire.com

127.0.0.1 www.threatexpert.com

127.0.0.1 blog.hispasec.com

127.0.0.1 www.configurarequipos.com

127.0.0.1 mailcenter.rising.com.cn

127.0.0.1 mailcenter.rising.com

127.0.0.1 www.rising.com.cn

127.0.0.1 www.rising.com

127.0.0.1 www.babooforum.com.br

127.0.0.1 www.runscanner.net

127.0.0.1 sosvirus.changelog.fr

127.0.0.1 upload.changelog.fr

127.0.0.1 www.raymond.cc

127.0.0.1 changelog.fr

127.0.0.1 www.pcentraide.com

127.0.0.1 atazita.blogspot.com

127.0.0.1 www.final4ever.com

127.0.0.1 files.filefont.com

127.0.0.1 www.infos-du-net.com

127.0.0.1 www.trendsecure.com

127.0.0.1 forum.hardware.fr

127.0.0.1 www.utilidades-utiles.comwww.spychecker.com

127.0.0.1 www.geekstogo.com

127.0.0.1 forums.maddoktor2.com

127.0.0.1 www.smokey-services.eu

127.0.0.1 www.clubic.com

127.0.0.1 www.linhadefensiva.org

127.0.0.1 download.sysinternals.com

127.0.0.1 www.pcguide.com

127.0.0.1 www.thetechguide.com

127.0.0.1 www.ozzu.com

127.0.0.1 www.changedetection.com

127.0.0.1 espanol.groups.yahoo.com

127.0.0.1 community.thaiware.com

127.0.0.1 www.avpclub.ddns.info

127.0.0.1 www.offensivecomputing.net

127.0.0.1 www.grisoft.com

127.0.0.1 boardreader.com

127.0.0.1 www.guiadohardware.net

127.0.0.1 www.msnvirusremoval.com

127.0.0.1 www.cisrt.org

127.0.0.1 fixmyim.com

127.0.0.1 samroeng.hi5.com

127.0.0.1 foro.elhacker.net

127.0.0.1 www.daboweb.com

127.0.0.1 service1.symantec.com

127.0.0.1 forums.techguy.org

127.0.0.1 www.incodesolutions.com

127.0.0.1 hijackthis.download3000.com

127.0.0.1 www.cybertechhelp.com

127.0.0.1 www.superdicas.com.br

127.0.0.1 downloads.andymanchesta.com

127.0.0.1 andymanchesta.com

127.0.0.1 info.prevx.com

127.0.0.1 aknow.prevx.com

127.0.0.1 www.zonavirus.com

127.0.0.1 securitywonks.net

127.0.0.1 www.lavasoft.com

127.0.0.1 www.virscan.org

127.0.0.1 www.eeload.com

127.0.0.1 down.www.kingsoft.com

127.0.0.1 www.file.net

127.0.0.1 onecare.live.com

127.0.0.1 mvps.org

127.0.0.1 www.housecall.trendmicro.com

127.0.0.1 www.avast.com

127.0.0.1 www.free.avg.com

127.0.0.1 www.onlinescan.avast.com

127.0.0.1 www.ewido.net

127.0.0.1 www.trucoswindows.net

127.0.0.1 www.futurenow.bitdefender.com

127.0.0.1 www.bitdefender.com

127.0.0.1 www.f-prot.com

127.0.0.1 www.trendsecure.com

127.0.0.1 security.symantec.com

127.0.0.1 www.avira.com

127.0.0.1 www.eset.com

127.0.0.1 www.free.avg.com

127.0.0.1 www.free-av.com

127.0.0.1 kr.ahnlab.com

127.0.0.1 www.eset.com

127.0.0.1 forospyware.com

127.0.0.1 thejokerx.blogspot.com

127.0.0.1 www.2-spyware.com

127.0.0.1 www.antivir.es

127.0.0.1 www.prevx.com

127.0.0.1 www.ikarus.net

127.0.0.1 bbs.s-sos.net

127.0.0.1 www.housecall.trendmicro.com

127.0.0.1 www.superdicas.com.br

127.0.0.1 www.forums.majorgeeks.com

127.0.0.1 www.castlecops.com

127.0.0.1 www.virusspy.com

127.0.0.1 andymanchesta.com

127.0.0.1 www.kaspersky.es

127.0.0.1 subs.geekstogo.com

127.0.0.1 www.trendmicro.com

127.0.0.1 www.fortinet.com

127.0.0.1 www.safer-networking.org

127.0.0.1 www.fortiguardcenter.com

127.0.0.1 www.dougknox.com

127.0.0.1 www.vsantivirus.com

127.0.0.1 www.firewallguide.com

127.0.0.1 www.auditmypc.com

127.0.0.1 www.spywaredb.com

127.0.0.1 www.mxttchina.com

127.0.0.1 www.ziggamza.net

127.0.0.1 www.forospyware.es

127.0.0.1 www.antivirus.comodo.com

127.0.0.1 www.spywareterminator.com

127.0.0.1 www.eradicatespyware.net

127.0.0.1 www.freespywareremoval.info

127.0.0.1 www.personalfirewall.comodo.com

127.0.0.1 www.clamav.net

127.0.0.1 www.antivirus.about.com

127.0.0.1 www.pandasecurity.com

127.0.0.1 www.webphand.com

127.0.0.1 mx.answers.yahoo.com

127.0.0.1 www.securitywonks.net

127.0.0.1 www.sandboxie.com

127.0.0.1 www.clamwin.com

127.0.0.1 www.cwsandbox.org

127.0.0.1 www.ca.com

127.0.0.1 www.arswp.com

127.0.0.1 es.answers.yahoo.com

127.0.0.1 www.trucoswindows.es

127.0.0.1 www.networkworld.com

127.0.0.1 www.cddchiangmai.net

127.0.0.1 www.threatexpert.com

127.0.0.1 www.norman.com

127.0.0.1 espanol.answers.yahoo.com

127.0.0.1 www.tallemu.com

127.0.0.1 virscan.org

127.0.0.1 www.viruschief.com

127.0.0.1 scanner.virus.org

127.0.0.1 www.hijackthis.de

127.0.0.1 housecall65.trendmicro.com

127.0.0.1 www.guiadohardware.net

127.0.0.1 hjt.networktechs.com

127.0.0.1 www.techsupportforum.com

127.0.0.1 www.whatthetech.com

127.0.0.1 www.soccersuck.com

127.0.0.1 www.pcentraide.com

127.0.0.1 comunidad.wilkinsonpc.com.co

127.0.0.1 forum.piriform.com

127.0.0.1 www.tweaksforgeeks.com

127.0.0.1 www.daniweb.com

127.0.0.1 www.geekstogo.com

127.0.0.1 es.answers.yahoo.com

127.0.0.1 www.techsupportforum.com

127.0.0.1 www.pchell.com

127.0.0.1 www.spyany.com

127.0.0.1 forums.techguy.org

127.0.0.1 www.experts-exchange.com

127.0.0.1 www.wikio.es

127.0.0.1 www.pandasecurity.com

127.0.0.1 forum.tweaks.com

127.0.0.1 www.wilderssecurity.com

127.0.0.1 www.techspot.com

127.0.0.1 www.thecomputerpitstop.com

127.0.0.1 es.wasalive.com

127.0.0.1 secunia.com

127.0.0.1 www.computing.net

127.0.0.1 discussions.virtualdr.com

127.0.0.1 forum.securitycadets.com

127.0.0.1 www.techimo.com

127.0.0.1 13iii.com

127.0.0.1 www.dicasweb.com.br

127.0.0.1 www.infosecpodcast.com

127.0.0.1 www.usbcleaner.cn

127.0.0.1 www.net-security.org

127.0.0.1 www.bleedingthreats.net

127.0.0.1 acs.pandasoftware.com

127.0.0.1 www.360safe.cn

127.0.0.1 www.360safe.com

127.0.0.1 bbs.360safe.cn

127.0.0.1 bbs.360safe.com

127.0.0.1 codehard.wordpress.com

127.0.0.1 forum.clubedohardware.com.br

127.0.0.1 www.360.cn

127.0.0.1 www.360.com

127.0.0.1 bbs.360safe.cn

127.0.0.1 bbs.360safe.com

127.0.0.1 www.forospyware.es

127.0.0.1 p3dev.taringa.net

127.0.0.1 www.precisesecurity.com

127.0.0.1 baike.360.cn

127.0.0.1 baike.360.com

127.0.0.1 kaba.360.cn

127.0.0.1 kaba.360.com

127.0.0.1 deckard.geekstogo.com

127.0.0.1 www.taringa.net

127.0.0.1 forums.comodo.com

127.0.0.1 down.360safe.cn

127.0.0.1 down.360safe.com

127.0.0.1 x.360safe.com

127.0.0.1 dl.360safe.com

127.0.0.1 ftp.drweb.com

127.0.0.1 www.hotshare.net

127.0.0.1 es.wasalive.com

127.0.0.1 updatem.360safe.com

127.0.0.1 updatem.360safe.cn

127.0.0.1 update.360safe.cn

127.0.0.1 update.360safe.com

127.0.0.1 www.utilidades-utiles.com

127.0.0.1 forum.kaspersky.com

127.0.0.1 bbs.duba.net

127.0.0.1 www.duba.net

127.0.0.1 zhidao.baidu.com

127.0.0.1 hi.baidu.com

127.0.0.1 www.drweb.com.es

127.0.0.1 msncleaner.softonic.com

127.0.0.1 www.javacoolsoftware.com

127.0.0.1 file.ikaka.com

127.0.0.1 file.ikaka.cn

127.0.0.1 bbs.ikaka.com

127.0.0.1 zhidao.ikaka.com

127.0.0.1 www.eset-la.com

127.0.0.1 www.eset-la.com

127.0.0.1 software-files.download.com

127.0.0.1 www.ikaka.com

127.0.0.1 www.ikaka.cn

127.0.0.1 bbs.cfan.com.cn

127.0.0.1 www.cfan.com.cn

127.0.0.1 www.pandasecurity.com

127.0.0.1 es.mcafee.com

127.0.0.1 downloads.malwarebytes.org

127.0.0.1 bbs.kafan.cn

127.0.0.1 bbs.kafan.com

127.0.0.1 bbs.kpfans.com

127.0.0.1 bbs.taisha.org

127.0.0.1 www.manuelruvalcaba.com

127.0.0.1 support.f-secure.com

127.0.0.1 alerta-antivirus.inteco.es

127.0.0.1 foros.zonavirus.com

127.0.0.1 alerta-antivirus.red.es

127.0.0.1 www.zonavirus.com

127.0.0.1 www.malwarebytes.org

127.0.0.1 www.ewido.net

127.0.0.1 www.infospyware.com

127.0.0.1 www.bitdefender.es

127.0.0.1 housecall.trendmicro.com

127.0.0.1 www.emsisoft.de

127.0.0.1 www.securitynewsportal.com

 

Protocols and handlers

File name Type Description Manufacturer CLSID

C:\Arquivos de programas\AVG\AVG8\avgpp.dll

Script: Quarantine, Delete, BC delete Handler Safe Search pluggable protocol (linkscanner: ExPLabs.com Pluggable Protocol) Copyright © 2008 AVG Technologies CZ, s.r.o. {F274614C-63F8-47D5-A4D1-FBDDE494F8D1}

C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

Script: Quarantine, Delete, BC delete Handler Skype for COM API (Skype4COM Pluggable Protocol) © Skype Technologies. All rights reserved. {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

Elements detected - 32, recognized as trusted - 30

 

Suspicious objects

File Description Type

c:\windows\system32\symldsm.exe

Script: Quarantine, Delete, BC delete Suspicion for Rootkit Suspicion for Rootkit

C:\WINDOWS\System32\Drivers\avgtdix.sys

Script: Quarantine, Delete, BC delete Suspicion for Rootkit Kernel-mode hook

--------------------------------------------------------------------------------

Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"

System Restore: Disabled

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42

Hook kernel32.dll:CreateProcessA (99) blocked

Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040

Hook kernel32.dll:CreateProcessW (103) blocked

Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ABDE->61F041FC

Hook kernel32.dll:FreeLibrary (241) blocked

Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B4CF->61F040FB

Hook kernel32.dll:GetModuleFileNameA (372) blocked

Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B3D5->61F041A0

Hook kernel32.dll:GetModuleFileNameW (373) blocked

Function kernel32.dll:GetProcAddress (408) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ADA0->61F04648

Hook kernel32.dll:GetProcAddress (408) blocked

Function kernel32.dll:LoadLibraryA (578) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F

Hook kernel32.dll:LoadLibraryA (578) blocked

>>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)

Function kernel32.dll:LoadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF

Hook kernel32.dll:LoadLibraryExA (579) blocked

>>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)

Function kernel32.dll:LoadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A

Hook kernel32.dll:LoadLibraryExW (580) blocked

Function kernel32.dll:LoadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE4B->61F03D0C

Hook kernel32.dll:LoadLibraryW (581) blocked

IAT modification detected: GetModuleFileNameW - 00B90010<>7C80B3D5

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=082680)

Kernel ntoskrnl.exe found in memory at address 804D7000

SDT = 80559680

KiST = 804E26A8 (284)

Functions checked: 284, intercepted: 0, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

>>>> Process masking detected 1804 c:\windows\system32\symldsm.exe

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

\driver\tcpip[iRP_MJ_CLOSE] = F429C5A8 -> C:\WINDOWS\System32\Drivers\avgtdix.sys

\driver\tcpip[iRP_MJ_INTERNAL_DEVICE_CONTROL] = F429D43E -> C:\WINDOWS\System32\Drivers\avgtdix.sys

Checking - complete

>>> Attention - Task Manager is blocked

>>> Attention: Registry Editor is blocked

>> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

>> Services: potentially dangerous service allowed: TermService (Serviзos de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviзo de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da бrea de trabalho do NetMeeting)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessгo de ajuda de бrea de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

>> Abnormal REG files association

>> Block: Registry Editor

>> Block: Task Manager

>> Start -> Run menu is blocked

>> System Restore settings blocked

>> Command line interface (cmd.exe) is blocked

>> Explorer - folder properties access blocked

>> Disable CD/DVD autorun

System Analysis in progress

 

Script commands

Add commands to script:Blocking hooks using Anti-RootkitEnable AVZGuardBootCleaner - import list of deleted filesRegistry cleanup after deleting filesBootCleaner - activateRebootInsert template for QuarantineFile() - quarantining fileInsert template for BC_QrFile() - quarantining file via BootCleanerInsert template for DeleteFile() - deleting fileInsert template for DelCLSID() - deleting CLSID item from registryAdditional operations:Performance tweaking: disable service RemoteRegistry (Registro remoto)Performance tweaking: disable service TermService (Serviзos de terminal)Performance tweaking: disable service SSDPSRV (Serviзo de descoberta SSDP)Performance tweaking: disable service Schedule (Agendador de tarefas)Performance tweaking: disable service mnmsrvc (Compartilhamento remoto da бrea de trabalho do NetMeeting)Performance tweaking: disable service RDSessMgr (Gerenciador de sessгo de ajuda de бrea de trabalho remota)Security tweaking: disable CD autorunSecurity tweaking: disable administrative sharesSecurity tweaking: disable anonymous user accessSecurity: disable sending Remote Assistant queries--------------------------------------------------------------------------------

File list

[PedroN 1]

- Execute o SafeBootKeyRepair como descrito acima

[Lia Sergia 0]

O link não funciona! :(

[jgarcia 1]

O link não funciona! :(

Testei e o link está normal. :blink:

[Mário Monteiro 179]

Testei tambem e foi de boa

[PedroN 1]

Aqui também estar funcionando normal,

[Lia Sergia 0]

Tentei várias vezes, pelo IE e pelo Firefox, e não abre. :(

E agora?

[PedroN 1]

- Tente por esse link

 

http://rapidshare.com/files/153798110/Safe...Repair.exe.html

[DigRam 144]

Opa! Bom Dia

 

127.0.0.1 download.bleepingcomputer.com

<!> Com certeza esta informação,no Hosts,está impedindo o download.

<!> Recomendo uma limpeza,ao mesmo,antes do procedimento.

 

Abraços!