[Resolvido!] Análise de log

[João Prado 64]

Meu computador tem apresentado problemas estranhos, por vezes estou utilizando algum software e o mesmo trava ou acontece de tocar aquele som do windows quando ocorre algum erro mas nem uma informação é exibida na tela.

 

Peço que algum analista dê uma olhada em meu log por favor.

 

Logfile of HijackThis v1.99.1

Scan saved at 13:03:35, on 30/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Documents and Settings\joao.pedro.PETROPOL\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\Documents and Settings\joao.pedro.PETROPOL\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Arquivos de programas\Palm\Hotsync.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe

C:\Arquivos de programas\UltraVNC\winvnc.exe

C:\Arquivos de programas\Adobe\Adobe Fireworks CS3\Fireworks.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\EasyPHP-5.3.2\EasyPHP-5.3.2.exe

C:\ARQUIV~1\EASYPH~1.2\Apache\bin\apache.exe

C:\ARQUIV~1\EASYPH~1.2\Apache\bin\apache.exe

C:\ARQUIV~1\EASYPH~1.2\MySql\bin\mysqld.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

G:\SOFTWARES PETROPOL\SPYWARE\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Site Advisor Module - {B2150688-1AA5-4698-90BE-C3CBECBB5786} - C:\Arquivos de programas\SAM\module.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042110 serial=dr12wrx-0015510-wmu lang=BP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\joao.pedro.PETROPOL\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe"

O4 - Startup: Fireworks-AutoBackup.lnk = C:\Arquivos de programas\Fireworks-AutoBackup\Fireworks-AutoBackup.exe

O4 - Global Startup: Hotsync Manager.lnk = C:\Arquivos de programas\Palm\Hotsync.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O15 - Trusted Zone: http://www.sbradesco.kit.net

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = petropol.polimeros

O17 - HKLM\Software\..\Telephony: DomainName = petropol.polimeros

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = petropol.polimeros

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = petropol.polimeros

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: Apache2 - Unknown owner - C:\ARQUIV~1\EASYPH~1.0B1\Apache\bin\apache.exe" -k runservice (file missing)

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: MySQL - Unknown owner - C:\ARQUIV~1\EASYPH~1.0B1\MySql\bin\mysqld.exe (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Arquivos de programas\Arquivos comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

 

 

Agradeço desde já

[wings 22]

Bom dia MoOiO.....

 

 

*O PROCEDIMENTO ABAIXO SÓ PODERÁ SER FEITO USANDO O INTERNET EXPLORER

*Desative seu antivírus temporariamente

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Faça um scan online com o NOD32 seguindo este tutorial

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

[João Prado 64]

ok, o problea ocorre no pc da empresa entao segunda executo o procedimentos

 

obrigado pela atenção

 

Esta ocorrendo um probleminha aqui, o site não esta carregando :ermm:

[wings 22]

Tente com o BitDefender

*Ao término cole o resultado criado em C:\Windows\BDOSCAN8\bdoscan.log

[João Prado 64]

beleza verificação encerrada e agora?

[wings 22]

beleza verificação encerrada e agora?

 

*Ao término cole o resultado criado em C:\Windows\BDOSCAN8\bdoscan.log

[João Prado 64]

ahh certo hehe

 

[General]

App = "楂䑴晥湥敤⁲湏楬敮匠慣湮牥 v8"

Date = 04:05:2010

Time = 12:35:45

Scan Path = C:\;D:\;

 

[Engines Info]

Virus Definitions = 5745334

Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Feb 25 2010)"

Scan plugins = 17

Archive plugins = 43

Unpack plugins = 10

E-mail plugins = 6

System plugins = 4

 

[scan Statistics]

Folders = 24969

Files = 1911153

Archives = 10070

Packed files = 140341

Identified viruses = 5

Infected files = 14

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 14

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 53

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000035 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\adobe.flash.cs4.v10.0.professional-patch.exe Infected with: Backdoor.Generic.131533"

Line00000034 = "C:\Arquivos de programas\Adobe\Adobe Flash CS4\adobe.flash.cs4.v10.0.professional-patch.exe Deleted"

Line00000033 = "C:\autorun.inf Infected with: Trojan.AutorunINF.Gen"

Line00000032 = "C:\autorun.inf Deleted"

Line00000031 = "C:\Documents and Settings\joao.pedro.PETROPOL\Dados de aplicativos\Thinstall\CorelDRAW Graphics Suite X3\4000003000002i\CorelDRW.exe Infected with: Trojan.Generic.3285573"

Line00000030 = "C:\Documents and Settings\joao.pedro.PETROPOL\Dados de aplicativos\Thinstall\CorelDRAW Graphics Suite X3\4000003000002i\CorelDRW.exe Deleted"

Line00000029 = "C:\Documents and Settings\joao.pedro.PETROPOL\Desktop\Docs\mailpv.rar=>mailpv\mailpv.exe Infected with: Trojan.Downloader.Small.74"

Line00000028 = "C:\Documents and Settings\joao.pedro.PETROPOL\Desktop\Docs\mailpv.rar=>mailpv\mailpv.exe Deleted"

Line00000027 = "C:\Documents and Settings\joao.pedro.PETROPOL\Desktop\Docs\mailpv.rar Update failed"

Line00000026 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\ABCrack_www.therebels.de_by.Bridge.zip=>shock/adobe.flash.cs4.v10.0.professional-patch.exe Infected with: Backdoor.Generic.131533"

Line00000025 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\ABCrack_www.therebels.de_by.Bridge.zip=>shock/adobe.flash.cs4.v10.0.professional-patch.exe Deleted"

Line00000024 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\ABCrack_www.therebels.de_by.Bridge.zip Updated"

Line00000023 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\AFCS4(www.therebels.de)by.Bridge.rar=>crack.zip=>shock/adobe.flash.cs4.v10.0.professional-patch.exe Infected with: Backdoor.Generic.131533"

Line00000022 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\AFCS4(www.therebels.de)by.Bridge.rar=>crack.zip=>shock/adobe.flash.cs4.v10.0.professional-patch.exe Deleted"

Line00000021 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\AFCS4(www.therebels.de)by.Bridge.rar=>crack.zip Updated"

Line00000020 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\AFCS4(www.therebels.de)by.Bridge.rar Update failed"

Line00000019 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\crack.zip=>shock/adobe.flash.cs4.v10.0.professional-patch.exe Infected with: Backdoor.Generic.131533"

Line00000018 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\crack.zip=>shock/adobe.flash.cs4.v10.0.professional-patch.exe Deleted"

Line00000017 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\crack.zip Updated"

Line00000016 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\shock\adobe.flash.cs4.v10.0.professional-patch.exe Infected with: Backdoor.Generic.131533"

Line00000015 = "C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\Old\shock\adobe.flash.cs4.v10.0.professional-patch.exe Deleted"

Line00000014 = "C:\rcmsqb.exe Infected with: Gen:Trojan.Heur.AutoIT.ar3@bKDu!6dO"

Line00000013 = "C:\rcmsqb.exe Disinfection failed"

Line00000012 = "C:\rcmsqb.exe Deleted"

Line00000011 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP267\A0067096.exe Infected with: Gen:Trojan.Heur.AutoIT.ar3@bKDu!6dO"

Line00000010 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP267\A0067096.exe Disinfection failed"

Line00000009 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP267\A0067096.exe Deleted"

Line00000008 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP272\A0067269.exe Infected with: Backdoor.Generic.131533"

Line00000007 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP272\A0067269.exe Deleted"

Line00000006 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP272\A0067270.inf Infected with: Trojan.AutorunINF.Gen"

Line00000005 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP272\A0067270.inf Deleted"

Line00000004 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP272\A0067271.exe Infected with: Trojan.Generic.3285573"

Line00000003 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP272\A0067271.exe Deleted"

Line00000002 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP272\A0067272.exe Infected with: Gen:Trojan.Heur.AutoIT.ar3@bKDu!6dO"

Line00000001 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP272\A0067272.exe Disinfection failed"

Line00000000 = "C:\System Volume Information\_restore{F7D6AD5B-B62A-4C35-AC00-F6CFF31F20F7}\RP272\A0067272.exe Deleted"

[wings 22]

1.

*Delete a pasta C:\Windows\BDOSCAN8

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[João Prado 64]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4068

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18241

 

05/05/2010 12:36:01

mbam-log-2010-05-05 (12-36-01).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 432115

Tempo decorrido: 1 hora(s), 45 minuto(s), 13 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 7

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\RECYCLER\S-1-5-21-989861470-4073932323-3814320507-1124\Dc1348\Lan\Vista\V6107_VT8231_VT8233_VT8235_VT8237_VT8251V46FVIA\WIN2K_XP_SRV2003\X64\WINSETUP.EXE (Worm.Autorun) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-989861470-4073932323-3814320507-1124\Dc1348\Lan\Vista\V6107_VT8231_VT8233_VT8235_VT8237_VT8251V46FVIA\WIN2K_XP_SRV2003\X86\WINSETUP.EXE (Worm.Autorun) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-989861470-4073932323-3814320507-1124\Dc1348\Lan\Vista\V6107_VT8231_VT8233_VT8235_VT8237_VT8251V46FVIA\WIN9XME_NT\X86\WINSETUP.EXE (Worm.Autorun) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-989861470-4073932323-3814320507-1124\Dc1348\Lan\XP\V6107_VT8231_VT8233_VT8235_VT8237_VT8251V46FVIA\WIN2K_XP_SRV2003\X64\WINSETUP.EXE (Worm.Autorun) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-989861470-4073932323-3814320507-1124\Dc1348\Lan\XP\V6107_VT8231_VT8233_VT8235_VT8237_VT8251V46FVIA\WIN2K_XP_SRV2003\X86\WINSETUP.EXE (Worm.Autorun) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-989861470-4073932323-3814320507-1124\Dc1348\Lan\XP\V6107_VT8231_VT8233_VT8235_VT8237_VT8251V46FVIA\WIN9XME_NT\X86\WINSETUP.EXE (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Documents and Settings\joao.pedro.PETROPOL\Meus documentos\Downloads\HopsterSetup.exe (Adware.Webhancer) -> Quarantined and deleted successfully.

[wings 22]

1.

*Baixe o RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole o relatório criado em C:\rsit\log.txt

[João Prado 64]

Logfile of random's system information tool 1.06 (written by random/random)

Run by joao.pedro at 2010-05-05 14:32:11

Microsoft Windows XP Professional Service Pack 3

System drive C: has 224 GB (73%) free of 305 GB

Total RAM: 3037 MB (27% free)

 

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-97236427-3338386801-1615672840-1129Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-97236427-3338386801-1615672840-1129UA.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-989861470-4073932323-3814320507-1124Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-989861470-4073932323-3814320507-1124UA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2150688-1AA5-4698-90BE-C3CBECBB5786}]

Site Advisor Module - C:\Arquivos de programas\SAM\module.dll [2010-03-29 200704]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"googletalk"=C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3735552]

"CorelDRAW Graphics Suite 11b"=C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe [2003-11-28 729088]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\QTTask.exe [2009-09-05 417792]

"AdobeCS4ServiceManager"=C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

"AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]

"RemoteControl"=C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]

"InCD"=C:\Arquivos de programas\Ahead\InCD\InCD.exe [2006-07-12 1397760]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-26 16132608]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-15 150040]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-15 178712]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-15 150040]

"Acrobat Assistant 8.0"=C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]

""= []

"Malwarebytes Anti-Malware (reboot)"=C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"MsnMsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

"Advanced SystemCare 3"=C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe [2009-11-04 2334856]

"Google Update"=C:\Documents and Settings\joao.pedro.PETROPOL\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2009-11-16 135664]

"RocketDock"=C:\Arquivos de programas\RocketDock\RocketDock.exe [2007-09-02 495616]

"AlcoholAutomount"=C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

"AdobeUpdater"=C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe [2010-03-22 2356088]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Hotsync Manager.lnk - C:\Arquivos de programas\Palm\Hotsync.exe

 

C:\Documents and Settings\joao.pedro.PETROPOL\Menu Iniciar\Programas\Inicializar

Fireworks-AutoBackup.lnk - C:\Arquivos de programas\Fireworks-AutoBackup\Fireworks-AutoBackup.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-11-18 11952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2008-08-11 217088]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoResolveSearch"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"\\nypol\d\SOFTWARES PETROPOL\PRINTER\P1505n\Setup.exe"="\\nypol\d\SOFTWARES PETROPOL\PRINTER\P1505n\Setup.exe:*:Enabled:HP Networked Printer Installer"

"C:\Arquivos de programas\UltraVNC\winvnc.exe"="C:\Arquivos de programas\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32"

"C:\Arquivos de programas\AVG\AVG8\avgam.exe"="C:\Arquivos de programas\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"

"C:\Arquivos de programas\AVG\AVG8\avgdiag.exe"="C:\Arquivos de programas\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"

"C:\Arquivos de programas\AVG\AVG8\avgdiagex.exe"="C:\Arquivos de programas\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe"="C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Arquivos de programas\Macromedia\Fireworks MX\Fireworks.exe"="C:\Arquivos de programas\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX"

"C:\Arquivos de programas\Palm\Hotsync.exe"="C:\Arquivos de programas\Palm\Hotsync.exe:*:Disabled:HotSync® Manager Application"

"C:\Arquivos de programas\Opera 10.50 Beta\opera.exe"="C:\Arquivos de programas\Opera 10.50 Beta\opera.exe:*:Enabled:Opera Internet Browser"

"\\nypol\d\SOFTWARES PETROPOL\PRINTER\P1505n_atualizado\HPLJP1000_1500\Setup.exe"="\\nypol\d\SOFTWARES PETROPOL\PRINTER\P1505n_atualizado\HPLJP1000_1500\Setup.exe:*:Enabled:HP Networked Printer Installer"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##192.168.0.103#d#SOFTWARES PETROPOL#CLIENT_ORACLE#ORACLE CLIENT 10G]

shell\AutoRun\command - Z:\autorun\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##192.168.0.103#d#softwares petropol#delphi]

shell\AutoRun\command - Y:\INSTALL.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

shell\AutoRun\command - E:\LaunchU3.exe -a

 

 

======File associations======

 

.js - open - "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

 

======List of files/folders created in the last 1 months======

 

2010-05-05 14:32:11 ----D---- C:\rsit

2010-05-05 07:06:54 ----D---- C:\Documents and Settings\joao.pedro.PETROPOL\Dados de aplicativos\Malwarebytes

2010-05-05 07:06:46 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2010-05-05 07:06:45 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-05-04 09:15:40 ----D---- C:\WINDOWS\LastGood

2010-04-29 10:07:44 ----D---- C:\Documents and Settings\joao.pedro.PETROPOL\Dados de aplicativos\FireShot

2010-04-16 09:47:46 ----A---- C:\WINDOWS\ckxmd_b48.ini

2010-04-16 09:44:51 ----D---- C:\Arquivos de programas\PhotoZoom Pro 3

2010-04-15 12:52:00 ----D---- C:\Arquivos de programas\SAM

2010-04-14 10:43:38 ----D---- C:\Documents and Settings\joao.pedro.PETROPOL\Dados de aplicativos\Ultra Fractal 5

2010-04-14 10:43:38 ----D---- C:\Arquivos de programas\Ultra Fractal 5

2010-04-09 11:23:36 ----SHD---- C:\Config.Msi

2010-04-09 09:59:35 ----D---- C:\Arquivos de programas\EasyPHP-5.3.2

 

======List of files/folders modified in the last 1 months======

 

2010-05-05 14:32:19 ----D---- C:\WINDOWS\Prefetch

2010-05-05 14:32:18 ----D---- C:\Arquivos de programas\Trend Micro

2010-05-05 14:32:13 ----D---- C:\WINDOWS\Temp

2010-05-05 14:16:24 ----RD---- C:\WINDOWS\Fonts

2010-05-05 07:06:47 ----D---- C:\WINDOWS\system32\drivers

2010-05-05 07:06:45 ----RD---- C:\Arquivos de programas

2010-05-05 07:06:14 ----D---- C:\WINDOWS

2010-05-05 04:06:01 ----D---- C:\WINDOWS\security

2010-05-04 16:21:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-05-04 12:40:29 ----HD---- C:\$AVG8.VAULT$

2010-05-04 11:18:02 ----D---- C:\WINDOWS\system32\CatRoot2

2010-05-04 09:46:42 ----D---- C:\Arquivos de programas\Mozilla Firefox

2010-05-04 09:15:43 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-05-04 09:15:41 ----HD---- C:\WINDOWS\inf

2010-04-30 11:12:04 ----D---- C:\Arquivos de programas\BraZip

2010-04-29 14:50:43 ----D---- C:\Documents and Settings

2010-04-29 11:04:11 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-04-27 07:52:16 ----SHD---- C:\WINDOWS\Installer

2010-04-27 07:50:58 ----D---- C:\WINDOWS\system32

2010-04-22 13:21:55 ----A---- C:\WINDOWS\win.ini

2010-04-19 14:48:13 ----A---- C:\WINDOWS\NeroDigital.ini

2010-04-12 13:24:33 ----D---- C:\Arquivos de programas\QuickTime

2010-04-12 11:30:19 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2010-04-09 11:24:52 ----D---- C:\Arquivos de programas\NCH Software

2010-04-09 11:23:46 ----RSD---- C:\WINDOWS\assembly

2010-04-09 11:23:46 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2010-04-09 11:23:45 ----D---- C:\Arquivos de programas\Microsoft Works

2010-04-09 11:23:45 ----D---- C:\Arquivos de programas\Microsoft Office

2010-04-09 11:23:45 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2010-04-09 11:22:42 ----D---- C:\WINDOWS\SHELLNEW

2010-04-09 11:21:41 ----D---- C:\Arquivos de programas\McAfee Security Scan

2010-04-09 11:20:10 ----D---- C:\Arquivos de programas\Borland

2010-04-07 11:00:46 ----SHD---- C:\WINDOWS\CSC

2010-04-06 14:19:56 ----D---- C:\Documents and Settings\joao.pedro.PETROPOL\Dados de aplicativos\Adobe

2010-04-06 12:28:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NOS

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-18 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-18 27784]

R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-17 108552]

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2008-03-17 19584]

R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2009-11-10 116560]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2009-11-10 41424]

R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-11 6044864]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-02 4403712]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-06-13 110080]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2009-11-10 104016]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]

S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]

S3 aj77d5cx;aj77d5cx; C:\WINDOWS\system32\drivers\aj77d5cx.sys []

S3 cpuz130;cpuz130; \??\C:\DOCUME~1\JOAOPE~1.PET\CONFIG~1\Temp\cpuz130\cpuz_x32.sys []

S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []

S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys []

S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-12-04 16640]

S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2009-11-10 95568]

S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2008-04-13 96512]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 avg8wd;AVG8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-11-18 297752]

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2006-02-28 229376]

R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2008-05-07 122880]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 StarWindServiceAE;StarWind AE Service; C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-17 867080]

S2 Apache2;Apache2; C:\ARQUIV~1\EASYPH~1.0B1\Apache\bin\apache.exe -k runservice []

S2 MySQL;MySQL; C:\ARQUIV~1\EASYPH~1.0B1\MySql\bin\mysqld.exe --defaults-file=C:\ARQUIV~1\EASYPH~1.0B1\MySql\my.ini MySQL []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Arquivos de programas\Arquivos comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-03-18 79360]

 

-----------------EOF-----------------

[wings 22]

1.

*Delete o RSIT e a pasta C:\rsit

 

2.

*Baixe o SystemLook e salve-o no desktop

*Selecione e copie (Ctrl+c) o código abaixo:

 

:file

C:\WINDOWS\system32\drivers\aj77d5cx.sys

*Duplo clique em SystemLook.exe

*Cole (Ctrl+v) o código no espaço em branco

*Clique em [Look]

*Cole o relatório apresentado em SystemLook.txt localizado no desktop

[João Prado 64]

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 07:34 on 06/05/2010 by joao.pedro (Administrator - Elevation successful)

========== file ==========

C:\WINDOWS\system32\drivers\aj77d5cx.sys - File found and opened.
MD5: 9F3A2F5AA6875C72BF062C712CFA2674
Created at 23:00 on 13/04/2008
Modified at 23:00 on 13/04/2008
Size: 96512 bytes
Attributes: --a---
FileDescription: IDE/ATAPI Port Driver
FileVersion: 5.1.2600.5512 (xpsp.080413-2108)
ProductVersion: 5.1.2600.5512
OriginalFilename: atapi.sys
InternalName: atapi.sys
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

-=End Of File=-

[wings 22]

1.

*Delete o SystemLook e seu relatório.

 

O PC está limpo.

 

 

Como está o PC?

[João Prado 64]

Por enquanto não apresentou nenhum problema

 

caso volte a ocorrer volto a postar

 

Muito obrigado por sua ajuda :thumbsup:

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.