Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

engcivil

[Resolvido!] PC um pouco lento.

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

engcivil    0

engcivil
Postado

Pessoal, meu pc está um pouco lento ultimamente..e gostaria de ajuda.

 

Não uso mais o site do BB neste computador e gostaria tbm de remover o plugin do banco.

 

segue o log..

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:12:40, on 5/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe

C:\WINDOWS\system32\hasplms.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\keyhook.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229552407536

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe

 

--

End of file - 6143 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! engcivil

 

<@> Baixe: < RSIT > ( ...by random/random )

<@> Salve-o,diretamente,no Disco Local ( C )!

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em C:\rsit\info.txt <--

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

engcivil    0

engcivil
Postado

Boa noite DigRam,

 

segue o log.txt e também o info.txt..

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Administrador at 2009-01-07 01:56:17

Microsoft Windows XP Professional Service Pack 2

System drive C: has 5 GB (36%) free of 15 GB

Total RAM: 479 MB (34% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:56:25, on 7/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\hasplms.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\keyhook.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\RSIT.exe

C:\Hijack\Administrador.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229552407536

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe

 

--

End of file - 6023 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-26 65024]

"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2004-05-12 249856]

"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"avgnt"=C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\Arquivos de programas\GbPlugin\gbieh.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe:*:Enabled:AnsysWBU.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe:*:Enabled:AWP ANSYS.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe:*:Enabled:CEExeServerU.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe:*:Enabled:JMServiceU.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\tclsh.exe"="C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\tclsh.exe:*:Enabled:AWP tclsh.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\wish.exe"="C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\wish.exe:*:Enabled:AWP wish.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe"="C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe:*:Enabled:AnsysWBU.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe:*:Enabled:AWP ANSYS.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe:*:Enabled:CEExeServerU.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe"="C:\Arquivos de programas\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe:*:Enabled:JMServiceU.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\tclsh.exe"="C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\tclsh.exe:*:Enabled:AWP tclsh.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\wish.exe"="C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\wish.exe:*:Enabled:AWP wish.exe"

"C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe"="C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9a3b21f-d77c-11dd-b432-00016c39a799}]

shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa85ed72-cd46-11dd-b414-00016c39a799}]

shell\AutoRun\command - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

shell\open\command - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

 

 

======File associations======

 

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"

.scr - install -

.scr - config -

 

======List of files/folders created in the last 1 months======

 

2009-01-07 01:56:17 ----D---- C:\rsit

2009-01-07 01:55:17 ----A---- C:\RSIT.exe

2009-01-05 11:12:07 ----D---- C:\Hijack

2009-01-05 10:55:05 ----A---- C:\WINDOWS\PSEXESVC.EXE

2009-01-04 19:14:31 ----D---- C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel

2009-01-04 19:14:29 ----D---- C:\WINDOWS\Downloaded Installations

2009-01-04 19:11:09 ----D---- C:\CYPE Ingenieros

2009-01-04 19:10:10 ----D---- C:\usr

2009-01-04 19:09:55 ----A---- C:\WINDOWS\system32\haspds_windows.dll

2009-01-02 16:32:18 ----A---- C:\WINDOWS\hpdj3840.ini

2008-12-30 01:17:11 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-12-28 20:22:34 ----D---- C:\WINDOWS\Sun

2008-12-28 20:22:34 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Sun

2008-12-22 19:23:26 ----D---- C:\WINDOWS\system32\MSN

2008-12-22 14:46:26 ----D---- C:\Arquivos de programas\PokerStars

2008-12-19 19:01:40 ----D---- C:\Arquivos de programas\Full Tilt Poker

2008-12-19 01:44:33 ----D---- C:\Arquivos de programas\Winamp

2008-12-18 16:47:32 ----D---- C:\Arquivos de programas\Arquivos comuns\Aladdin Shared

2008-12-18 16:47:31 ----A---- C:\WINDOWS\system32\hasplms.exe

2008-12-18 16:47:31 ----A---- C:\WINDOWS\system32\aksllmtp.exe

2008-12-18 16:47:30 ----A---- C:\WINDOWS\system32\aksusb2.dll

2008-12-18 16:47:30 ----A---- C:\WINDOWS\system32\akshsp50.dll

2008-12-18 16:47:30 ----A---- C:\WINDOWS\system32\akshhl26.dll

2008-12-18 16:47:28 ----A---- C:\WINDOWS\system32\haspvdd.dll

2008-12-18 16:46:36 ----D---- C:\Arquivos de programas\AltoQi

2008-12-18 16:15:17 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision

2008-12-18 15:56:27 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Ansys

2008-12-18 15:47:50 ----D---- C:\Arquivos de programas\ANSYS Inc

2008-12-18 14:44:02 ----D---- C:\WINDOWS\system32\appmgmt

2008-12-17 22:56:28 ----A---- C:\WINDOWS\NeroDigital.ini

2008-12-17 22:56:21 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

2008-12-17 22:19:32 ----D---- C:\Arquivos de programas\AnswerWorks 4.0

2008-12-17 22:14:54 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk

2008-12-17 22:14:54 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Autodesk

2008-12-17 22:14:54 ----D---- C:\Arquivos de programas\AutoCAD 2006

2008-12-17 22:13:15 ----D---- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2008-12-17 22:13:12 ----D---- C:\Arquivos de programas\Autodesk

2008-12-17 21:15:01 ----D---- C:\Arquivos de programas\CCleaner

2008-12-17 21:07:08 ----D---- C:\Arquivos de programas\PowerISO

2008-12-17 21:05:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-12-17 21:05:08 ----D---- C:\Arquivos de programas\Avira

2008-12-17 21:04:20 ----A---- C:\WINDOWS\system32\rmoc3260.dll

2008-12-17 21:04:20 ----A---- C:\WINDOWS\system32\pndx5032.dll

2008-12-17 21:04:20 ----A---- C:\WINDOWS\system32\pndx5016.dll

2008-12-17 21:04:20 ----A---- C:\WINDOWS\system32\pncrt.dll

2008-12-17 21:04:19 ----A---- C:\WINDOWS\system32\unrar.dll

2008-12-17 21:04:19 ----A---- C:\WINDOWS\avisplitter.ini

2008-12-17 21:04:17 ----A---- C:\WINDOWS\system32\yv12vfw.dll

2008-12-17 21:04:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2008-12-17 21:04:17 ----A---- C:\WINDOWS\system32\xvidcore.dll

2008-12-17 21:04:16 ----A---- C:\WINDOWS\system32\qt-dx331.dll

2008-12-17 21:04:16 ----A---- C:\WINDOWS\system32\dpl100.dll

2008-12-17 21:04:16 ----A---- C:\WINDOWS\system32\divx.dll

2008-12-17 21:04:15 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-12-17 21:04:15 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2008-12-17 21:04:14 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Real

2008-12-17 21:04:14 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Real

2008-12-17 21:04:14 ----D---- C:\Arquivos de programas\K-Lite Codec Pack

2008-12-17 21:03:48 ----A---- C:\WINDOWS\system32\dopdfmn6.dll

2008-12-17 21:03:48 ----A---- C:\WINDOWS\system32\dopdfmi6.dll

2008-12-17 21:03:46 ----D---- C:\Arquivos de programas\Softland

2008-12-17 20:56:57 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2008-12-17 20:43:17 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-12-17 20:43:15 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2008-12-17 20:42:11 ----D---- C:\Arquivos de programas\Adobe

2008-12-17 20:40:20 ----D---- C:\Program Files

2008-12-17 20:39:34 ----N---- C:\WINDOWS\UNNeroVision.exe

2008-12-17 20:39:34 ----N---- C:\WINDOWS\system32\msxml3a.dll

2008-12-17 20:39:22 ----N---- C:\WINDOWS\system32\picn20.dll

2008-12-17 20:39:22 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-12-17 20:38:04 ----N---- C:\WINDOWS\system32\TwnLib4.dll

2008-12-17 20:38:04 ----N---- C:\WINDOWS\system32\TwnLib20.dll

2008-12-17 20:38:03 ----N---- C:\WINDOWS\system32\ImagXRA7.dll

2008-12-17 20:38:03 ----N---- C:\WINDOWS\system32\ImagXR7.dll

2008-12-17 20:38:03 ----N---- C:\WINDOWS\system32\ImagXpr7.dll

2008-12-17 20:38:03 ----N---- C:\WINDOWS\system32\ImagX7.dll

2008-12-17 20:38:03 ----D---- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-12-17 20:38:03 ----D---- C:\Arquivos de programas\Ahead

2008-12-17 20:38:03 ----A---- C:\WINDOWS\system32\NeroCheck.exe

2008-12-17 20:37:29 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\WinRAR

2008-12-17 20:29:47 ----D---- C:\Arquivos de programas\uTorrent

2008-12-17 20:29:34 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-12-17 20:26:39 ----DC---- C:\WINDOWS\system32\DRVSTORE

2008-12-17 20:22:29 ----SHDC---- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-12-17 20:21:42 ----D---- C:\Arquivos de programas\Windows Live

2008-12-17 20:21:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-12-17 20:20:50 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2008-12-17 20:20:50 ----A---- C:\WINDOWS\system32\wups2.dll

2008-12-17 20:20:50 ----A---- C:\WINDOWS\system32\wucltui.dll.mui

2008-12-17 20:20:50 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

2008-12-17 20:20:50 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2008-12-17 20:18:08 ----D---- C:\Arquivos de programas\eMule

2008-12-17 20:15:05 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia

2008-12-17 20:15:03 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Adobe

2008-12-17 19:59:42 ----A---- C:\WINDOWS\ODBC.INI

2008-12-17 19:59:39 ----A---- C:\WINDOWS\system32\mdimon.dll

2008-12-17 19:58:59 ----D---- C:\Arquivos de programas\Arquivos comuns\DESIGNER

2008-12-17 19:58:47 ----D---- C:\WINDOWS\SHELLNEW

2008-12-17 19:57:56 ----D---- C:\Arquivos de programas\Microsoft.NET

2008-12-17 19:57:56 ----D---- C:\Arquivos de programas\Microsoft Office

2008-12-17 19:50:33 ----D---- C:\WINDOWS\WBEM

2008-12-17 19:50:32 ----D---- C:\WINDOWS\system32\pt-br

2008-12-17 19:50:17 ----HDC---- C:\WINDOWS\ie7

2008-12-17 19:50:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$

2008-12-17 19:49:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

2008-12-17 19:49:36 ----N---- C:\WINDOWS\system32\spmsg.dll

2008-12-17 19:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$

2008-12-17 19:49:27 ----N---- C:\WINDOWS\system32\xmllite.dll

2008-12-17 19:48:32 ----SHD---- C:\RECYCLER

2008-12-17 19:46:17 ----RA---- C:\WINDOWS\system32\IDEproperty.dll

2008-12-17 19:45:02 ----A---- C:\WINDOWS\SiSUSBrg.exe

2008-12-17 19:45:02 ----A---- C:\WINDOWS\SIS_LIB.DLL

2008-12-17 19:44:25 ----N---- C:\WINDOWS\system32\TVMode.dll

2008-12-17 19:44:25 ----N---- C:\WINDOWS\system32\SiSApCom.dll

2008-12-17 19:44:02 ----A---- C:\WINDOWS\system32\Keyhook.exe

2008-12-17 19:44:00 ----A---- C:\WINDOWS\system32\sistray.exe

2008-12-17 19:43:57 ----RA---- C:\WINDOWS\VGAsetup.ini

2008-12-17 19:43:50 ----RA---- C:\WINDOWS\system32\SiSParse.dll

2008-12-17 19:43:50 ----RA---- C:\WINDOWS\system32\SiSInst.dll

2008-12-17 19:43:50 ----RA---- C:\WINDOWS\system32\SiSBase.dll

2008-12-17 19:43:50 ----RA---- C:\WINDOWS\system32\instFunc.dll

2008-12-17 19:43:49 ----RA---- C:\WINDOWS\system32\sisgrv.dll

2008-12-17 19:43:49 ----RA---- C:\WINDOWS\system32\sisgl.dll

2008-12-17 19:43:47 ----D---- C:\Arquivos de programas\SiS VGA Utilities V3.59

2008-12-17 19:43:41 ----D---- C:\WINDOWS\system32\trayres

2008-12-17 19:43:36 ----A---- C:\WINDOWS\system32\VGAunistlog.ini

2008-12-17 19:42:37 ----D---- C:\Progra~1

2008-12-17 19:42:36 ----D---- C:\WINDOWS\system32\ReinstallBackups

2008-12-17 19:42:23 ----A---- C:\WINDOWS\IsUn0416.exe

2008-12-17 19:40:25 ----A---- C:\WINDOWS\system32\ksuser.dll

2008-12-17 19:40:20 ----D---- C:\Arquivos de programas\Realtek Sound Manager

2008-12-17 19:40:18 ----N---- C:\WINDOWS\avrack.ini

2008-12-17 19:40:18 ----D---- C:\Arquivos de programas\AvRack

2008-12-17 19:40:14 ----A---- C:\WINDOWS\system32\Audio3D.dll

2008-12-17 19:40:14 ----A---- C:\WINDOWS\system32\a3d.dll

2008-12-17 19:40:12 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll

2008-12-17 19:40:12 ----A---- C:\WINDOWS\SOUNDMAN.EXE

2008-12-17 19:40:10 ----A---- C:\WINDOWS\system32\RTLCPL.EXE

2008-12-17 19:40:06 ----N---- C:\WINDOWS\alcupd.exe

2008-12-17 19:40:06 ----N---- C:\WINDOWS\alcrmv.exe

2008-12-17 19:40:05 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-12-17 19:40:00 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-12-17 17:12:12 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2008-12-17 17:11:59 ----D---- C:\WINDOWS\system32\LogFiles

2008-12-17 17:11:51 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

2008-12-17 17:11:31 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2008-12-17 17:11:29 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

2008-12-17 17:11:11 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage

2008-12-17 17:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB928090$

2008-12-17 17:04:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923694$

2008-12-17 17:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$

2008-12-17 17:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$

2008-12-17 17:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$

2008-12-17 17:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$

2008-12-17 17:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$

2008-12-17 17:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB929969$

2008-12-17 17:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$

2008-12-17 17:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$

2008-12-17 16:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$

2008-12-17 16:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$

2008-12-17 16:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$

2008-12-17 16:58:54 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$

2008-12-17 16:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$

2008-12-17 16:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$

2008-12-17 16:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$

2008-12-17 16:57:49 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$

2008-12-17 16:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$

2008-12-17 16:57:18 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$

2008-12-17 16:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$

2008-12-17 16:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$

2008-12-17 16:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$

2008-12-17 16:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$

2008-12-17 16:55:52 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$

2008-12-17 16:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$

2008-12-17 16:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$

2008-12-17 16:55:03 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$

2008-12-17 16:54:42 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$

2008-12-17 16:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$

2008-12-17 16:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$

2008-12-17 16:53:52 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$

2008-12-17 16:53:38 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$

2008-12-17 16:53:25 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$

2008-12-17 16:53:10 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$

2008-12-17 16:52:55 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$

2008-12-17 16:52:41 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$

2008-12-17 16:52:29 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$

2008-12-17 16:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$

2008-12-17 16:52:05 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$

2008-12-17 16:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$

2008-12-17 16:51:43 ----N---- C:\WINDOWS\system32\verclsid.exe

2008-12-17 16:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$

2008-12-17 16:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$

2008-12-17 16:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$

2008-12-17 16:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$

2008-12-17 16:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$

2008-12-17 16:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$

2008-12-17 16:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$

2008-12-17 16:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$

2008-12-17 16:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$

2008-12-17 16:49:29 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$

2008-12-17 16:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$

2008-12-17 16:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$

2008-12-17 16:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$

2008-12-17 16:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$

2008-12-17 16:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$

2008-12-17 16:48:30 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$

2008-12-17 16:48:18 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$

2008-12-17 16:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$

2008-12-17 16:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$

2008-12-17 16:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$

2008-12-17 16:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$

2008-12-17 16:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$

2008-12-17 16:47:19 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-17 16:45:13 ----A---- C:\WINDOWS\system32\wmpns.dll

2008-12-17 16:45:12 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Identities

2008-12-17 16:45:10 ----HD---- C:\Arquivos de programas\Uninstall Information

2008-12-17 16:45:01 ----ASH---- C:\Documents and Settings\Administrador\Dados de aplicativos\desktop.ini

2008-12-17 16:44:59 ----SD---- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft

2008-12-17 16:44:52 ----D---- C:\WINDOWS\SoftwareDistribution

2008-12-17 16:44:50 ----N---- C:\WINDOWS\SchedLgU.Txt

2008-12-17 16:44:50 ----D---- C:\WINDOWS\Prefetch

2008-12-17 16:41:32 ----D---- C:\WINDOWS\system32\xircom

2008-12-17 16:41:32 ----D---- C:\Arquivos de programas\xerox

2008-12-17 16:41:32 ----D---- C:\Arquivos de programas\netmeeting

2008-12-17 16:41:32 ----D---- C:\Arquivos de programas\microsoft frontpage

2008-12-17 16:41:09 ----D---- C:\Arquivos de programas\WinRAR

2008-12-17 16:41:05 ----SD---- C:\WINDOWS\system32\Microsoft

2008-12-17 16:41:05 ----A---- C:\WINDOWS\system32\javaws.exe

2008-12-17 16:41:05 ----A---- C:\WINDOWS\system32\javaw.exe

2008-12-17 16:41:05 ----A---- C:\WINDOWS\system32\java.exe

2008-12-17 16:40:49 ----D---- C:\Arquivos de programas\Java

2008-12-17 16:40:48 ----D---- C:\Arquivos de programas\Arquivos comuns\Java

2008-12-17 16:38:26 ----RSD---- C:\WINDOWS\assembly

2008-12-17 16:38:26 ----D---- C:\WINDOWS\Microsoft.NET

2008-12-17 16:38:25 ----D---- C:\WINDOWS\system32\URTTemp

2008-12-17 16:37:43 ----A---- C:\WINDOWS\control.ini

2008-12-17 16:37:43 ----A---- C:\AUTOEXEC.BAT

2008-12-17 16:37:22 ----A---- C:\WINDOWS\system32\mapi32.dll

2008-12-17 16:37:21 ----D---- C:\Temp

2008-12-17 16:36:20 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-17 16:36:20 ----RD---- C:\WINDOWS\Offline Web Pages

2008-12-17 16:36:20 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2008-12-17 16:36:14 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2008-12-17 16:36:09 ----HD---- C:\Arquivos de programas\WindowsUpdate

2008-12-17 16:36:04 ----D---- C:\Arquivos de programas\Serviços on-line

2008-12-17 16:35:45 ----D---- C:\WINDOWS\system32\DirectX

2008-12-17 16:35:18 ----A---- C:\WINDOWS\system32\atrace.dll

2008-12-17 16:35:15 ----A---- C:\WINDOWS\system32\desktop.ini

2008-12-17 16:35:15 ----A---- C:\WINDOWS\desktop.ini

2008-12-17 16:35:07 ----A---- C:\WINDOWS\system32\acctres.dll

2008-12-17 16:35:06 ----D---- C:\Arquivos de programas\Arquivos comuns\Serviços

2008-12-17 16:35:03 ----SD---- C:\WINDOWS\Tasks

2008-12-17 16:35:03 ----A---- C:\WINDOWS\system32\icfgnt5.dll

2008-12-17 16:35:02 ----D---- C:\Arquivos de programas\Arquivos comuns\MSSoap

2008-12-17 16:34:57 ----D---- C:\WINDOWS\srchasst

2008-12-17 16:34:56 ----D---- C:\WINDOWS\system32\Macromed

2008-12-17 16:34:53 ----A---- C:\WINDOWS\system32\wuweb.dll

2008-12-17 16:34:53 ----A---- C:\WINDOWS\system32\wucltui.dll

2008-12-17 16:34:53 ----A---- C:\WINDOWS\system32\wuauserv.dll

2008-12-17 16:34:52 ----A---- C:\WINDOWS\system32\wups.dll

2008-12-17 16:34:52 ----A---- C:\WINDOWS\system32\wuaueng1.dll

2008-12-17 16:34:52 ----A---- C:\WINDOWS\system32\wuaueng.dll

2008-12-17 16:34:52 ----A---- C:\WINDOWS\system32\wuauclt1.exe

2008-12-17 16:34:52 ----A---- C:\WINDOWS\system32\wuauclt.exe

2008-12-17 16:34:52 ----A---- C:\WINDOWS\system32\wuapi.dll

2008-12-17 16:34:51 ----A---- C:\WINDOWS\system32\qmgrprxy.dll

2008-12-17 16:34:51 ----A---- C:\WINDOWS\system32\qmgr.dll

2008-12-17 16:34:51 ----A---- C:\WINDOWS\system32\bitsprx3.dll

2008-12-17 16:34:51 ----A---- C:\WINDOWS\system32\bitsprx2.dll

2008-12-17 16:34:47 ----D---- C:\Arquivos de programas\Movie Maker

2008-12-17 16:34:40 ----A---- C:\WINDOWS\system32\safrslv.dll

2008-12-17 16:34:40 ----A---- C:\WINDOWS\system32\safrdm.dll

2008-12-17 16:34:40 ----A---- C:\WINDOWS\system32\safrcdlg.dll

2008-12-17 16:34:40 ----A---- C:\WINDOWS\system32\racpldlg.dll

2008-12-17 16:34:35 ----A---- C:\WINDOWS\system32\fltMc.exe

2008-12-17 16:34:35 ----A---- C:\WINDOWS\system32\fltlib.dll

2008-12-17 16:34:34 ----D---- C:\WINDOWS\system32\Restore

2008-12-17 16:34:34 ----A---- C:\WINDOWS\system32\srsvc.dll

2008-12-17 16:34:34 ----A---- C:\WINDOWS\system32\srrstr.dll

2008-12-17 16:34:34 ----A---- C:\WINDOWS\system32\srclient.dll

2008-12-17 16:34:33 ----A---- C:\WINDOWS\system32\msoert2.dll

2008-12-17 16:34:33 ----A---- C:\WINDOWS\system32\msoeacct.dll

2008-12-17 16:34:31 ----A---- C:\WINDOWS\system32\inetres.dll

2008-12-17 16:34:31 ----A---- C:\WINDOWS\system32\inetcomm.dll

2008-12-17 16:34:29 ----D---- C:\Arquivos de programas\Outlook Express

2008-12-17 16:34:29 ----A---- C:\WINDOWS\system32\schedsvc.dll

2008-12-17 16:34:29 ----A---- C:\WINDOWS\system32\mstinit.exe

2008-12-17 16:34:29 ----A---- C:\WINDOWS\system32\mstask.dll

2008-12-17 16:34:28 ----A---- C:\WINDOWS\system32\isign32.dll

2008-12-17 16:34:28 ----A---- C:\WINDOWS\system32\inetcfg.dll

2008-12-17 16:34:28 ----A---- C:\WINDOWS\system32\icwphbk.dll

2008-12-17 16:34:28 ----A---- C:\WINDOWS\system32\icwdial.dll

2008-12-17 16:34:21 ----D---- C:\Arquivos de programas\Arquivos comuns\System

2008-12-17 16:34:19 ----D---- C:\Arquivos de programas\Internet Explorer

2008-12-17 16:33:35 ----D---- C:\Arquivos de programas\ComPlus Applications

2008-12-17 16:33:33 ----A---- C:\WINDOWS\vbaddin.ini

2008-12-17 16:33:33 ----A---- C:\WINDOWS\vb.ini

2008-12-17 16:33:28 ----D---- C:\WINDOWS\Registration

2008-12-17 16:33:21 ----D---- C:\Arquivos de programas\Windows Media Player

2008-12-17 16:33:11 ----D---- C:\Arquivos de programas\MSN Gaming Zone

2008-12-17 16:33:11 ----A---- C:\WINDOWS\system32\write.exe

2008-12-17 16:32:59 ----A---- C:\WINDOWS\system32\sndvol32.exe

2008-12-17 16:32:59 ----A---- C:\WINDOWS\system32\hticons.dll

2008-12-17 16:32:59 ----A---- C:\WINDOWS\system32\avwav.dll

2008-12-17 16:32:58 ----A---- C:\WINDOWS\system32\winchat.exe

2008-12-17 16:32:58 ----A---- C:\WINDOWS\system32\avtapi.dll

2008-12-17 16:32:58 ----A---- C:\WINDOWS\system32\avmeter.dll

2008-12-17 16:32:49 ----A---- C:\WINDOWS\system32\getuname.dll

2008-12-17 16:32:49 ----A---- C:\WINDOWS\system32\charmap.exe

2008-12-17 16:32:49 ----A---- C:\WINDOWS\system32\calc.exe

2008-12-17 16:32:48 ----A---- C:\WINDOWS\system32\winmine.exe

2008-12-17 16:32:48 ----A---- C:\WINDOWS\system32\sol.exe

2008-12-17 16:32:47 ----A---- C:\WINDOWS\system32\usrlogon.cmd

2008-12-17 16:32:47 ----A---- C:\WINDOWS\system32\tsshutdn.exe

2008-12-17 16:32:47 ----A---- C:\WINDOWS\system32\tslabels.ini

2008-12-17 16:32:47 ----A---- C:\WINDOWS\system32\tskill.exe

2008-12-17 16:32:47 ----A---- C:\WINDOWS\system32\tsdiscon.exe

2008-12-17 16:32:47 ----A---- C:\WINDOWS\system32\tscon.exe

2008-12-17 16:32:47 ----A---- C:\WINDOWS\system32\reset.exe

2008-12-17 16:32:47 ----A---- C:\WINDOWS\system32\mshearts.exe

2008-12-17 16:32:47 ----A---- C:\WINDOWS\system32\freecell.exe

2008-12-17 16:32:46 ----A---- C:\WINDOWS\system32\shadow.exe

2008-12-17 16:32:46 ----A---- C:\WINDOWS\system32\rwinsta.exe

2008-12-17 16:32:46 ----A---- C:\WINDOWS\system32\regini.exe

2008-12-17 16:32:46 ----A---- C:\WINDOWS\system32\rdpcfgex.dll

2008-12-17 16:32:46 ----A---- C:\WINDOWS\system32\qwinsta.exe

2008-12-17 16:32:46 ----A---- C:\WINDOWS\system32\qappsrv.exe

2008-12-17 16:32:46 ----A---- C:\WINDOWS\system32\msg.exe

2008-12-17 16:32:46 ----A---- C:\WINDOWS\system32\logoff.exe

2008-12-17 16:32:46 ----A---- C:\WINDOWS\system32\cdmodem.dll

2008-12-17 16:32:45 ----A---- C:\WINDOWS\system32\msdtcprf.ini

2008-12-17 16:32:45 ----A---- C:\WINDOWS\system32\dcomcnfg.exe

2008-12-17 16:32:44 ----A---- C:\WINDOWS\system32\stclient.dll

2008-12-17 16:32:44 ----A---- C:\WINDOWS\system32\mtxlegih.dll

2008-12-17 16:32:44 ----A---- C:\WINDOWS\system32\mtxex.dll

2008-12-17 16:32:44 ----A---- C:\WINDOWS\system32\mtxdm.dll

2008-12-17 16:32:44 ----A---- C:\WINDOWS\system32\comsnap.dll

2008-12-17 16:32:44 ----A---- C:\WINDOWS\system32\comrepl.dll

2008-12-17 16:32:44 ----A---- C:\WINDOWS\system32\comaddin.dll

2008-12-17 16:32:37 ----A---- C:\WINDOWS\system32\wmimgmt.msc

2008-12-17 16:32:36 ----A---- C:\WINDOWS\system32\sndrec32.exe

2008-12-17 16:32:36 ----A---- C:\WINDOWS\system32\mplay32.exe

2008-12-17 16:32:36 ----A---- C:\WINDOWS\system32\hypertrm.dll

2008-12-17 16:32:36 ----A---- C:\WINDOWS\system32\accwiz.exe

2008-12-17 16:32:35 ----D---- C:\Arquivos de programas\Windows NT

2008-12-17 16:32:35 ----A---- C:\WINDOWS\system32\mspaint.exe

2008-12-17 16:32:35 ----A---- C:\WINDOWS\system32\clipbrd.exe

2008-12-17 16:32:34 ----A---- C:\WINDOWS\system32\tscfgwmi.dll

2008-12-17 16:32:34 ----A---- C:\WINDOWS\system32\spider.exe

2008-12-17 16:32:33 ----A---- C:\WINDOWS\system32\tscupgrd.exe

2008-12-17 16:32:33 ----A---- C:\WINDOWS\system32\sessmgr.exe

2008-12-17 16:32:33 ----A---- C:\WINDOWS\system32\remotepg.dll

2008-12-17 16:32:33 ----A---- C:\WINDOWS\system32\rdshost.exe

2008-12-17 16:32:33 ----A---- C:\WINDOWS\system32\rdsaddin.exe

2008-12-17 16:32:33 ----A---- C:\WINDOWS\system32\rdchost.dll

2008-12-17 16:32:33 ----A---- C:\WINDOWS\system32\mstscax.dll

2008-12-17 16:32:33 ----A---- C:\WINDOWS\system32\mstsc.exe

2008-12-17 16:32:32 ----A---- C:\WINDOWS\system32\termsrv.dll

2008-12-17 16:32:32 ----A---- C:\WINDOWS\system32\rdpwsx.dll

2008-12-17 16:32:32 ----A---- C:\WINDOWS\system32\rdpsnd.dll

2008-12-17 16:32:32 ----A---- C:\WINDOWS\system32\rdpclip.exe

2008-12-17 16:32:32 ----A---- C:\WINDOWS\system32\qprocess.exe

2008-12-17 16:32:32 ----A---- C:\WINDOWS\system32\icaapi.dll

2008-12-17 16:32:32 ----A---- C:\WINDOWS\system32\cfgbkend.dll

2008-12-17 16:32:31 ----D---- C:\WINDOWS\system32\MsDtc

2008-12-17 16:32:31 ----A---- C:\WINDOWS\system32\mtxoci.dll

2008-12-17 16:32:31 ----A---- C:\WINDOWS\system32\msdtcuiu.dll

2008-12-17 16:32:31 ----A---- C:\WINDOWS\system32\msdtctm.dll

2008-12-17 16:32:31 ----A---- C:\WINDOWS\system32\msdtcprx.dll

2008-12-17 16:32:30 ----A---- C:\WINDOWS\system32\xolehlp.dll

2008-12-17 16:32:30 ----A---- C:\WINDOWS\system32\msdtclog.dll

2008-12-17 16:32:30 ----A---- C:\WINDOWS\system32\msdtc.exe

2008-12-17 16:32:29 ----D---- C:\WINDOWS\system32\Com

2008-12-17 16:32:29 ----A---- C:\WINDOWS\system32\colbact.dll

2008-12-17 16:32:29 ----A---- C:\WINDOWS\system32\clbcatex.dll

2008-12-17 16:32:29 ----A---- C:\WINDOWS\system32\catsrvut.dll

2008-12-17 16:32:29 ----A---- C:\WINDOWS\system32\catsrvps.dll

2008-12-17 16:32:29 ----A---- C:\WINDOWS\system32\catsrv.dll

2008-12-17 16:32:28 ----A---- C:\WINDOWS\system32\comuid.dll

2008-12-17 16:32:28 ----A---- C:\WINDOWS\system32\comsvcs.dll

2008-12-17 16:32:28 ----A---- C:\WINDOWS\system32\clbcatq.dll

2008-12-17 16:32:21 ----A---- C:\WINDOWS\system32\servdeps.dll

2008-12-17 16:32:20 ----A---- C:\WINDOWS\system32\mmfutil.dll

2008-12-17 16:32:20 ----A---- C:\WINDOWS\system32\licwmi.dll

2008-12-17 16:32:20 ----A---- C:\WINDOWS\system32\cmprops.dll

2008-12-17 14:28:06 ----A---- C:\WINDOWS\system32\h323log.txt

2008-12-17 14:24:07 ----A---- C:\WINDOWS\system32\usbui.dll

2008-12-17 14:23:48 ----D---- C:\WINDOWS\SiS

2008-12-17 14:22:09 ----SHD---- C:\WINDOWS\Installer

2008-12-17 14:22:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-12-17 14:22:08 ----D---- C:\Arquivos de programas\Arquivos comuns\ODBC

2008-12-17 14:22:08 ----A---- C:\WINDOWS\ODBCINST.INI

2008-12-17 14:22:05 ----D---- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2008-12-17 14:22:04 ----RD---- C:\Arquivos de programas

2008-12-17 14:22:04 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2008-12-17 14:22:04 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-12-17 14:21:55 ----A---- C:\WINDOWS\system32\irclass.dll

2008-12-17 14:21:55 ----A---- C:\WINDOWS\system32\dgsetup.dll

2008-12-17 14:21:55 ----A---- C:\WINDOWS\system32\dgrpsetu.dll

2008-12-17 14:21:54 ----A---- C:\WINDOWS\system32\spxcoins.dll

2008-12-17 14:21:54 ----A---- C:\WINDOWS\system32\EqnClass.Dll

2008-12-17 14:21:52 ----N---- C:\WINDOWS\system32\CONFIG.TMP

2008-12-17 14:21:52 ----A---- C:\WINDOWS\TASKMAN.EXE

2008-12-17 14:21:51 ----A---- C:\WINDOWS\system32\batt.dll

2008-12-17 14:21:51 ----A---- C:\WINDOWS\NOTEPAD.EXE

2008-12-17 14:21:49 ----A---- C:\WINDOWS\system32\storprop.dll

2008-12-17 14:21:39 ----ASH---- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

2008-12-17 14:19:56 ----RA---- C:\WINDOWS\SET8.tmp

2008-12-17 14:19:53 ----RA---- C:\WINDOWS\SET4.tmp

2008-12-17 14:19:52 ----RA---- C:\WINDOWS\SET3.tmp

2008-12-17 14:19:46 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-17 14:19:46 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-17 14:19:41 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2008-12-17 14:19:14 ----D---- C:\Documents and Settings

2008-12-17 14:19:13 ----SHD---- C:\System Volume Information

2008-12-17 14:18:33 ----SH---- C:\boot.ini

2008-12-17 14:13:00 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-17 14:13:00 ----RSD---- C:\WINDOWS\Fonts

2008-12-17 14:13:00 ----RD---- C:\WINDOWS\Web

2008-12-17 14:13:00 ----HD---- C:\WINDOWS\inf

2008-12-17 14:13:00 ----D---- C:\WINDOWS\WinSxS

2008-12-17 14:13:00 ----D---- C:\WINDOWS\twain_32

2008-12-17 14:13:00 ----D---- C:\WINDOWS\Temp

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\wins

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\wbem

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\usmt

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\spool

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\ShellExt

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\Setup

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\ras

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\oobe

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\npp

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\mui

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\inetsrv

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\IME

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\icsxml

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\ias

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\export

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\drivers

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\dhcp

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\config

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\3com_dmi

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\3076

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\2052

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\1054

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\1046

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\1042

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\1041

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\1037

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\1033

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\1031

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\1028

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32\1025

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system32

2008-12-17 14:13:00 ----D---- C:\WINDOWS\system

2008-12-17 14:13:00 ----D---- C:\WINDOWS\security

2008-12-17 14:13:00 ----D---- C:\WINDOWS\Resources

2008-12-17 14:13:00 ----D---- C:\WINDOWS\repair

2008-12-17 14:13:00 ----D---- C:\WINDOWS\Provisioning

2008-12-17 14:13:00 ----D---- C:\WINDOWS\PeerNet

2008-12-17 14:13:00 ----D---- C:\WINDOWS\pchealth

2008-12-17 14:13:00 ----D---- C:\WINDOWS\NLDRV

2008-12-17 14:13:00 ----D---- C:\WINDOWS\mui

2008-12-17 14:13:00 ----D---- C:\WINDOWS\msapps

2008-12-17 14:13:00 ----D---- C:\WINDOWS\msagent

2008-12-17 14:13:00 ----D---- C:\WINDOWS\Media

2008-12-17 14:13:00 ----D---- C:\WINDOWS\java

2008-12-17 14:13:00 ----D---- C:\WINDOWS\ime

2008-12-17 14:13:00 ----D---- C:\WINDOWS\Help

2008-12-17 14:13:00 ----D---- C:\WINDOWS\ehome

2008-12-17 14:13:00 ----D---- C:\WINDOWS\Driver Cache

2008-12-17 14:13:00 ----D---- C:\WINDOWS\Debug

2008-12-17 14:13:00 ----D---- C:\WINDOWS\Cursors

2008-12-17 14:13:00 ----D---- C:\WINDOWS\Connection Wizard

2008-12-17 14:13:00 ----D---- C:\WINDOWS\Config

2008-12-17 14:13:00 ----D---- C:\WINDOWS\AppPatch

2008-12-17 14:13:00 ----D---- C:\WINDOWS\addins

2008-12-17 14:13:00 ----D---- C:\WINDOWS

 

======List of files/folders modified in the last 1 months======

 

2008-12-18 14:42:23 ----A---- C:\WINDOWS\system32\prsgrc.dll

2008-12-18 14:42:23 ----A---- C:\WINDOWS\system32\efj1wpe.dll

2008-12-18 14:38:49 ----A---- C:\WINDOWS\system32\m4zdzvx.dll

2008-12-18 14:38:47 ----A---- C:\WINDOWS\system32\grcauth2.dll

2008-12-18 14:38:47 ----A---- C:\WINDOWS\system32\grcauth1.dll

2008-12-18 14:38:44 ----A---- C:\WINDOWS\system32\clauth2.dll

2008-12-18 14:38:44 ----A---- C:\WINDOWS\system32\clauth1.dll

2008-12-18 14:38:43 ----A---- C:\WINDOWS\system32\ssprs.dll

2008-12-17 16:37:43 ----A---- C:\WINDOWS\win.ini

2008-12-17 14:22:03 ----A---- C:\WINDOWS\system.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472]

R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-12-17 75072]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]

R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-05-12 12416]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2008-03-18 350720]

R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []

R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []

R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2005-11-02 88800]

R2 SSIPDDP;SSIPDDP Parallel port device driver; \??\C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS []

R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-03-19 613244]

R3 Arp1394;Protocolo cliente 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]

R3 avgntflt;avgntflt; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 NIC1394;Driver de rede 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]

R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-05-14 217600]

R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S2 DS1410D;DS1410D; C:\WINDOWS\SYSTEM32\drivers\DS1410D.SYS []

S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-07-05 238976]

S3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-07-23 46336]

S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-07-05 14976]

S3 FXDRV;FXDRV; \??\E:\Fxdrv.sys []

S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2007-06-10 32768]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager; C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2004-10-26 909312]

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2008-04-24 2562048]

R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe [2008-12-17 77944]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-05-17 825344]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

 

-----------------EOF-----------------

 

________________________________________________________________________________

_________________________________________

________________________________________________________________________________

_________________________________________

 

info.txt logfile of random's system information tool 1.05 2009-01-07 01:56:28

 

======Uninstall list======

 

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x416 -uninst

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 7.0.9 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A70900000002}

AltoQi Eberick V5 Gold-->"C:\Arquivos de programas\AltoQi\AltoQi Eberick V5 Gold\Setup\unins000.exe"

ANSYS Workbench Products 10.0-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{05D75184-729C-47F6-8487-E2AFF72D4CC5}\setup.exe" -l0x9

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Atualização de Segurança para Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Atualização para Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Atualização para Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

AutoCAD 2006 - English-->MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}

Autodesk DWF Viewer-->C:\ARQUIV~1\Autodesk\AUTODE~1\Setup.exe /remove

Avira AntiVir Personal - Free Antivirus-->C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

doPDF 6.1 printer-->"C:\Arquivos de programas\Softland\doPDF 6\unins000.exe"

eMule-->"C:\Arquivos de programas\eMule\Uninstall.exe"

Full Tilt Poker-->"C:\Arquivos de programas\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly

HijackThis 2.0.2-->"C:\Hijack\HijackThis.exe" /uninstall

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

HP Deskjet 3840 Series-->rundll32 hpzcon10.dll,VendorJettison HP Deskjet 3840 Series

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

K-Lite Mega Codec Pack 4.3.1-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack-->MsiExec.exe /X{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}

Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Nero 6 Ultra Edition-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

Nero DVD/MP3Pro/ACC Plugin-->"C:\Program Files\Ahead\Nero\uninstall.exe"

NeroDigital MPEG-1/2/4 & AVC decoder v2.02-->RunDLL32.exe advpack.dll,LaunchINFSection nevideo.inf, UnInstall

PokerStars-->"C:\Arquivos de programas\PokerStars\PokerStarsUninstall.exe" /u:PokerStars

PowerISO-->"C:\Arquivos de programas\PowerISO\uninstall.exe"

Realtek AC'97 Audio-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

Sentinel Protection Installer 7.2.1-->MsiExec.exe /I{97407E09-4EA8-49F0-A513-2C1776A6DEC0}

SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe

SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R

Winamp (remove only)-->"C:\Arquivos de programas\Winamp\UninstWA.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition

 

System event log

 

Computer Name: ASP007

Event Code: 3260

Message: O computador ingressou em workgroup 'G1' com êxito.

 

Record Number: 5

Source Name: Workstation

Time Written: 20081217163215.000000-120

Event Type: Informações

User:

 

Computer Name: ASP007

Event Code: 6011

Message: O nome NetBIOS e o nome do host DNS deste computador foram alterados de MACHINENAME para ASP007.

 

Record Number: 4

Source Name: EventLog

Time Written: 20081217162809.000000-120

Event Type: Informações

User:

 

Computer Name: MACHINENAME

Event Code: 2

Message: Ao se verificar se \Device\Serial0 era uma porta serial, uma fila foi detectada e será usada.

 

Record Number: 3

Source Name: Serial

Time Written: 20081217141938.000000-120

Event Type: Informações

User:

 

Computer Name: MACHINENAME

Event Code: 6005

Message: O serviço Log de eventos foi iniciado.

 

Record Number: 2

Source Name: EventLog

Time Written: 20081217141920.000000-120

Event Type: Informações

User:

 

Computer Name: MACHINENAME

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.

 

Record Number: 1

Source Name: EventLog

Time Written: 20081217141920.000000-120

Event Type: Informações

User:

 

Application event log

 

Computer Name: ASP007

Event Code: 1517

Message: O Windows salvou o Registro ASP007\Administrador do usuário enquanto um aplicativo ou serviço ainda estava usando o Registro durante o logoff. A memória usada pelo Registro do usuário não foi liberada. O Registro será descarregado quando não estiver mais em uso.

 

 

Em geral, isso é causado por serviços que estão sendo executados como uma conta de usuário. Tente configurá-los para que sejam executados na conta LocalService ou NetworkService.

 

Record Number: 548

Source Name: Userenv

Time Written: 20090103151128.000000-120

Event Type: aviso

User: AUTORIDADE NT\SYSTEM

 

Computer Name: ASP007

Event Code: 1800

Message: O Serviço da Central de Segurança do Windows foi iniciado.

 

Record Number: 547

Source Name: SecurityCenter

Time Written: 20090103133236.000000-120

Event Type: Informações

User:

 

Computer Name: ASP007

Event Code: 4096

Message: The AntiVir service has been started successfully!

 

Record Number: 546

Source Name: Avira AntiVir

Time Written: 20090103133233.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: ASP007

Event Code: 1517

Message: O Windows salvou o Registro ASP007\Administrador do usuário enquanto um aplicativo ou serviço ainda estava usando o Registro durante o logoff. A memória usada pelo Registro do usuário não foi liberada. O Registro será descarregado quando não estiver mais em uso.

 

 

Em geral, isso é causado por serviços que estão sendo executados como uma conta de usuário. Tente configurá-los para que sejam executados na conta LocalService ou NetworkService.

 

Record Number: 545

Source Name: Userenv

Time Written: 20090102163744.000000-120

Event Type: aviso

User: AUTORIDADE NT\SYSTEM

 

Computer Name: ASP007

Event Code: 11708

Message: Produto: HP Deskjet 3840 -- A operação de instalação falhou.

 

Record Number: 544

Source Name: MsiInstaller

Time Written: 20090102163330.000000-120

Event Type: Informações

User: ASP007\Administrador

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=0801

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"AWP_ROOT100"=C:\Arquivos de programas\ANSYS Inc\v100

"AWP_LOCALE100"=en-us

"ANSYS_SYSDIR"=Intel

"ANSYS_SYSDIR32"=Intel

"CADOE_LIBDIR100"=C:\Arquivos de programas\ANSYS Inc\v100\CommonFiles\Language\en-us

"ANSYSLIC_DIR"=C:\Arquivos de programas\Ansys Inc\Shared Files\Licensing

 

-----------------EOF-----------------

 

________________

________________

 

 

Estou no aguardo para novas instruções.

 

Abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! engcivil

 

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-o no Desktop!

<@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall )

<@> Para maiores detalhes,na instalação,siga as recomendações deste Tutorial. <-- Link

<@> Execute a ferramenta,com um duplo-clique em UsbFix.exe.

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

engcivil    0

engcivil
Postado

Bom dia DigRam,

 

segue o log do UsbFix:

 

 

 

-------------- UsbFix V2.413.9 ---------------

 

* User : Administrador - ASP007

* Outils mis a jours le 05/01/2009 par Chiquitine29 et Chimay8

* Recherche effectuée à 11:41:45 le qua 07/01/2009

* Windows Xp - Internet Explorer 7.0.5730.11

 

 

--------------- [ Processus actifs ] ----------------

 

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe

C:\WINDOWS\system32\hasplms.exe

C:\WINDOWS\System32\alg.exe

 

--------------- [ Informations lecteurs ] ----------------

 

C: - Unidade de disco fixo

 

D: - Unidade de disco fixo

 

F: - Unidade de disco remov¡vel

 

G: - Unidade de disco remov¡vel

 

 

+- Contenu de l'autorun : D:\autorun.inf

 

[autorun]

;cyoepcfaatlvzvufahqnyjjfvntdnjgpfqkfbvdljuvoixfpyalpckqiulbjgoqfbopftqpmiaijphx

eekgypzredhdbi

shellexecute="resycled\boot.com d:"

;rngbkbpayhiylmueqvhytryrvbrknfjwixcxclhzdpxrqwbcchwtvualoyehb

shell\Open\command="resycled\boot.com d:"

;zmi

 

+- Contenu de l'autorun : F:\autorun.inf

 

[autorun]

open=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

icon=%SystemRoot%\system32\SHELL32.dll,4

action=Open folder to view files

shell\open=Open

shell\open\command=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

shell\open\default=1

 

+- Contenu de l'autorun : G:\autorun.inf

 

[autorun]

open=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

icon=%SystemRoot%\system32\SHELL32.dll,4

action=Open folder to view files

shell\open=Open

shell\open\command=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

shell\open\default=1

 

--------------- [ Lecteur C ] ----------------

 

C: - Unidade de disco fixo

 

 

+- Listing des fichiers présents :

 

[17/12/2008 16:37][--a------] C:\AUTOEXEC.BAT

[03/08/2004 22:38][-rahs----] C:\NTDETECT.COM

[07/01/2009 01:55][--a------] C:\RSIT.exe

[17/12/2008 16:28][---hs----] C:\boot.ini

[07/01/2009 11:41][--a------] C:\UsbFix.txt

[17/12/2008 16:37][--a------] C:\CONFIG.SYS

[17/12/2008 16:37][--a------] C:\IO.SYS

[17/12/2008 16:37][--a------] C:\MSDOS.SYS

[17/12/2008 16:37][--a------] C:\pagefile.sys

 

--------------- [ Lecteur D ] ----------------

 

D: - Unidade de disco fixo

 

 

+- Listing des fichiers présents :

 

[29/01/2008 21:28][--a------] D:\AUTOEXEC.BAT

[16/12/2008 21:26][-r-hs----] D:\autorun.inf

[29/01/2008 21:28][--a------] D:\CONFIG.SYS

 

--------------- [ Lecteur F ] ----------------

 

F: - Unidade de disco remov¡vel

 

 

+- Listing des fichiers présents :

 

[03/12/2008 16:49][-rahs----] F:\autorun.inf

 

--------------- [ Lecteur G ] ----------------

 

G: - Unidade de disco remov¡vel

 

 

+- Listing des fichiers présents :

 

[25/11/2008 08:53][-r-hs----] G:\ij.bat

[06/01/2009 23:19][-rahs----] G:\autorun.inf

 

--------------- [ Registre / Startup ] ----------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="&http://home.microsoft.com/intl/br/access/allinone.asp"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

SoundMan=SOUNDMAN.EXE

SiS Windows KeyHook=C:\WINDOWS\system32\keyhook.exe

SiSUSBRG=C:\WINDOWS\SiSUSBrg.exe

NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe

avgnt="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=

Installed=1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=

Installed=1

NoChange=1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=

Installed=1

 

--------------- [ Registre / Mountpoint2 ] ----------------

 

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9a3b21f-d77c-11dd-b432-00016c39a799}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9a3b21f-d77c-11dd-b432-00016c39a799}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa85ed72-cd46-11dd-b414-00016c39a799}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa85ed72-cd46-11dd-b414-00016c39a799}\Shell\open\Command

 

--------------- [ Nettoyage des disques ] ----------------

 

D:\autorun.inf ~> fichier appelé : "D:\"resycled\boot.com d:"" ( absent ! )

F:\autorun.inf ~> fichier appelé : "F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe" ( présent ! )

Supprimé ! - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

G:\autorun.inf ~> fichier appelé : "G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe" ( présent ! )

Supprimé ! - G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

Supprimé ! - [16/12/2008 21:26][-r-hs----] D:\autorun.inf

Supprimé ! - [12/12/2008 09:33][-r-hs----] D:\resycled\boot.com

Supprimé ! - [07/01/2009 11:43][dr-hs----] D:\resycled

Supprimé ! - [03/12/2008 16:49][-rahs----] F:\autorun.inf

Supprimé ! - [06/01/2009 23:19][-rahs----] G:\autorun.inf

Supprimé ! - [25/11/2008 08:53][-r-hs----] G:\ij.bat

 

--------------- [ Resumé ] ----------------

 

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

 

[17/12/2008 16:37][--a------] C:\AUTOEXEC.BAT

[03/08/2004 22:38][-rahs----] C:\NTDETECT.COM

[07/01/2009 01:55][--a------] C:\RSIT.exe

[17/12/2008 16:28][---hs----] C:\boot.ini

[29/01/2008 21:28][--a------] D:\AUTOEXEC.BAT

 

--------------- [ Vaccination ] ----------------

 

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

G:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

 

--------------- ! Fin du rapport ! ----------------

 

_____________

_____________

_____________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:48:26, on 7/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe

C:\WINDOWS\system32\hasplms.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\keyhook.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229552407536

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe

 

--

End of file - 5908 bytes

 

_____

_____

_____

 

Obrigado e aguardando...

 

Abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! engcivil

 

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado (a),execute a ferramenta! --> Duplo clique em dds.scr.

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Outra janela,finalmente ,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

engcivil    0

engcivil
Postado

Bom dia DigRam,

 

desabilitei os programas de proteção, desconectei mas parece ter havido algum erro...

olha o uma parte do log que ele retornou...e também não abriu a nova janela do Optional Scan...

___________________

 

MZP ÿÿ ¸ @ º ´ Í!¸LÍ!This program must be run under Win32

$7 PE L pÛÇH à À € PC P @ p ìd P ì UPX0 € € àUPX1 À ¶ @ à.rsrc P º @ À 3.03 UPX!

íÆwçW’+ G³ 6 & 'ÿï¾ýè +pP6z U‹ìSVW‹}‹]wïþÿ‹u‹ÓÿuhåPA j‹Æ‹Ï0H¬îîþíë,tKtëW!jfVB9(¸î¿ÿï ëGfçÿÿfÿÏt#ë0h€“ß¿îh¬iFe)8˜j18z¿ýµ[3Àë_^[]Â!Ø ’ò½Û»%é~‹E£8j$ÿ53Ù—ìv €£J»Ý½ÿgfƒïdup¡+NPðPZ¸{+]{orЋ

lIf ûh„ÀtVë7h pÛ»‡ÈçP¸Äð›Pƒ°•îHuö ÿÊü uä³,]ÖQÃ?öGîN„$ä ™‰ŒÖ}³µa&ƒ=<vA í¡½˜”S¿"·p–‘@@«rKØÿ{ljijg8’‹ðEèPÀ}öµÿÂjUèRS)

òÖ94jÝþ›ÙýÀÁ1‹Mô+MìAQ¼ð+

ÿm»5@P³ìèhD¡Ph™¼hÖ¶± À>P‹ø…

4D-˜»pëa}ùgc}@vb‹÷1¶…[hˆ

ª08"hágå·4@»5…èûIYá#‚—ãÈ–Ê…÷û‰R€=

Yóº‹Áðmß•+Rˆü:FtV»Ý澄ƭTT¹Hº<_á—n¸<(): »ÂÛð~¹N‹"“:

ÚÝËöÈ€=u[Æ†Û ¿–!º0Þź)÷$òÜ‹Çbn»XGÿ›*~Ó\Y¼Ý~þA•‹ÎR`ÄÁ~¡DzØîAŽ6HŽ—03ÉpØgKLt+F"½#k¯FE¡>Û ð”*t9G¨N/Þé+QE0t8huÇÇ”QÃFSв÷cs›¹ ‡S²ð„òu

]8t| é~ï6²ºf/)H„

e=—ï-7¿2”a)=äǃuj¿ëtäÆ…ì¤a¸}ò²f‡ÄPª ›¯rÉLI6K¹aØî… ¸d9›è×LGÓY–èþ,×]Œ…=NRjÓl­$Œœ%È ‡•

?¤Ý’Ã$Þ…v<²°˜!jÿí± IºHCWÂ.œíc.ÆEû’…_3ÒºìÃ^4uòƒøÆNº·u%Pç7ˆÃ¶ÿ/•ÂƒâˆUú€}úm/,,f*

,…pÊ Xú~c\g%ta;4q6ãß²ðå5ÏQƒdƒÄà9C;rÈÃÛŒõ"%°wï•ÝlˆEhï;œ#º;Ü#¡_ïxƒ•yt&ûŠMûƒpͶýùÀ÷ØIù%ùÌ4÷±ÎA‘È¿þh

]ºÛ²½ë

aQc<µT›ëë´P®Ç… <> ÛÌÜ4@‰Iû{.7rQA•@‰ÓÜl›ê>šPAü¶Üç: $… üáÐRË?(h'4µûÁý¹8z^hô-E¸‹†k®û‰

\GëäÜÕÓÂÁHòU¸‚ihxnÙ¦/9 ¯¸ ±º*¾€]àÀ¬$¸~6*RɆã1PøÿNˆ YÚÍ0 ï ¤$¯

#{d½¹¹+ëK*@¹:ÆIù$óo\GN¶<u,3À±°wc`鉵9

²v~aKXÍœ¿qÀ¡6| u¾ƒø&÷£

¾„!tƒÆû ïEBEFÈÒ éëËëDí vØ Î d‹%äS†,–Ћå+$ŽHÅ

ÑÛA“!f¤‰×¬¿qY'é~/jªPC¹Á\ ¿P‚$È$²yPHPÑ„``Ã?<ö…œL5ë&B.’†RS

ÊÍD× ýN‰MG.ìâø‹ò

…ö/ß

¾Öš[“ÜßÛgÁâ³ÝÿîòÜÑ¡pCƒû|èƒÏÿ1tî4d¸+ï/Öî¿k7‹û€%

|߃ÿ‡aSå²Ûúÿ$½h>œ¤GfÙ,›e. q!'fÛ4Ë£"Ùõµ%Ç,:·õƒ}øÃDg{ÇÝ+%Àw2éNv

\ßÌ™#—ÜÔkK€I3r»Ð

0gZ\nrˆ

pj@-tÖ[µ7š€½, 3°³-=8

¢.GÆ:&W—{YW^øaCñ˜‹Ø$|„oÉ;Ãry{çV~¡Túî x#ë²sÆ„üV¹Ž>œß,ñ®H}f×À¬Ù

7l\`Þ•0r%[˜Ýjœ6ûtr(ØÂÛbÜSIg:há_;RU†ä>üRCë-40 |P"pØ'3|H!j?77vgÓf(„íÉL/ƒÙ—þìK ‘„^—Ž ?ÑCÈý”Ãã„Ûuºë¢½ ‰ò÷½GëD+u¬ Ÿ])ì©#

(JôâØãðxŠÐU6÷>ÝVˆ¬£2?Úvû ÆŒ‹×bŒ‡

˜é9ì@·¢q°$5Ã}F§›”St*FØ\j„ïÀüNŠÿè^_P"uC:˜=샖Mü劃ú.uäK\¯Õ-¼S€6ý]Èu»e–8€;YÛXÀŠC*ø:b'µÕe¥Î)˜Q·¡«Eºð=h–ýC‹Å›&-ÇEä/ÏUÙÝ>7R,èQ*RXi°ÏÃ(,¸¹»–ìt)Š¶«”û

6Ùë­°Šº˜%¨Ü(ƃ–èø»6f;s

©*

"ðÖOñ¼I €xäuÆ’ÏÀïe¸D²W

L(p€µ{·Øx

f Šh-†,I¯6EDÌĆò„­¶ù+mRÈ%ÙE2˜‡a°ó ‰®úüHÐzœÄ^(3áYßþ9^Š€ér%/t

þu…É«+ƨ`Wv¶©%~À2‹ðÔƒèF Ûo

,të7ª7û6« C²Ì]¥Å…­ˆ›öíŠIüäÖC–JQ7.áüJÒÄ‹:

jP¬²£AFV*R@†¤9FʦF‘¾˜`¹„€Á¹‘ÏK3„× XPÊ Ï4+D¡,†[Ǩº:}ë,„ƒ‹lP:ø@. Ý2/1;ãÿÆ(C€8>dz¼

uÊÇTu¬‹Íî\.A¹=l6 0ŠÜçc„Ó´j$(DÙQ}.”ÞøtetDPH,!g¯8—®Õ>žC.,c

*ª YR¶r(ž$݃5¬³P`䣇p¶GkYÍMÈC.ß²žd³Ã7Ptqë/TéHtë

à<ÍÓ}R˜ÎœÐŒ40Þ)È$+@²mµ Ö_ÝæÒCÖÈÂ…ý@j©¡È¹íûHlÞÓ€\ÿý@¨œ¸t³—tíÑPü0fX‘úà²aDM¬r¿­áG½ëoêý­k]ø D–’/u\ŠÆià‡¬×8tD‰}ÜIË!Ýg[!Ù/Woýf[éþëGëG#Nö‰…nc

"‹oˆ€¡­]øˆG€?ÐŒƒKàr.›nÜ´dÜÏtü4%tGFÏb<Én³½R8Uà

H¯<]¤`CŸ.Ùd-$N=]°‘8,°5¿â°Îsê…©¸2CœçwDTÒ}¦Ÿ·º1¸”

Z¥,,sQ£ä6dü4„wä“îP0•ü0ÒRŒL6òY¯Ü¯É°<æâéŽ87,$7Æš´å*p8YjuÚÔ

:Ÿ#“b;øU÷£öQ ƒ©#=jP–ï½:«vG9…&õLÃj+H™ŽøYh°Q"ü(¨K?›MÆ«…e¥ÛNufv”øåQø3öë^¬ ÈC±µ6=f0üÆöþ€}äuH‰Uøë4&%ø1Ç

v

u

%ÿPì¿}ë

uúˆB,ƒÀþ;ð~s˜‹oaŸFrxYbËØÆCüø7åÛ#·øïøF€6¹Oq¶Iòø´ò(1pÀ­ÝÆD

jøÆçRfHÿÀ÷zÛˆU0Ømö ×Fÿ/EÀ¹<[

XÌ µ5ô¦[‰­Å€¨ªãУl]CYPÜùü[ÿ´i_óÆ ,@wM³Û€<[ué"1 T\«aO‚:+­Ã.ÜyD4EÔ2ª"æöºÎ

]oÔ ŠÜblÒУÙöwº6Û}Ì R™§u+Ì;ýôšd&ÔˆEþ´þ4kÅXhÀá[¶…×d

ÎÐÿ9"é¹ôu3yÀ÷Ð8ºC²^’còÀ÷

d?õ„ñ MÀQÌôýF¼`ƒà[eÄÿ]]¶½^UÀR7¹^Û`¬0+'I¯DŒØŒø=øÈ}4ÔйÜ=Y)L…ç9L³âQ.Ð9c³Ùø5DºŸƒ=Ct2stußßâhXlëºÈ ©©XÇ R

~KI

XuE>äGïÑS@ëJ45Áß¿!

j

S:Ä=àðé%uàûç üËkö\DPy–ß‹ Eº¸Ù)Ü

ZhHÊš(H> üàû6Gräûðû üèû4²‚làûÙa‚_nø¸ôhð€‰íÛB¬Æ‘ën€>¦

33ñüïb{t\ãïÓgû}tsÔÃ=ûç¼Çdkw_‹ü@wkƒþ@KZ~JÔ#|pDÿ•ð

ºÀ­!Fá/ò~QU¡µA±IñEßÇÖûœÓønÿXÕ±…Z‰Ú¦Ã81#®&=H…:tcOi°

/m%d×[lgúø

Í©‡0Œf•]$6^røûÅïøèüQaÁùøjivIKR %<N½ÁX@?ƒ%2{62;Köô÷h¬ôDµ°×Þsp?f¾m²|°@ø••CP¹z…ôˆ<¶Â¬ù&*,

#ñÝ Sÿ^x

¤&|îÚôŸ±

ÁãìƘ,z¶ PìÚ±Ú}¸¬

‹ËÁDiË”[sa}ù;;0‹Ü&%¤7iNCI¶1Ö4!U䬞Þä$ì+ãR$8nŽLÒÂöœjdœ™\ø³YsaâcÌÛŽÝ)ð¡0~€8r3oðÚÄóŒVh€MÞwà ̵ëjSh 8¤Yõùþÿ÷xXzÈù@B vÁéÁë}{5Ü·×;ËvHÓa··

kÁdþ÷óëøc

™pÔòùa+

-t$L`d/üàéà+o !mQ·KðìSW õ; uƒ·–ÖO,€#? þ­G@"FëSˆ]ûîGBF>~•8£Û:!u,,ƒŸ-!×OzÏs tíÒ¡·Kkë$ˆFËmœÛæÌp(_÷YY-ñ•c·ìùÊù ü-Ç'z'b9‚â}nŒÂPX4¶`vñ.Ú…ŒÄžbøR‹K»V*žF9)‹ç­00wàáÛÆKcQ‹ËDÇã°­Î/,ÚÄLC³HÖUv²ô

8RB$m0·lCô€€ƒLÍø|;hæìùÿß=<bÔ|šQkÐl—ô/i5¾ÃXЈÁ! m¢§×ÖUwd£Øœü ¸VÍ=ƒcç&S™82FÍØ„‘üM;°Ø-œP(1mÁ8;<2h ºGâsª

ÿh¬Vžìý£+1í¢<#ÑöËt@jP°õ†¬8ÆMY#h»ì°QÀŠ•êtWSÞvGí€ j¸Bè¸@0ðgë>.

г‡ˆ’J òÙ¿f\@ƒÂë"n

´-ð6Bˆy:Ƚ

f4–ÃC•0†H¹ÿHŸhö-jÜ ¬Ã²¸}Äpúœjg*hÐ¥o:}ЫØ7j™L€QR)æ´lvSeáõ-dwálÄ;ÄR3:h:

EÝ’Èrn[›¶óÌ"¿ƒ<Ø ø¢ƒuMN@½Ä,a“mhD8WzsÛ³u P>̃Wþ‘|˶‚PBÁÀNKÖ_ŽS=™:B•:ßë.gIvðt&iX6‹<°/KI¨?=•†S¸f. Û~ | ëetê„sŒ”™èìô[%SQ}ÞÁ/"‹ñ‰5,X_‰=0‰"7úÚó©aÏàd,¨ Œ^Šx3@hÃP¢oÁÀšr‡˜ º®Ûnt…Ý2%n)ùX™¦kOaTe«ñNëmXzürÛAY÷áëVfØ6«¦…LÒ(imц¿RTWÒÓ–,øYv"pëã_L²<Cë

¨N:ÊA(Ä£pöSÈ)¡ÕÃP”‡ÎBŸ&ÉïðߣXmiôŽï8;ȧð XÌP»N©·øúW·—`

µÖÀHµmÃ}µÐm5p#BPù#JG~ßðû6˜l»,àz[ŽûLà2dŸ;·ï†-@÷Œb‹Ûj2÷+î&YC:•Øöl›$&Û&@½Ô03ÜÏ^9!P¸ ¯f—î×hܹ•PYPÇ~gc?jéVA’ö»uÏ5h¶FD¤‹ÆCÙ¼à踀E¤ößPÙ˜[²P÷û²hTO.„gf‹

»Eß¹hñURÁèQ·ÎöOt¡@ ðQ„`¦s…&–p†)áÙ™•!RQar•kh'WwnKE/%WÂû|¡

 

pú„iö&Ë3öö㧦·Çnt1ƒèt3ß–·ÿjtHtë5 ot(ë(¾óó÷HÙ!¾¾¾ªóó¾¾Ý)Ñ0F\qŒ|¯€#Y\V/u¥“NÍ‹}VÃUMl#Ä£×wÆïO¤fëFdëh‰4V(0 Ä;VpÛKšb»äUãâ×ÊÊ

[kÿ3j

ž$bVœkŽl5ÙÊä

ºý¤Zðº(ëq‹B‚bTun[Gö5¬iWhwÊÚZ¬ã姺"Up©òŒktxº—¡€;p¸¹üØ,ÜXv(:¥Ñhx¯ª§7E–ÖZs@®f¯%+’øÑ+ 8FSo@=ž

x8Æ%á\À€#écÀßQhâï!Ðk0SBè²—Á°a×dp›C73Kl1Ø9Î( y †\k˜cQtƒ–óE ÈSÖªÜ#L7É£çò?Àò¼!kA^Sºñ‡{B4íQêdÙ†gLlG(0¿Ti¬ ¯.Àã

 

Esse arquivo está gigantesco....copiei apenas uma parte....

mas no meio desses simbolos todos encontrei essa parte:

 

 

e ` € x ô ¶ ä € ¸ $T è ä ˆ € €ž €0 €¸ €X €Î €€ €â €¨ € €Ð € À ‚ ä H D 6 ä p | è ä ˜ d * ä À 4 ä è Ä ä ( € P € x €

€ @ W , ä h @Y ² ä ø\ ä ¸ _ ~ ä €à € ø X ä d € 8 ”a ä ` € x ¬a ? ä

A S K N E X T V O L G E T P A S S W O R D 1

L I C E N S E D L G R E N A M E D L G R E P L A C E F I L E D L G S T A R T D L G D V C L A L Øÿ ( @ € € €€ € € € €€ €€€ ÀÀÀ ÿ ÿ ÿÿ ÿ ÿ ÿ ÿÿ ÿÿÿ 33333333330 ÿÿÿÿÿÿÿÿÿó ÿøÿÿÿÿøÿÿó oþÿÿÿÿÿÿó ˆˆˆˆˆˆˆó ÿþÿÿÿÿøÿÿó oˆˆˆˆˆxˆó þÿÿÿÿÿÿó ÿˆˆˆˆˆˆó oþÿÿÿÿñÿó ˆˆˆˆxxó ÿþÿÿÿÿó oˆˆƒ8ˆó þÿ»?ÿÿÿÿÿó ÿˆˆ»ˆˆˆˆˆó oþÿÿÿÿÿˆˆÿó ˆˆƒ8ˆŒÌÇó ÿþÿ»?ÿÿÌÿó oˆˆ»8ˆˆÌxó þÿ»?ÿÿÌÿó ÿˆˆ»8ˆˆÌxó oþÿ»?ÿüÌÿó ˆˆ»ˆˆˆ‡xó ÿþÿÿÿÿÿÌÿó oÿÿÿÿÿÿÌÿÿó ÿÿÿÿÿÿÿÿÿó ÿÿÿÿÿÿÿÿÿÿó ÿÿÿÿÿÿÿÿø ø ð è è ð è è ð è è ð è è ð è è ð è è ð è è ð è è ð ø ø ÿÿÿÿä

S e l e c t d e s t i n a t i o n f o l d e r

E x t r a c t i n g % s S k i p p i n g % s U n e x p e c t e d e n d o f a r c h i v e T h e f i l e " % s " h e a d e r i s c o r r u p t % T h e a r c h i v e c o m m e n t h e a d e r i s c o r r u p t T h e a r c h i v e c o m m e n t i s c o r r u p t N o t e n o u g h m e m o r y U n k n o w n m e t h o d i n % s C a n n o t o p e n % s C a n n o t c r e a t e % s C a n n o t c r e a t e f o l d e r % s 6 C R C f a i l e d i n t h e e n c r y p t e d f i l e % s ( w r o n g p a s s w o r d ? ) C R C f a i l e d i n % s P a c k e d d a t a C R C f a i l e d i n % s W r o n g p a s s w o r d f o r % s 5 W r i t e e r r o r i n t h e f i l e % s . P r o b a b l y t h e d i s k i s f u l l R e a d e r r o r i n t h e f i l e % s F i l e c l o s e e r r o r T h e r e q u i r e d v o l u m e i s a b s e n t 2 T h e a r c h i v e i s e i t h e r i n u n k n o w n f o r m a t o r d a m a g e d E x t r a c t i n g f r o m % s N e x t v o l u m e T h e a r c h i v e h e a d e r i s c o r r u p t C l o s e E r r o r a E r r o r s e n c o u n t e r e d w h i l e p e r f o r m i n g t h e o p e r a t i o n

L o o k a t t h e i n f o r m a t i o n w i n d o w f o r m o r e d e t a i l s PAÄ b y t e s m o d i f i e d o n f o l d e r i s n o t a c c e s s i b l e l S o m e f i l e s c o u l d n o t b e c r e a t e d .

P l e a s e c l o s e a l l a p p l i c a t i o n s , r e b o o t W i n d o w s a n d r e s t a r t t h i s i n s t a l l a t i o n \ S o m e i n s t a l l a t i o n f i l e s a r e c o r r u p t .

P l e a s e d o w n l o a d a f r e s h c o p y a n d r e t r y t h e i n s t a l l a t i o n A l l f i l e s PAØ E < u l > < l i > P r e s s < b > I n s t a l l < / b > b u t t o n t o s t a r t e x t r a c t i o n . < / l i > < b r > < b r > 6 < l i > U s e < b > B r o w s e < / b > b u t t o n t o s e l e c t t h e d e s t i n a t i o n 4 f o l d e r f r o m t h e f o l d e r s t r e e . I t c a n b e a l s o e n t e r e d m a n u a l l y . < / l I > < b r > < b r > 8 < l I > I f t h e d e s t i n a t i o n f o l d e r d o e s n o t e x i s t , i t w i l l b e 2 c r e a t e d a u t o m a t i c a l l y b e f o r e e x t r a c t i o n . < / l I > < / u l > PAh è | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">

<assemblyIdentity

version="1.0.0.0"

processorArchitecture="X86"

name="WinRAR SFX"

type="win32"/>

<description>WinRAR SFX module</description>

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">

<security>

<requestedPrivileges>

<requestedExecutionLevel level="requireAdministrator"

uiAccess="false"/>

</requestedPrivileges>

</security>

</trustInfo>

<dependency>

<dependentAssembly>

<assemblyIdentity

type="win32"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

processorArchitecture="X86"

publicKeyToken="6595b64144ccf1df"

language="*"/>

</dependentAssembly>

</dependency>

</assembly>

P ôe e f ¼e f Äe f Ìe (f Ôe 2f Üe <f äe Hf ìe Rf `f pf €f Žf œf ªf € ¸f Êf Øf èf öf KERNEL32.DLL ADVAPI32.DLL COMCTL32.DLL COMDLG32.DLL GDI32.DLL OLE32.DLL SHELL32.DLL USER32.DLL LoadLibraryA GetProcAddress VirtualProtect VirtualAlloc VirtualFree ExitProcess RegCloseKey GetOpenFileNameA DeleteObject OleInitialize SHGetMalloc SetMenu

 

Acho que pode ter havido algum erro...

O que faço agora amigo?

 

Abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! engcivil

 

<!> Houve um erro! E,o relatório,ficou inconclusivo.

-----------------------

<@> Baixe: < avz4en.zip > ou < avz_antiviral_toolkit >

<@> Salve-o em Arquivos de programas,e descompacte-o aí mesmo!

<@> Abra a pasta avz4 e execute o aplicativo,com um duplo-clique. <-- Ícone escudo e espada!

<@> Conecte-se à Internet,e atualize o Toolkit. --> "File" --> "Database Update".

<@> Terminando,não faça ainda nenhuma verificação.

<@> Na aba "Search range",marque todas as caixinhas.

<@> Em "File types",marque o botão "All files".

<@> Em "Actions",marque: "Perform healing"

<@> Nos campos,abaixo de "Perform healing",escolha "Report only",para todos os ítens.

<@> Abaixo de "RiskWare",marque a caixa "Copy suspicious files to Quarantine". <-- Somente esta caixa!

<@> No menu "Search parameters",maximize o ajuste "Heuristic analyses".

<@> Marque a caixa "Extended analysis". <-- Somente esta caixa!

<@> Por default,não desmarque as que estão assinaladas!

<@> Feche os programas que estejam abertos,e rode a ferramenta! <-- Clique em Start.

<@> Terminando o scan,clique no ícone "Save log",para dispormos do relatório. ( avz_log )

<@> Clique,também,no ícone dos "óculos".

<@> Clique em "Save as CSV".

<@> Salve,este relatório,no desktop! <-- Formato de texto. ( *.txt )

<@> Nomeie-o como: view_log

<@> Copie e poste: avz_log.txt + view_log.txt,na sua resposta.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

engcivil    0

engcivil
Postado

Boa noite DigRam,

 

segue os dois logs...

 

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 9/1/2009 00:36:53

Database loaded: signatures - 204891, NN profile(s) - 2, microprograms of healing - 56, signature database released 08.01.2009 17:46

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 75597

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=082680)

Kernel ntoskrnl.exe found in memory at address 804D7000

SDT = 80559680

KiST = 804E26A8 (284)

Function NtCreateKey (29) intercepted (8056E7A9->804D70D9), hook C:\WINDOWS\system32\ntoskrnl.exe, driver recognized as trusted

Function NtCreateThread (35) intercepted (8057C4A1->F7F58C1C), hook not defined

Function NtOpenKey (77) intercepted (80567CFB->804D70DE), hook C:\WINDOWS\system32\ntoskrnl.exe, driver recognized as trusted

Function NtOpenProcess (7A) intercepted (80572D06->F7F58C08), hook not defined

Function NtOpenThread (80) intercepted (8058C806->F7F58C0D), hook not defined

Function NtTerminateProcess (101) intercepted (80584740->F7F58C17), hook not defined

Function NtWriteVirtualMemory (115) intercepted (8057A697->F7F58C12), hook not defined

Functions checked: 284, intercepted: 7, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

>>> Danger - possible CPU address substitution[1].IDT[06] = [F411616D] C:\WINDOWS\system32\drivers\Haspnt.sys, driver recognized as trusted

>>> Danger - possible CPU address substitution[1].IDT[0E] = [F4115FC2] C:\WINDOWS\system32\drivers\Haspnt.sys, driver recognized as trusted

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

Checking - complete

2. Scanning memory

Number of processes found: 23

Analyzer: process under analysis is 1368 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 1532 C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 1552 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer: process under analysis is 1764 C:\Arquivos de programas\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 244 C:\WINDOWS\system32\keyhook.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Located in system folder

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 444 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Number of modules loaded: 297

Scanning memory - complete

3. Scanning disks

Direct reading C:\Arquivos de programas\ANSYS Inc\Shared Files\Licensing\license.log

C:\Arquivos de programas\ANSYS Inc\v100\AISOL\DesignXplorer\intel\PlugIn_PMU.dll >>> suspicion for AdvWare.Win32.Suggestor.n ( 0070639B 00000000 0027F70C 0021DCBB 200704)

File quarantined succesfully (C:\Arquivos de programas\ANSYS Inc\v100\AISOL\DesignXplorer\intel\PlugIn_PMU.dll)

C:\CYPE Ingenieros\Versão 2009.1\programas\cypebat.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\cypebat.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\dllinsta.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\dllinsta.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mn3dexe.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mn3dexe.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnarquimesp.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnarquimesp.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_01.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_01.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_02.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_02.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_03.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_03.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_04.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_04.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_05.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_05.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_06.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_06.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbancoacv.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbancoacv.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbancsa.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbancsa.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbangal.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbangal.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbanmur.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbanmur.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbannav.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbannav.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbparcr.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbparcr.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpcoam.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpcoam.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpcoas.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpcoas.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbphuel.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbphuel.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_01.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_01.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_02.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_02.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_03.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_03.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_04.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_04.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_05.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_05.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_06.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_06.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncaatv.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncaatv.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncoaata.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncoaata.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncoacan.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncoacan.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncoalsa.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncoalsa.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnconobresp.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnconobresp.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelan.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelan.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelba.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelba.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelca.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelca.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcl.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcl.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcm.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcm.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcn.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcn.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelct.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelct.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcv.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcv.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelec.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelec.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelex.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelex.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelga.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelga.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelma.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelma.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelmu.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelmu.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelna.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelna.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnelecim.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnelecim.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnem3d.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnem3d.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnescal.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnescal.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mngenpor.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mngenpor.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnh5esp.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnh5esp.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mniesexe.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mniesexe.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mninagua.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mninagua.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mninelec.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mninelec.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mningas.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mningas.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mninsane.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mninsane.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnkg.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnkg.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnlibexeesp.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnlibexeesp.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmarexe.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmarexe.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmcoexe.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmcoexe.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmensul.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmensul.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmenucy.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmenucy.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmpaexe.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmpaexe.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmursot.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmursot.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnplacas.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnplacas.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnpunzo.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnpunzo.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnselpar.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnselpar.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnusoexeesp.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnusoexeesp.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnvigagc.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnvigagc.dll.bak)

Direct reading C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\MSHist012009010920090110\index.dat

Direct reading C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\Administrador\Cookies\index.dat

Direct reading C:\Documents and Settings\Administrador\NTUSER.DAT

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Cookies\index.dat

Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT

Direct reading C:\System Volume Information\_restore{3DC16FB0-5E0C-494A-9396-F4A6865DDA51}\RP99\change.log

Direct reading C:\Temp\Perflib_Perfdata_504.dat

Direct reading C:\WINDOWS\SchedLgU.Txt

Direct reading C:\WINDOWS\system32\CatRoot2\edb.log

Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb

Direct reading C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading C:\WINDOWS\system32\config\default

Direct reading C:\WINDOWS\system32\config\Internet.evt

Direct reading C:\WINDOWS\system32\config\SAM

Direct reading C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading C:\WINDOWS\system32\config\SECURITY

Direct reading C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading C:\WINDOWS\system32\config\system

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Direct reading C:\WINDOWS\Temp\hlktmp

Direct reading C:\WINDOWS\WindowsUpdate.log

D:\System Volume Information\_restore{3DC16FB0-5E0C-494A-9396-F4A6865DDA51}\RP97\A0006286.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (D:\System Volume Information\_restore{3DC16FB0-5E0C-494A-9396-F4A6865DDA51}\RP97\A0006286.com)

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> Abnormal SCR files association

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 269592, extracted from archives: 195955, malicious software found 0, suspicions - 1

Scanning finished at 9/1/2009 01:06:15

Time of scanning: 00:29:23

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

 

_______

_______

_______

 

C:\WINDOWS\system32\ntoskrnl.exe 4 Kernel-mode hook

C:\WINDOWS\system32\drivers\Haspnt.sys 4 >>> Kernel-mode hook - CPU[1].IDT[06]

C:\Arquivos de programas\ANSYS Inc\v100\AISOL\DesignXplorer\intel\PlugIn_PMU.dll 2 Suspicion for AdvWare.Win32.Suggestor.n ( 0070639B 00000000 0027F70C 0021DCBB 200704)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\cypebat.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\dllinsta.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mn3dexe.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnarquimesp.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_01.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_02.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_03.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_04.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_05.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_06.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbancoacv.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbancsa.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbangal.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbanmur.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbannav.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbparcr.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpcoam.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpcoas.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbphuel.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_01.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_02.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_03.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_04.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_05.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_06.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncaatv.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoaata.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoacan.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoalsa.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnconobresp.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelan.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelba.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelca.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcl.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcm.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcn.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelct.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcv.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelec.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelex.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelga.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelma.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelmu.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelna.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnelecim.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnem3d.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnescal.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mngenpor.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnh5esp.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mniesexe.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninagua.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninelec.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mningas.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninsane.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnkg.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnlibexeesp.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmarexe.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmcoexe.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmensul.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmenucy.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmpaexe.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmursot.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnplacas.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnpunzo.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnselpar.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnusoexeesp.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnvigagc.dll.bak 3 PE file with non-standard extension(dangerousness level is 5%)

D:\System Volume Information\_restore{3DC16FB0-5E0C-494A-9396-F4A6865DDA51}\RP97\A0006286.com 3 PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

 

 

Obrigado...e aguardando resposta...

 

abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! engcivil

 

<@> Abra o avz4 e clique em AVZGuard --> Enable AVZGuard --> OK.

<@> Clique em "File" --> "Custom scripts".

<@> Cole,no campo,em "Runing scripts",estas informações sob o CODE:

 

beginSetAVZGuardStatus(True);SearchRootkit(true, true);QuarantineFile('D:\System Volume Information\_restore{3DC16FB0-5E0C-494A-9396-F4A6865DDA51}\RP97\A0006286.com','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\cypebat.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\dllinsta.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mn3dexe.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnarquimesp.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_01.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_02.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_03.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_04.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_05.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_06.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbancoacv.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbancsa.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbangal.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbanmur.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbannav.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbparcr.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpcoam.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpcoas.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbphuel.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_01.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_02.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_03.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_04.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_05.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_06.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncaatv.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoaata.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoacan.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoalsa.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnconobresp.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelan.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelba.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelca.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcl.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcm.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcn.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelct.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcv.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelec.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelex.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelga.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelma.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelmu.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelna.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnelecim.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnem3d.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnescal.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mngenpor.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnh5esp.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mniesexe.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninagua.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninelec.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mningas.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninsane.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnkg.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnlibexeesp.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmarexe.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmcoexe.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmensul.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmenucy.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmpaexe.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmursot.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnplacas.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnpunzo.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnselpar.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnusoexeesp.dll.bak','');QuarantineFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnvigagc.dll.bak','');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnvigagc.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnusoexeesp.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnselpar.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnpunzo.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnplacas.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmursot.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmpaexe.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmenucy.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmensul.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmcoexe.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmarexe.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnlibexeesp.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnkg.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninsane.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mningas.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninelec.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninagua.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mniesexe.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnh5esp.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mngenpor.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnescal.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnem3d.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnelecim.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelna.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelmu.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelma.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelga.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelex.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelec.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcv.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelct.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcn.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcm.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcl.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelca.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelba.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelan.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnconobresp.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoalsa.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoacan.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoaata.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncaatv.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_06.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_05.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_04.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_03.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_02.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_01.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbphuel.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpcoas.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpcoam.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbparcr.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbannav.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbanmur.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbangal.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbancsa.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbancoacv.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_06.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_05.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_04.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_03.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_02.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_01.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnarquimesp.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\mn3dexe.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\dllinsta.dll.bak');DeleteFile('C:\CYPE Ingenieros\VersÆo 2009.1\programas\cypebat.dll.bak');DeleteFile('D:\System Volume Information\_restore{3DC16FB0-5E0C-494A-9396-F4A6865DDA51}\RP97\A0006286.com');BC_ImportDeletedList;ClearHostsFile;ExecuteSysClean;BC_Activate;RebootWindows(true);end.

<@> Busque erros de scripts,clicando em "Check syntax" --> OK.

<@> Não havendo erros,clique em Run. <-- Aguarde!

<@> Para completar as remoções,o computador irá reiniciar.

<@> Volte ao menu AVZGuard,e clique em "Disable AVZGuard" --> OK.

<@> Faça um novo scan,com o avz4 e poste o relatório. ( avz_log.txt )

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

engcivil    0

engcivil
Postado

Boa tarde DigRam,

 

segue o log...

 

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 10/1/2009 17:45:24

Database loaded: signatures - 204891, NN profile(s) - 2, microprograms of healing - 56, signature database released 08.01.2009 17:46

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 75597

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=082680)

Kernel ntoskrnl.exe found in memory at address 804D7000

SDT = 80559680

KiST = 804E26A8 (284)

Function NtCreateKey (29) intercepted (8056E7A9->804D70D9), hook C:\WINDOWS\system32\ntoskrnl.exe, driver recognized as trusted

Function NtCreateThread (35) intercepted (8057C4A1->F7DF7CEC), hook not defined

Function NtOpenKey (77) intercepted (80567CFB->804D70DE), hook C:\WINDOWS\system32\ntoskrnl.exe, driver recognized as trusted

Function NtOpenProcess (7A) intercepted (80572D06->F7DF7CD8), hook not defined

Function NtOpenThread (80) intercepted (8058C806->F7DF7CDD), hook not defined

Function NtTerminateProcess (101) intercepted (80584740->F7DF7CE7), hook not defined

Function NtWriteVirtualMemory (115) intercepted (8057A697->F7DF7CE2), hook not defined

Functions checked: 284, intercepted: 7, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

>>> Danger - possible CPU address substitution[1].IDT[06] = [F7A6A16D] C:\WINDOWS\system32\drivers\Haspnt.sys, driver recognized as trusted

>>> Danger - possible CPU address substitution[1].IDT[0E] = [F7A69FC2] C:\WINDOWS\system32\drivers\Haspnt.sys, driver recognized as trusted

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

Checking - complete

2. Scanning memory

Number of processes found: 28

Analyzer: process under analysis is 1412 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 1520 C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 1560 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer: process under analysis is 1680 C:\Arquivos de programas\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 1932 C:\WINDOWS\system32\keyhook.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Located in system folder

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 2036 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 148 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Located in system folder

[ES]:Registered in autoruns !!

Number of modules loaded: 292

Scanning memory - complete

3. Scanning disks

Direct reading C:\Arquivos de programas\ANSYS Inc\Shared Files\Licensing\license.log

C:\Arquivos de programas\ANSYS Inc\v100\AISOL\DesignXplorer\intel\PlugIn_PMU.dll >>> suspicion for AdvWare.Win32.Suggestor.n ( 0070639B 00000000 0027F70C 0021DCBB 200704)

File quarantined succesfully (C:\Arquivos de programas\ANSYS Inc\v100\AISOL\DesignXplorer\intel\PlugIn_PMU.dll)

C:\CYPE Ingenieros\Versão 2009.1\programas\cypebat.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\cypebat.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\dllinsta.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\dllinsta.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mn3dexe.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mn3dexe.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnarquimesp.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnarquimesp.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_01.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_01.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_02.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_02.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_03.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_03.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_04.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_04.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_05.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_05.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_06.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnass_06.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbancoacv.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbancoacv.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbancsa.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbancsa.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbangal.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbangal.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbanmur.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbanmur.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbannav.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbannav.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbparcr.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbparcr.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpcoam.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpcoam.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpcoas.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpcoas.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbphuel.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbphuel.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_01.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_01.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_02.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_02.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_03.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_03.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_04.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_04.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_05.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_05.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_06.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnbpr_06.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncaatv.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncaatv.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncoaata.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncoaata.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncoacan.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncoacan.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncoalsa.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncoalsa.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnconobresp.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnconobresp.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelan.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelan.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelba.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelba.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelca.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelca.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcl.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcl.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcm.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcm.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcn.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcn.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelct.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelct.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcv.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelcv.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelec.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelec.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelex.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelex.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelga.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelga.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelma.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelma.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelmu.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelmu.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelna.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mncyelna.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnelecim.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnelecim.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnem3d.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnem3d.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnescal.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnescal.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mngenpor.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mngenpor.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnh5esp.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnh5esp.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mniesexe.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mniesexe.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mninagua.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mninagua.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mninelec.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mninelec.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mningas.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mningas.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mninsane.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mninsane.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnkg.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnkg.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnlibexeesp.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnlibexeesp.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmarexe.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmarexe.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmcoexe.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmcoexe.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmensul.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmensul.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmenucy.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmenucy.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmpaexe.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmpaexe.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnmursot.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnmursot.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnplacas.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnplacas.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnpunzo.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnpunzo.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnselpar.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnselpar.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnusoexeesp.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnusoexeesp.dll.bak)

C:\CYPE Ingenieros\Versão 2009.1\programas\mnvigagc.dll.bak - PE file with non-standard extension(dangerousness level is 5%)

File quarantined succesfully (C:\CYPE Ingenieros\Versão 2009.1\programas\mnvigagc.dll.bak)

Direct reading C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\Administrador\Cookies\index.dat

Direct reading C:\Documents and Settings\Administrador\NTUSER.DAT

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Cookies\index.dat

Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT

Direct reading C:\System Volume Information\_restore{3DC16FB0-5E0C-494A-9396-F4A6865DDA51}\RP104\change.log

Direct reading C:\WINDOWS\SchedLgU.Txt

Direct reading C:\WINDOWS\system32\CatRoot2\edb.log

Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb

Direct reading C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading C:\WINDOWS\system32\config\default

Direct reading C:\WINDOWS\system32\config\Internet.evt

Direct reading C:\WINDOWS\system32\config\SAM

Direct reading C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading C:\WINDOWS\system32\config\SECURITY

Direct reading C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading C:\WINDOWS\system32\config\system

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Direct reading C:\WINDOWS\Temp\hlktmp

Direct reading C:\WINDOWS\WindowsUpdate.log

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> Abnormal SCR files association

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 304823, extracted from archives: 219547, malicious software found 0, suspicions - 1

Scanning finished at 10/1/2009 18:19:39

Time of scanning: 00:34:18

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

----------------------------

OBS: Irei desinstalar esse programa ( Cype Ingenieros) pois não uso mais nesse computador..

 

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! engcivil

 

<!> O script não rodou! :mellow:

<!> Se voçê tem facilidades de reinstalar o software CYPE Ingenieros,execute o procedimento com o OTMoveIt. Mas...esta ferramenta,também,gera uma pasta de backups.

-----------------------------

<@> Baixe: < OTMoveIt3 >

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

 

:Files

C:\CYPE Ingenieros\VersÆo 2009.1\programas\cypebat.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\dllinsta.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mn3dexe.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnarquimesp.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_01.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_02.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_03.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_04.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_05.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnass_06.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbancoacv.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbancsa.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbangal.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbanmur.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbannav.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbparcr.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpcoam.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpcoas.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbphuel.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_01.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_02.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_03.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_04.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_05.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnbpr_06.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncaatv.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoaata.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoacan.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncoalsa.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnconobresp.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelan.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelba.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelca.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcl.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcm.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcn.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelct.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelcv.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelec.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelex.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelga.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelma.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelmu.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mncyelna.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnelecim.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnem3d.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnescal.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mngenpor.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnh5esp.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mniesexe.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninagua.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninelec.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mningas.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mninsane.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnkg.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnlibexeesp.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmarexe.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmcoexe.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmensul.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmenucy.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmpaexe.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnmursot.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnplacas.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnpunzo.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnselpar.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnusoexeesp.dll.bak

C:\CYPE Ingenieros\VersÆo 2009.1\programas\mnvigagc.dll.bak

 

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,há que observar o que foi gerado após sua execução.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

engcivil    0

engcivil
Postado

Boa noite DigRam,

 

Me perdoe, logo que postei a última resposta, desistalei o software Cype Ingenieros, pois como disse não uso mais nesse pc..

 

Então refiz a varedura com o Avz4...e o novo log segue adiante..

 

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 10/1/2009 19:23:49

Database loaded: signatures - 204891, NN profile(s) - 2, microprograms of healing - 56, signature database released 08.01.2009 17:46

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 75597

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=082680)

Kernel ntoskrnl.exe found in memory at address 804D7000

SDT = 80559680

KiST = 804E26A8 (284)

Function NtCreateKey (29) intercepted (8056E7A9->804D70D9), hook C:\WINDOWS\system32\ntoskrnl.exe, driver recognized as trusted

Function NtCreateThread (35) intercepted (8057C4A1->F7DF7CEC), hook not defined

Function NtOpenKey (77) intercepted (80567CFB->804D70DE), hook C:\WINDOWS\system32\ntoskrnl.exe, driver recognized as trusted

Function NtOpenProcess (7A) intercepted (80572D06->F7DF7CD8), hook not defined

Function NtOpenThread (80) intercepted (8058C806->F7DF7CDD), hook not defined

Function NtTerminateProcess (101) intercepted (80584740->F7DF7CE7), hook not defined

Function NtWriteVirtualMemory (115) intercepted (8057A697->F7DF7CE2), hook not defined

Functions checked: 284, intercepted: 7, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

>>> Danger - possible CPU address substitution[1].IDT[06] = [F7A6A16D] C:\WINDOWS\system32\drivers\Haspnt.sys, driver recognized as trusted

>>> Danger - possible CPU address substitution[1].IDT[0E] = [F7A69FC2] C:\WINDOWS\system32\drivers\Haspnt.sys, driver recognized as trusted

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

Checking - complete

2. Scanning memory

Number of processes found: 27

Analyzer: process under analysis is 1412 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 1520 C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 1560 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer: process under analysis is 1680 C:\Arquivos de programas\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 1932 C:\WINDOWS\system32\keyhook.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Located in system folder

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 2036 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 148 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Located in system folder

[ES]:Registered in autoruns !!

Number of modules loaded: 302

Scanning memory - complete

3. Scanning disks

Direct reading C:\Arquivos de programas\ANSYS Inc\Shared Files\Licensing\license.log

C:\Arquivos de programas\ANSYS Inc\v100\AISOL\DesignXplorer\intel\PlugIn_PMU.dll >>> suspicion for AdvWare.Win32.Suggestor.n ( 0070639B 00000000 0027F70C 0021DCBB 200704)

Direct reading C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\Administrador\Cookies\index.dat

Direct reading C:\Documents and Settings\Administrador\NTUSER.DAT

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Cookies\index.dat

Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT

Direct reading C:\WINDOWS\SchedLgU.Txt

Direct reading C:\WINDOWS\system32\CatRoot2\edb.log

Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb

Direct reading C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading C:\WINDOWS\system32\config\default

Direct reading C:\WINDOWS\system32\config\Internet.evt

Direct reading C:\WINDOWS\system32\config\SAM

Direct reading C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading C:\WINDOWS\system32\config\SECURITY

Direct reading C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading C:\WINDOWS\system32\config\system

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Direct reading C:\WINDOWS\Temp\hlktmp

Direct reading C:\WINDOWS\WindowsUpdate.log

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> Abnormal SCR files association

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 279822, extracted from archives: 217822, malicious software found 0, suspicions - 1

Scanning finished at 10/1/2009 19:50:31

Time of scanning: 00:26:44

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

 

____________________________

 

Espero nao ter feito nada errado...por não poder seguir sua última recomendação.

 

Abraços e aguardo novas instruções amigo.

 

Obrigado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! engcivil

 

Espero nao ter feito nada errado...por não poder seguir sua última recomendação.

 

Abraços e aguardo novas instruções amigo.

<!> A desinstalação foi o melhor caminho! :thumbsup:

----------------------------

<@> Abra o avz4.

<@> Clique em File --> "Add to Quarantine by list"

<@> Cole no campo File list,o ficheiro que está no QUOTE.

 

C:\WINDOWS\Temp\hlktmp

<@> Clique em Start.

<@> Terminando,clique em xClose. --> Clique em Delete.

----------------------------

<@> Baixe: < CCleaner >

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar. --> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok. --> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Por alguns dias,estando tudo Ok,poderá deletar esse arquivo de backup. ( .reg )

<@> Na janela que aparecer,clique em: "Corrigir todos os erros selecionados"

<@> Clique em Ok --> Fechar.

<@> Para maiores detalhes,leia o Tutorial: < Link >

----------------------------

<!> O log está limpo!

<!> O computador,ainda,está pouco lento?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

engcivil    0

engcivil
Postado

Recomendações seguidas.

O computador está muito melhor!!

 

Posto o log atualizado do Hijack para última análise..

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:08:57, on 10/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\hasplms.exe

C:\Arquivos de programas\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\keyhook.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229552407536

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe

 

--

End of file - 6063 bytes

 

_______

 

Gostaria de saber se este processo é malicioso: C:\WINDOWS\system32\keyhook.exe

 

E também as linhas:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229552407536

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

 

As linhas em negrito são do plugin do BB, correto?...acho que o plugin já foi removido, mas como remover essas entradas? (fix??).

 

Pro favor, verifique este último log e veja se é possível fazer mais alguma coisa.

 

Muito Obrigado DigRam,

 

O pc está muito melhor mesmo!

 

Abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! engcivil

 

<!> As entradas indicadas por voçê,são legítimas,aonde pode ser removida,para uma maior rapidez na inicialização:

 

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe <-- Fix!

 

<!> Com o HijackThis,dê Fix nestas entradas:

 

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

 

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

 

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

<!> Pare e remova o serviço/driver,com o avz4.

 

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

<!> Abra o avz4 --> Clique na aba: "Service" --> "Service and Drivers Manager"

<!> Selecione: Gbp Service ou GbpSv --> Clique em "Delete current service/driver".

<!> Terminando,poste um novo log do HijackThis.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

engcivil    0

engcivil
Postado

boa noite DigRam,

 

Não encontrei o serviço GbpSv no avz4, acho que ele ja foi apagado...

 

Posso dar Fix nele também?

 

segue o log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:50:41, on 11/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\hasplms.exe

C:\Arquivos de programas\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Webteh\BSplayerPro\bsplayer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229552407536

O17 - HKLM\System\CCS\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{00AD6EB2-C59A-43D9-A665-27775884C3BA}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe

 

--

End of file - 5698 bytes

 

 

 

Obrigado..

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! engcivil

 

Não encontrei o serviço GbpSv no avz4, acho que ele ja foi apagado...

 

Posso dar Fix nele também?

<!> Não! Pois se o serviço estiver ativo ( R ),o Fix não terá efeito.

---------------------------

<!> Tente este procedimento! Não funcionando,veremos outros.

---------------------------

<@> Abra o Bloco de Notas!

<@> Copie ( ctrl + c ) --> Cole ( ctrl + v ),o texto que está no "QUOTE".

 

sc stop "GbpSv"

sc delete "GbpSv"

del services.bat

<@> Salve o arquivo como: DelServices.bat --> Salve-o no Desktop!

<@> Escolha salvar,colocando como Tipo de arquivo: Todos os arquivos (*.*)

<@> Reinicie o computador,em Modo de Segurança.

<@> Execute o arquivo,com um duplo-clique. <-- Aguarde!

<@> Ps: Execute-o apenas uma vez!

<@> Tendo êxito,poste o relatório do HijackThis. <-- Em Modo Normal!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

engcivil    0

engcivil
Postado

bom dia DigRam,

 

segue o log...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:45:54, on 11/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\hasplms.exe

C:\Arquivos de programas\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\svchost.exe

C:\Hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229552407536

O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\ARQUIV~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe

 

--

End of file - 5298 bytes

 

 

A indicação (file missing) não quer dizer que o serviço/driver já foi removido?

 

O que mais posso fazer amigo?

 

Abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! engcivil

 

A indicação (file missing) não quer dizer que o serviço/driver já foi removido?

<!> Indica que o arquivo ( GbpSv.exe ),foi removido! Mas...essa indicação,que está abaixo,mostra que o serviço está parado. ( S ) <-- Stopped

 

S2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe []

<!> Não existe o arquivo,e o serviço está parado.

-----------------------------

<@> Reinicie em Modo Seguro e no HijackThis,clique em: Open the misc tools section

<@> Clique em: Delete an NT Service

<@> Coloque o nome do Serviço: GbpSv,na caixa.

<@> Clique em Ok.

<@> Reinicie o computador!

-----------------------------

<!> Faça e poste,um novo log do HijackThis.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito