Ir para o conteúdo

Publicidade

 Estatísticas do Fórum

  • 0 Usuários ativos

    0 membro(s), 0 visitante(s) e 0 membros anônimo(s)

Foto:

[Resolvido!] remover Cavalo de Tróia Generic 14.beleza

  • Por favor, faça o login para responder
28 respostas neste tópico

#1 Cristiane F.

Cristiane F.
  • Membros
  • 15 posts

Postado 16 outubro 2009 - 10:26

Oi Oi!!

Estou precisando muito da preciosa ajuda de vocês, sou usuária sem muita experiência em remoção de vírus. Meu PC foi infectado na semana passada com um spyware que criava falsos pop-ups solicitando atualização de um suposto antivírus "Windows Pro 2009", que nem mesmo tenho no meu computador.
Meu anti-vírus acusou a presença de lizkavd.exe/svcst.exe e seres.exe. Segui um procedimento que encontrei num tópico daqui, pois a pessoa tinha extamente o mesmo problema, que havia sido solucionado. Instalei o Malware Bytes e o executei, ele acusou diversas entradas, que foram todas colocadas em quarentena e então removidas. Segui também as instruções para estabelecer um ponto limpo na restauração do sistema. Aparentemente, tinha funcionado bem, os falso pop-ups tinham desaparecido e os arquivos lizkavd.exe/svcst.exe e seres.exe também tinham sumido da pasta documents and settings/usuário/dados de aplicativos.Tudo parecia normal, porém, ao fazer novo scan com meu anti-vírus AVG, ele acusa a presença de um Cavalo de Troia Generic 14.BLZO, que não consegue remover por fazer parte de um arquivo crítico do sistema (arquivo C:\windows\system32\drivers\agp440.sys).

Segue aqui o meu log no Hijackthis para sua análise:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:56:57, on 16/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\eTCrtMng.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DkLog.exe
C:\WINDOWS\system32\dkvcm.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\WINDOWS\system32\eTSrv.exe
C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\Arquivos de programas\Java\jre6\bin\jucheck.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\HiJackThis.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell....c=br&l=pt&s=gen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe
O4 - HKLM\..\Run: [DkMonitor.exe] C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe
O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\Datakey\Crypt32\DkStartup.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Search Protection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\cfantinati\restorer64_a.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll
O9 - Extra 'Tools' menuitem: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: Datakey's Virtual Channel Monitor (DkVcm) - Datakey, Inc. - C:\WINDOWS\system32\dkvcm.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 12096 bytes


Aqui o log do Malware Bytes:

Malwarebytes' Anti-Malware 1.41
Versão do banco de dados: 2968
Windows 5.1.2600 Service Pack 3

16/10/2009 09:02:58
mbam-log-2009-10-16 (09-02-58).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 195246
Tempo decorrido: 1 hour(s), 16 minute(s), 34 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 0

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)


O que será que está acontecendo??


Desde já agradeço imensamente!

Cris

Editado por Mário Monteiro, 16 outubro 2009 - 16:34 .
Retirada a palavra "AJUDA" do Titulo ou Descrição

  • 0

#2 Power Max

Power Max
  • Moderadores
  • 2.916 posts

Postado 16 outubro 2009 - 17:02

:thumbsup: Oi Cristiane! Seja bem-vinda ao Fórum Imasters.

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

• Faça o download do Superantispyware;
• Dê um duplo clique no ícone do programa e instale-o clicando em (Next > Aceite o contrato > Next > Next > escolha a opção de salvá-lo na pasta de Arquivos de Programas > Next > Next > aguarde a instalação > clique no botão Finish.
• Aparecerá uma caixa pedindo para que seja escolhida o seu idioma, escolha a opção de Portuguese (BR) e clique no botão Ok.
• Aparecerá uma mensagem perguntando: “Você quer que o SUPERAntiSpyware procure as regras e definições atuais agora (Recomendado)? Conecte o computador à Internet e clique no botão Sim. Aguarde a sua atualização
• Surgirá mais uma tela, clique no botão Avançar >Avançar >Avançar > - Avançar >Concluir.
• Aparecerá uma janela perguntando se você deseja proteger a sua página inicial do Internet Explorer contra mudanças. Escolha a opção desejada.
• Reinicie o computador,em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança);
• Caso não seja possível reiniciar o computador em Modo de segurança, faça o escaneamento no modo normal.
• Execute o SuperAntispyware e clique em: Escaneia seu PC...
• Em Local de escaneamento escolha: C:\ Fixed Drive ( NTFS ) e se você tiver outros discos a serem escaneados marque-os também;
• Marque a opção Faz Escaneamento Completo;
• Clique em Avançar. Aguarde!
• Terminando,abrir-se-à a janela: Resumo de Escaneamento SUPERAntiSpyware. Clique no botão Ok. Clique no botão Avançar > para que as ameaças sejam excluídas.
• Poderá aparecer uma mensagem perguntando se você deseja que o computador seja reiniciado para que os itens sejam excluídos. Clique em Sim.
• Após o reinício do PC, clique com o botão direito do mouse sobre o ícone do SUPERAntiSpyware ao lado do relógio do Windows e escolha a opção – Ver Centro de Controle (Preferências/Opções)... – clique na aba: Estatísticas/Arquivos de Log - Dê um duplo clique com o botão esquerdo do mouse sobre o log e será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).
• Depois disso é só voltar aqui no fórum e postar este log do SUPERAntiSpyware juntamente com um novo log do Hijackthis para que eles possam ser analizados e nos diga se todos os problemas encontrados pelo SuperAntispyware foram removidos.
• Ficamos no aguardo.
  • 0

#3 Cristiane F.

Cristiane F.
  • Membros
  • 15 posts

Postado 19 outubro 2009 - 12:28

Oi Oi Antonio,

Muito obrigada pelo passo a passo tão detalhado :thumbsup: !

Vamos aos logs então.
Do Superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/19/2009 at 01:14 PM

Application Version : 4.29.1004

Core Rules Database Version : 4173
Trace Rules Database Version: 2093

Scan type : Complete Scan
Total Scan Time : 01:12:57

Memory items scanned : 234
Memory threats detected : 0
Registry items scanned : 6523
Registry threats detected : 0
File items scanned : 23214
File threats detected : 161

Adware.Tracking Cookie
C:\Documents and Settings\cfantinati\Cookies\cfantinati@adservingml[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@adtech[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@tns-counter[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@www.hairfinder[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@adserver-2.bnetwork.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@server.iad.liveperson[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@sixapart.adbureau[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@statcounter[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@overture[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.clicksor[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@fortuneopub.solution.weborama[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@oas.adservingml[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.buscape.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@msnportal.112.2o7[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@xiti[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@sistema.allinmedia.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@adinterax[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ad.zanox[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@eas.apm.emediate[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@hairfinder[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@myroitracking[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@trvlnet.adbureau[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@fl01.ct2.comclick[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@amilportal.ad.adnetwork.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@zbox.zanox[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@advertising[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@99counters[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@rambler[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@m1.webstats.motigo[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.realmedia.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@tscounter[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@abril.112.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ice.112.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@apmebf[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.sun[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@specificmedia[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@realmedia[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@a1.interclick[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.abril.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@76959217[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ad.adnetwork.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@specificclick[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ad.yieldmanager[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.viddler[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@atlanticahotels.ad.adnetwork.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@atdmt[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@tam.ad.adnetwork.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.us.e-planning[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.bolsademulher[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@list[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.directaclick[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@tribalfusion[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@adsense2008.mpl[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@doubleclick[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@adbrite[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@serving-sys[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@roiservice[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@richmedia.yahoo[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.bluelithium[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@himidia.112.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.twenga[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@chitika[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@snap9.advertserve[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@24631554[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@portalclaro.ad.adnetwork.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.hardmob.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@trafficmp[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@walmartbrasil.112.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@please[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@bravenet[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads1.mediaops.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@smartadserver[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@statse.webtrendslive[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@stats.adbrite[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@interclick[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@revsci[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@videoegg.adbureau[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@b2wviagens.122.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@kontera[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@weborama[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@azul.ad.adnetwork.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ad.virgula.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@visiteurope[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@aunica.112.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@questionmarket[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@paypal.112.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ad2.pop.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@millenniumhotels.122.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@52829327[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@msnbc.112.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@cdn4.specificclick[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@adopt.specificclick[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@trackalyzer[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@service.liveperson[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ak[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@yadro[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.sapo[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@golalmap.ad.adnetwork.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@stats.jollypeople[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@www.imediaexcellence.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1042569231[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.minhavida.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@sulamerica.ad.adnetwork.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@deloitte.122.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1069390747[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@content.yieldmanager[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@adserver.internet-arts[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.pugetsoundsoftware[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@bs.serving-sys[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@stats1.clicktracks[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1033633648[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.xpg.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1035911751[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@stat.blogorama[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@adserver.jacotei.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@at.atwola[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@tacoda[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@008.free-counters.co[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1066419315[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@oasc05.247realmedia[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1055809208[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@cgi-bin[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@loreal.ad.adnetwork.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@adserver.dialhost.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@perf.overture[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1072707600[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1059546366[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@claroideias.ad.adnetwork.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1060637718[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1068000933[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1044263752[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.clubedohardware.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@contour---press.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1066977303[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@fastclick[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@tripod[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@skyac.ad.adnetwork.com[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@link.mercent[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@e-2dj6wml4okcjghq.stats.esomniture[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@pro-market[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1068758887[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@semdirector.112.2o7[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@19452074[2].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@media.realmedia.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@1071095996[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-extreme.hitbox[1].txt
C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@server.iad.liveperson[2].txt
C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@ads.obaoba.com[1].txt
C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@ads1.mediaops.com[1].txt
C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@stats.guiamais.com[1].txt
C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@banner.tpi.com[1].txt
C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@tam.ad.adnetwork.com[2].txt
C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@ad.adnetwork.com[1].txt
C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@ads.abril.com[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@neocounter2[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@accounts[1].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@accounts[3].txt
C:\Documents and Settings\cfantinati\Cookies\cfantinati@accounts[4].txt


E para o meu desespero, quando eu fui fazer o scan no Hijackthis, o AVG novamente acusou o vírus Cavalo de Tróia 14.blzo no C:\\windows/system32\drivers\agp440.sys. De qualquer forma, segue o log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:32, on 19/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\eTCrtMng.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe
C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\DkLog.exe
C:\WINDOWS\system32\dkvcm.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\eTSrv.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Arquivos de programas\HiJackThis.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell....c=br&l=pt&s=gen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe
O4 - HKLM\..\Run: [DkMonitor.exe] C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe
O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\Datakey\Crypt32\DkStartup.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Search Protection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\cfantinati\restorer64_a.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll
O9 - Extra 'Tools' menuitem: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: Datakey's Virtual Channel Monitor (DkVcm) - Datakey, Inc. - C:\WINDOWS\system32\dkvcm.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 12358 bytes

Socorro!

Desde já, muito obrigada pela grande ajuda
Cris
  • 0

#4 Power Max

Power Max
  • Moderadores
  • 2.916 posts

Postado 19 outubro 2009 - 13:03

:seta: Siga, por gentileza, as dicas deste tutorial:

Tutorial do Kaspersky Virus Removal Tool

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

Ficamos no aguardo.
  • 0

#5 Cristiane F.

Cristiane F.
  • Membros
  • 15 posts

Postado 19 outubro 2009 - 14:52

Oi Antonio,

Já baixei o programa conforme sua orientação e logo mais vou fazer o scan, mas como é bem lento e logo mais tenho que sair, provavelmente só verificarei os resultados e os postarei aqui amanhã. Nesse meio tempo, você acha aconselhável que eu deixe o cabo de rede desconectado, enquanto o Kaspersky roda no modo de segurança? É que tenho medo de que novas infecções aconteçam enquanto estou ausente do computador, pois esse vírus está abrindo portas para isso a todo instante.
Queria porém te perguntar se não devo desinstalar alguns dos programas de proteção que aqui estão, o Spybot, o Malware Bytes e o Superantispyware. Esse excesso de programas de proteção não podem entrar em conflito em algum momento?


Grata!
Cris
  • 0

#6 Power Max

Power Max
  • Moderadores
  • 2.916 posts

Postado 19 outubro 2009 - 14:59

Oi Antonio,

Já baixei o programa conforme sua orientação e logo mais vou fazer o scan, mas como é bem lento e logo mais tenho que sair, provavelmente só verificarei os resultados e os postarei aqui amanhã. Nesse meio tempo, você acha aconselhável que eu deixe o cabo de rede desconectado, enquanto o Kaspersky roda no modo de segurança? É que tenho medo de que novas infecções aconteçam enquanto estou ausente do computador, pois esse vírus está abrindo portas para isso a todo instante.

Realmente esta é uma boa idéia, o escaneamento dele é eficiente mas é meio demorado mesmo. E fazendo desta forma que você citou você evita que o virus se espalhe.

Queria porém te perguntar se não devo desinstalar alguns dos programas de proteção que aqui estão, o Spybot, o Malware Bytes e o Superantispyware. Esse excesso de programas de proteção não podem entrar em conflito em algum momento?

Você usar todos estes programas em conjunto, pois eles são compatíveis. Mas deixe só o Spybot e o seu antivirus iniciando juntamente com o seu PC para que o Windows não fique lento.

E os outros programas você deixa para fazer só uma verificação semanal.

E quanto ao Spybot depois que você terminar de fazer a limpeza com o Kaspersky é importante você fazer uma atualização (update) do Spybot > e depois disto faça um escaneamento com o Spybot e remova os problemas que ele encontrar.

E depois disto poste por gentileza os logs pedidos e nos diga como está o PC após estes procedimentos.
  • 0

#7 Cristiane F.

Cristiane F.
  • Membros
  • 15 posts

Postado 20 outubro 2009 - 09:17

Oi Oi Antonio!

Deixei o Kaspersky rodando durante e anoite, ele encontrou o vírus que os outros antivirus não conseguiram remover. Ele desinfectou o C:\system32\driver\agp440.sys e deletou o trojan backdoor.win.32.bredolab.ahd.

Isso feito, atualizei o Spybot e fiz o scan, duas entradas foram removidas.

Aqui vai o log do Kaspersky:

Scan
----
Scanned: 869481
Detected: 2
Untreated: 0
Start time: 19/10/2009 16:58:35
Duration: 16:15:19
Finish time: 20/10/2009 09:13:54


Detected
--------
Status Object
------ ------
disinfected: virus Virus.Win32.Protector.c File: c:\windows\system32\drivers\agp440.sys
deleted: Trojan program Backdoor.Win32.Bredolab.ahd File: C:\Documents and Settings\cfantinati\Configurações locais\Temp\~TM678.tmp


Events
------
Time Name Status Reason
---- ---- ------ ------
19/10/2009 17:04:30 File: c:\windows\system32\drivers\agp440.sys detected virus 'Virus.Win32.Protector.c'
19/10/2009 17:04:30 File: c:\windows\system32\drivers\agp440.sys not disinfected postponed
19/10/2009 17:06:56 File: c:\windows\system32\drivers\agp440.sys detected virus 'Virus.Win32.Protector.c'
19/10/2009 17:06:56 File: c:\windows\system32\drivers\agp440.sys not disinfected postponed
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip/sbRecovery.reg password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip/sbRecovery.ini password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip/svcst.exe password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip/sbRecovery.ini password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip/sbRecovery.reg password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip/sbRecovery.ini password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp3.zip/svcst.exe password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp3.zip/sbRecovery.ini password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip/sbRecovery.reg password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip/sbRecovery.ini password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp5.zip/svcst.exe password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp5.zip/sbRecovery.ini password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp6.zip/sbRecovery.reg password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp6.zip/sbRecovery.ini password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp7.zip/sbRecovery.reg password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp7.zip/sbRecovery.ini password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro.zip/sbRecovery.reg password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro.zip/sbRecovery.ini password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro1.zip/sbRecovery.reg password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro1.zip/sbRecovery.ini password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.reg password protected
19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.ini password protected
19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.reg password protected
19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.ini password protected
19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/deSrcAs.dll password protected
19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.ini password protected
19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinTDSSrtk.zip/sbRecovery.reg password protected
19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinTDSSrtk.zip/sbRecovery.ini password protected
19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\XPSecurityCenter.zip/_scui.cpl password protected
19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\XPSecurityCenter.zip/sbRecovery.ini password protected
19/10/2009 19:07:17 File: C:\Documents and Settings\cfantinati\Configurações locais\Temp\~TM678.tmp detected Trojan program 'Backdoor.Win32.Bredolab.ahd'
19/10/2009 19:07:17 File: C:\Documents and Settings\cfantinati\Configurações locais\Temp\~TM678.tmp not disinfected postponed
19/10/2009 19:14:35 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\6XZ7SZGF\_AVE_[1]._d_ password protected
19/10/2009 19:14:35 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\6XZ7SZGF\_AVE_[1]._d_ password protected
19/10/2009 19:14:48 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\7XWKRGMP\_AVE_[1]._d_ password protected
19/10/2009 19:14:48 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\7XWKRGMP\_AVE_[1]._d_ password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0186EA19-A080-4D06-8557-7AAE923A12D7} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{01AC6DA5-30AB-47FD-A709-18E502A54E25} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{038B36C0-2C6C-4CE7-A12C-2FA94DAA807A} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{04E5D7B3-C9C5-4B83-AE18-0B4F6F07CA3D} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0632BBC7-4547-4CFB-A162-783DE1A00362} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{08045D7B-8FEE-4EB5-BFDB-46FF96A86648} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0C665248-2A5D-4F3E-9F4F-DC274C09C727} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0C668C22-B8A4-4BEB-9CC6-08D662575854} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0D17A14A-92BF-404F-B888-480C734CFAD6} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0E7B6756-E4A6-445C-A1EB-21F511E54F2C} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0F74A9E6-422A-4078-92EB-A980DE26AFE7} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0FEFEEFD-FDF2-4A23-9FFF-F6161F1B2180} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{10F06D85-0A6F-4BBA-A79E-DDFA18B74F9E} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1422AF0A-F95F-4CF5-87C4-4A879288EDC9} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{154F7368-0BF4-42A0-BE8A-3A332BF35A70} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{156AF484-09DF-46F2-8799-4076C1934C7C} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{16D0E3F0-324C-4E00-B308-21F323C2B113} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1A733C08-B5CE-45EE-AC2C-EC098BE7BD8D} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1B25C9F4-3D5B-4D17-B4D5-602195A5E98E} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1BF02F00-7BF9-442F-AB7F-A23965783342} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1C7A736E-7B49-4667-9EBD-CE5B7E21E5C9} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1C86EF9A-6F86-49B5-92E1-5BC2C792C3DB} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1F4EF901-8364-4467-921A-95BF191CAC98} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{205AA73F-4028-4137-8BED-D3E051EC0ADF} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{206E3798-B5E6-4A83-B692-03AAB08F5C62} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{206EFBC6-3918-4E67-8A11-9840DF01C7C8} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2172FA60-85BB-4F7B-9E7B-F41392DFA356} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{270B40F9-D1B1-4D49-9C79-5ED78A50829F} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{288EA77F-8D8D-426E-9590-EA239564F060} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{28DF568A-3938-406D-A58D-E07D6847CF8A} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2AC3AC54-88DF-4E17-8953-4FEE343D2B2E} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2B75A01F-C936-4EA5-B0EA-F2BC6199C8DB} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{30AFC96F-168D-4097-B895-3A289C604E88} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{31E9AC62-7317-42B1-B742-7316F02AE578} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{32CC9300-59B0-4B1D-8C34-A2E4FEC96A48} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3577F9BE-7B3A-4809-B9DC-4448F5D186FC} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3988BF78-2290-43C8-A1DF-57AE579E872B} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3B894B58-767B-4485-A826-1F84674113A5} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3B913AC1-4CF7-40CC-9A43-2B29BC3EA6DF} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3E6BD6D0-7714-4E66-B317-D474938B4DF2} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{40F6555F-058E-4967-8122-F95891B083AD} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{453B2BFF-8AD6-4298-AFC7-DA29D4215BD1} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{45656A66-59AD-4BC1-8C39-4C1E34D92DCC} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{45BD2479-903C-4EF9-8334-EEF880E5CE8D} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4685B085-6971-4325-B5A6-2E7062C5C0BC} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4763232E-1929-45F0-B510-1C47BDB9AA51} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4781DE3D-8EF2-4616-AC0F-FBA10EFE6737} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{496B8CE5-9DB6-4253-B541-2FFFBC975C90} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{49EA557A-00A6-4069-B5B4-BA493E96EA6F} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4B570DE5-2603-42B3-99A6-6333C3BC1EF7} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4D08BB20-B13D-4019-B3EC-D09E120FA3B6} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{50087FDB-AA7E-4216-80F6-88E1369192CD} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{50A1E89A-4B65-45AD-8983-BBB155AFA27F} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{515E81EA-0962-47B2-984F-B21D2154F99F} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{53A3C576-5AB9-4B98-8615-34F8C5C8B7F6} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{5EFE2E30-5B6F-471F-B172-82EE2045604B} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{618B0B36-A4D9-4956-B7F9-17BD185E039D} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{625FD414-543B-4037-A624-E11A8B7D3031} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6286DDBE-7D32-4ACD-9002-5A7A6C6FBABF} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{62AC869E-614C-473C-8013-0B89CA949B50} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{63B4E8F6-8999-4714-A2CE-BB4C64FC6A3F} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{65B33AC1-4FA6-45D5-B9AA-C45AE75ECDEC} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{66FAEA38-25F8-4FCF-B6BC-5CC1F0740BC5} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6A374274-6D51-4889-A4B6-9531377B866F} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6B466351-1895-49B9-AE92-FBDBAE4C7ACC} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6C900B6D-8BA8-4432-9430-6B2D35D15917} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{701810CE-1129-4001-B883-F2BD40B70AF8} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{70FF2BAD-AEF2-4770-B67A-791776BB2664} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7824082A-C24E-4C01-B60C-BCC647A2D98F} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{797CDB3E-C397-4D4C-A637-FC6F37E4C3F0} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{79EA7C8E-34EF-4DA2-BA99-A6F02800B801} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7A277B8C-24D4-4643-BFDB-4EB5AA3020F8} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7AEE548F-B6E6-4CD7-8DC6-5D2A4B565222} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7B5BF411-3AB2-46F8-873A-BBFDC0E1A28F} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7EBE576A-F75F-47FE-BBFF-B93AE48912DD} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{84059DBF-B7F3-42EB-BEB3-7236330DAECA} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8441440A-6156-4C9E-8D13-2C20BC8C2359} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{86671AC4-DCC2-430A-BAAA-975A14ACB202} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{882356C6-D041-464F-BC6A-34F2255A864E} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B463B73-9875-4206-AFEA-F042A0EDDDE2} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B6CB2BF-7695-47E8-9AF0-56B2EFCB63A9} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B8DC122-754D-44D5-BA0E-015A401146AA} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8BB6307B-C494-4DCD-A078-25C34D871435} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8D447878-02F2-48A1-97AC-BD2574A0A040} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8FEF3E02-9D85-49E8-A3FD-736C57CB6880} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{9015549E-1DF9-40B5-BA1D-2E3107FB17C7} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{9093B41A-9DC1-472B-8F9F-8052884C5FDD} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{916BAB09-90F0-4B10-A531-BD0646E2F4CE} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{94F97614-4612-4ACE-9780-96BF7F6DE314} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{953695DD-8C2C-4387-B3EB-09E7FA9084FC} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{96844BA6-360E-420C-AC00-28DF6F6DE9A2} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{99E35F3A-A2C9-4262-8236-84F0DD9E7034} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{A2122E95-A4ED-4A0F-8C57-A0D0BA31F0C0} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{A2DDC83D-CA93-4855-8A8A-3526713AC8D8} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{AAD0DD3C-A7A2-403F-B296-59A65D7C9EC7} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B116DE56-CD7C-4E0F-B8C9-3C9A05F6FFAB} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B11AA807-0B24-4E66-9052-8484573703F2} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B2E0A0F1-1E8D-49E4-94D1-0DFB18C2CD05} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B3877683-994D-4AE8-B1EE-C9F1F4D9E054} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B673F967-C5C7-439C-A6C0-80EAACCE4A6E} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B6D9583F-F662-4933-9484-80F31584B2A0} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B80EB9D9-9771-4306-B9EE-68D52B9493B0} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BA208212-68F8-4EDD-8451-BB64C193C7DC} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BB9A28AE-933B-4E11-8840-5A8EF7C759E8} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BC507CFF-1A81-4D79-B7B6-F09F8D6AFA0C} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BC58102D-A87C-4B4D-9CEA-DB383678E176} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BCA75F95-D6A2-41DE-B114-B0A1678A8A3B} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BE4D3C6E-6340-4558-88E3-8AAD07FF1FDE} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BF0D15D1-1014-4465-BB86-25770EFD2DB3} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C3149D85-B035-4DF7-851C-EDBADE6BA6A5} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C3394AEA-0700-428D-9621-05F91761E850} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C5A6B49C-D117-413A-8ECB-327FAC09F4CE} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CBFAA8DB-6B2C-4745-869C-F0BD09E9BE62} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CCBFA2BA-9949-49A1-92B8-5DA28DBE7C8A} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CF1F2925-7826-44F4-B134-10D57BC3FBFB} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D004B0E6-4CFB-4D98-9A52-52FD5072E76A} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D09566A0-33B9-44F9-94DE-59B1C1DB7F54} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D1704AC2-8424-4538-ABB4-30F93CE71BF4} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D1C6AA95-8225-469D-8D8E-B7D909A990DE} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D3EB6FB9-F001-42D0-92F5-C53CEDF54C50} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D4B6AE0F-EE9B-4009-B90A-E926CFC0366D} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{DB1A16FA-FF5D-4597-AC3E-6436811384E6} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{DB437D67-9333-47B9-8D91-7A36E89D9116} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E042D964-6678-4406-BD98-77D6BAFE855D} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E1777072-468C-4401-A1AC-BF7CCBE35B5B} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E4574BEA-ABB6-4D9F-BFAC-8C6CD7781D6A} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E66BAE02-CCF5-4FCF-B80D-F56A76911788} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EAB9F198-76B0-4F75-BC5E-6A1668535B7E} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EBDDD305-543B-4095-B4B7-C5973DD6C3B2} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EC0FFBD1-27E6-4A6D-9CF5-AAEB2A103D8F} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EE517188-C40C-4709-8BB2-AE94727A7C46} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EEB0CFEF-D8B0-429D-A117-925DA6CDEE38} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EFE89D3A-4213-4439-B82A-BCD0513312F8} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F1DB8145-8F21-43D1-9579-A2182D56488C} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F25E1414-CEB0-4746-904F-AF41ECC13607} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F3DA0F37-4280-4DFA-BA8A-9E79F9C6FBF3} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F630F086-B539-4271-BDFB-81A20B387849} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F8A6F521-7CF3-4191-B2E1-01C55B78B347} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FA86CFB6-0DC2-48A5-A6DD-D17BDBF94E4B} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FA9BBCC9-2E23-4B3A-83CB-CEE6F4E5B475} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FD22FCA3-81DC-4B76-885B-DCDF1695A38F} password protected
19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/backup.db password protected
19/10/2009 21:57:52 File: C:\WINDOWS\system32\drivers\agp440.sys detected virus 'Virus.Win32.Protector.c'
19/10/2009 21:57:53 File: C:\WINDOWS\system32\drivers\agp440.sys not disinfected postponed
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip/sbRecovery.reg password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip/svcst.exe password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip/sbRecovery.reg password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp3.zip/svcst.exe password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp3.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip/sbRecovery.reg password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp5.zip/svcst.exe password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp5.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp6.zip/sbRecovery.reg password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp6.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp7.zip/sbRecovery.reg password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp7.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro.zip/sbRecovery.reg password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro1.zip/sbRecovery.reg password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro1.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.reg password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.reg password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/deSrcAs.dll password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinTDSSrtk.zip/sbRecovery.reg password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinTDSSrtk.zip/sbRecovery.ini password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\XPSecurityCenter.zip/_scui.cpl password protected
19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\XPSecurityCenter.zip/sbRecovery.ini password protected
20/10/2009 00:00:38 File: C:\Documents and Settings\cfantinati\Configurações locais\Temp\~TM678.tmp detected Trojan program 'Backdoor.Win32.Bredolab.ahd'
20/10/2009 00:00:38 File: C:\Documents and Settings\cfantinati\Configurações locais\Temp\~TM678.tmp not disinfected postponed
20/10/2009 00:07:57 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\6XZ7SZGF\_AVE_[1]._d_ password protected
20/10/2009 00:07:57 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\6XZ7SZGF\_AVE_[1]._d_ password protected
20/10/2009 00:08:10 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\7XWKRGMP\_AVE_[1]._d_ password protected
20/10/2009 00:08:10 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\7XWKRGMP\_AVE_[1]._d_ password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0186EA19-A080-4D06-8557-7AAE923A12D7} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{01AC6DA5-30AB-47FD-A709-18E502A54E25} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{038B36C0-2C6C-4CE7-A12C-2FA94DAA807A} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{04E5D7B3-C9C5-4B83-AE18-0B4F6F07CA3D} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0632BBC7-4547-4CFB-A162-783DE1A00362} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{08045D7B-8FEE-4EB5-BFDB-46FF96A86648} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0C665248-2A5D-4F3E-9F4F-DC274C09C727} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0C668C22-B8A4-4BEB-9CC6-08D662575854} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0D17A14A-92BF-404F-B888-480C734CFAD6} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0E7B6756-E4A6-445C-A1EB-21F511E54F2C} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0F74A9E6-422A-4078-92EB-A980DE26AFE7} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0FEFEEFD-FDF2-4A23-9FFF-F6161F1B2180} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{10F06D85-0A6F-4BBA-A79E-DDFA18B74F9E} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1422AF0A-F95F-4CF5-87C4-4A879288EDC9} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{154F7368-0BF4-42A0-BE8A-3A332BF35A70} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{156AF484-09DF-46F2-8799-4076C1934C7C} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{16D0E3F0-324C-4E00-B308-21F323C2B113} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1A733C08-B5CE-45EE-AC2C-EC098BE7BD8D} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1B25C9F4-3D5B-4D17-B4D5-602195A5E98E} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1BF02F00-7BF9-442F-AB7F-A23965783342} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1C7A736E-7B49-4667-9EBD-CE5B7E21E5C9} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1C86EF9A-6F86-49B5-92E1-5BC2C792C3DB} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1F4EF901-8364-4467-921A-95BF191CAC98} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{205AA73F-4028-4137-8BED-D3E051EC0ADF} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{206E3798-B5E6-4A83-B692-03AAB08F5C62} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{206EFBC6-3918-4E67-8A11-9840DF01C7C8} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2172FA60-85BB-4F7B-9E7B-F41392DFA356} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{270B40F9-D1B1-4D49-9C79-5ED78A50829F} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{288EA77F-8D8D-426E-9590-EA239564F060} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{28DF568A-3938-406D-A58D-E07D6847CF8A} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2AC3AC54-88DF-4E17-8953-4FEE343D2B2E} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2B75A01F-C936-4EA5-B0EA-F2BC6199C8DB} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{30AFC96F-168D-4097-B895-3A289C604E88} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{31E9AC62-7317-42B1-B742-7316F02AE578} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{32CC9300-59B0-4B1D-8C34-A2E4FEC96A48} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3577F9BE-7B3A-4809-B9DC-4448F5D186FC} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3988BF78-2290-43C8-A1DF-57AE579E872B} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3B894B58-767B-4485-A826-1F84674113A5} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3B913AC1-4CF7-40CC-9A43-2B29BC3EA6DF} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3E6BD6D0-7714-4E66-B317-D474938B4DF2} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{40F6555F-058E-4967-8122-F95891B083AD} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{453B2BFF-8AD6-4298-AFC7-DA29D4215BD1} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{45656A66-59AD-4BC1-8C39-4C1E34D92DCC} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{45BD2479-903C-4EF9-8334-EEF880E5CE8D} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4685B085-6971-4325-B5A6-2E7062C5C0BC} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4763232E-1929-45F0-B510-1C47BDB9AA51} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4781DE3D-8EF2-4616-AC0F-FBA10EFE6737} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{496B8CE5-9DB6-4253-B541-2FFFBC975C90} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{49EA557A-00A6-4069-B5B4-BA493E96EA6F} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4B570DE5-2603-42B3-99A6-6333C3BC1EF7} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4D08BB20-B13D-4019-B3EC-D09E120FA3B6} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{50087FDB-AA7E-4216-80F6-88E1369192CD} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{50A1E89A-4B65-45AD-8983-BBB155AFA27F} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{515E81EA-0962-47B2-984F-B21D2154F99F} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{53A3C576-5AB9-4B98-8615-34F8C5C8B7F6} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{5EFE2E30-5B6F-471F-B172-82EE2045604B} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{618B0B36-A4D9-4956-B7F9-17BD185E039D} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{625FD414-543B-4037-A624-E11A8B7D3031} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6286DDBE-7D32-4ACD-9002-5A7A6C6FBABF} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{62AC869E-614C-473C-8013-0B89CA949B50} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{63B4E8F6-8999-4714-A2CE-BB4C64FC6A3F} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{65B33AC1-4FA6-45D5-B9AA-C45AE75ECDEC} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{66FAEA38-25F8-4FCF-B6BC-5CC1F0740BC5} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6A374274-6D51-4889-A4B6-9531377B866F} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6B466351-1895-49B9-AE92-FBDBAE4C7ACC} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6C900B6D-8BA8-4432-9430-6B2D35D15917} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{701810CE-1129-4001-B883-F2BD40B70AF8} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{70FF2BAD-AEF2-4770-B67A-791776BB2664} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7824082A-C24E-4C01-B60C-BCC647A2D98F} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{797CDB3E-C397-4D4C-A637-FC6F37E4C3F0} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{79EA7C8E-34EF-4DA2-BA99-A6F02800B801} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7A277B8C-24D4-4643-BFDB-4EB5AA3020F8} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7AEE548F-B6E6-4CD7-8DC6-5D2A4B565222} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7B5BF411-3AB2-46F8-873A-BBFDC0E1A28F} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7EBE576A-F75F-47FE-BBFF-B93AE48912DD} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{84059DBF-B7F3-42EB-BEB3-7236330DAECA} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8441440A-6156-4C9E-8D13-2C20BC8C2359} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{86671AC4-DCC2-430A-BAAA-975A14ACB202} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{882356C6-D041-464F-BC6A-34F2255A864E} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B463B73-9875-4206-AFEA-F042A0EDDDE2} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B6CB2BF-7695-47E8-9AF0-56B2EFCB63A9} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B8DC122-754D-44D5-BA0E-015A401146AA} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8BB6307B-C494-4DCD-A078-25C34D871435} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8D447878-02F2-48A1-97AC-BD2574A0A040} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8FEF3E02-9D85-49E8-A3FD-736C57CB6880} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{9015549E-1DF9-40B5-BA1D-2E3107FB17C7} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{9093B41A-9DC1-472B-8F9F-8052884C5FDD} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{916BAB09-90F0-4B10-A531-BD0646E2F4CE} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{94F97614-4612-4ACE-9780-96BF7F6DE314} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{953695DD-8C2C-4387-B3EB-09E7FA9084FC} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{96844BA6-360E-420C-AC00-28DF6F6DE9A2} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{99E35F3A-A2C9-4262-8236-84F0DD9E7034} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{A2122E95-A4ED-4A0F-8C57-A0D0BA31F0C0} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{A2DDC83D-CA93-4855-8A8A-3526713AC8D8} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{AAD0DD3C-A7A2-403F-B296-59A65D7C9EC7} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B116DE56-CD7C-4E0F-B8C9-3C9A05F6FFAB} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B11AA807-0B24-4E66-9052-8484573703F2} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B2E0A0F1-1E8D-49E4-94D1-0DFB18C2CD05} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B3877683-994D-4AE8-B1EE-C9F1F4D9E054} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B673F967-C5C7-439C-A6C0-80EAACCE4A6E} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B6D9583F-F662-4933-9484-80F31584B2A0} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B80EB9D9-9771-4306-B9EE-68D52B9493B0} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BA208212-68F8-4EDD-8451-BB64C193C7DC} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BB9A28AE-933B-4E11-8840-5A8EF7C759E8} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BC507CFF-1A81-4D79-B7B6-F09F8D6AFA0C} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BC58102D-A87C-4B4D-9CEA-DB383678E176} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BCA75F95-D6A2-41DE-B114-B0A1678A8A3B} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BE4D3C6E-6340-4558-88E3-8AAD07FF1FDE} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BF0D15D1-1014-4465-BB86-25770EFD2DB3} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C3149D85-B035-4DF7-851C-EDBADE6BA6A5} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C3394AEA-0700-428D-9621-05F91761E850} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C5A6B49C-D117-413A-8ECB-327FAC09F4CE} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CBFAA8DB-6B2C-4745-869C-F0BD09E9BE62} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CCBFA2BA-9949-49A1-92B8-5DA28DBE7C8A} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CF1F2925-7826-44F4-B134-10D57BC3FBFB} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D004B0E6-4CFB-4D98-9A52-52FD5072E76A} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D09566A0-33B9-44F9-94DE-59B1C1DB7F54} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D1704AC2-8424-4538-ABB4-30F93CE71BF4} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D1C6AA95-8225-469D-8D8E-B7D909A990DE} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D3EB6FB9-F001-42D0-92F5-C53CEDF54C50} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D4B6AE0F-EE9B-4009-B90A-E926CFC0366D} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{DB1A16FA-FF5D-4597-AC3E-6436811384E6} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{DB437D67-9333-47B9-8D91-7A36E89D9116} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E042D964-6678-4406-BD98-77D6BAFE855D} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E1777072-468C-4401-A1AC-BF7CCBE35B5B} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E4574BEA-ABB6-4D9F-BFAC-8C6CD7781D6A} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E66BAE02-CCF5-4FCF-B80D-F56A76911788} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EAB9F198-76B0-4F75-BC5E-6A1668535B7E} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EBDDD305-543B-4095-B4B7-C5973DD6C3B2} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EC0FFBD1-27E6-4A6D-9CF5-AAEB2A103D8F} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EE517188-C40C-4709-8BB2-AE94727A7C46} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EEB0CFEF-D8B0-429D-A117-925DA6CDEE38} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EFE89D3A-4213-4439-B82A-BCD0513312F8} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F1DB8145-8F21-43D1-9579-A2182D56488C} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F25E1414-CEB0-4746-904F-AF41ECC13607} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F3DA0F37-4280-4DFA-BA8A-9E79F9C6FBF3} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F630F086-B539-4271-BDFB-81A20B387849} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F8A6F521-7CF3-4191-B2E1-01C55B78B347} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FA86CFB6-0DC2-48A5-A6DD-D17BDBF94E4B} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FA9BBCC9-2E23-4B3A-83CB-CEE6F4E5B475} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FD22FCA3-81DC-4B76-885B-DCDF1695A38F} password protected
20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/backup.db password protected
20/10/2009 02:51:16 File: C:\WINDOWS\system32\drivers\agp440.sys detected virus 'Virus.Win32.Protector.c'
20/10/2009 02:51:16 File: C:\WINDOWS\system32\drivers\agp440.sys not disinfected postponed
20/10/2009 02:53:45 File: c:\windows\system32\drivers\agp440.sys detected virus 'Virus.Win32.Protector.c'
20/10/2009 09:13:02 File: c:\windows\system32\drivers\agp440.sys disinfected virus 'Virus.Win32.Protector.c'
20/10/2009 09:13:06 File: c:\documents and settings\cfantinati\configurações locais\temp\~tm678.tmp detected Trojan program 'Backdoor.Win32.Bredolab.ahd'
20/10/2009 09:13:54 File: c:\documents and settings\cfantinati\configurações locais\temp\~tm678.tmp deleted


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----

E aqui vai o log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:27, on 20/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DkLog.exe
C:\WINDOWS\system32\dkvcm.exe
C:\WINDOWS\system32\eTSrv.exe
C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\eTCrtMng.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe
C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Arquivos de programas\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell....c=br&l=pt&s=gen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe
O4 - HKLM\..\Run: [DkMonitor.exe] C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe
O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\Datakey\Crypt32\DkStartup.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Search Protection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\cfantinati\restorer64_a.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-J8NM1.lnk = C:\Documents and Settings\cfantinati\Desktop\Virus Removal Tool\is-J8NM1\startup.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll
O9 - Extra 'Tools' menuitem: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: Datakey's Virtual Channel Monitor (DkVcm) - Datakey, Inc. - C:\WINDOWS\system32\dkvcm.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 12343 bytes


Está limpo agora??


Grata!
Cris
  • 0

#8 Power Max

Power Max
  • Moderadores
  • 2.916 posts

Postado 20 outubro 2009 - 09:30

:thumbsup: Um trojan e um backdoor foram eliminados pelo Kaspersky.
__________________________________

:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):
http://swandog46.gee...r2/download.php

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

Files to delete:
C:\WINDOWS\system32\restorer64_a.exe


*Execute o programa Avenger
*Clique em [Load Script] > [Paste from Clipboard]
*Clique em [Execute] > [OK]
*O PC será reiniciado
*O relatório será criado em C:\avenger.txt
__________________________________

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe

O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\cfantinati\restorer64_a.exe
__________________________________

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

Faça o download do ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar.

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”.

Clique sobre “SIM” para continuar a varredura.

5) O ComboFix iniciará o AUTOSCAN (aguarde).

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

Ao término do processo a máquina será reiniciada para a emissão do relatório.

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt.

7) Reabilite o seu anti-vírus;

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo!

Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.
* Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".
* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log do Avenger que estará em C:\avenger.txt e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

Ficamos no aguardo.
  • 0

#9 Cristiane F.

Cristiane F.
  • Membros
  • 15 posts

Postado 20 outubro 2009 - 10:10

Antonio, não estou conseguindo desabilitar o AVG antivirus, eu fechei o ícone que aparece ao lado do relógio mas o Combofix continua acusando que o programa de proteção residente está ativo, o que faço? estou com a janela do combofix aguardando um ok para rodar, mesmo com o AVG ativo.


Cris
  • 0

#10 Power Max

Power Max
  • Moderadores
  • 2.916 posts

Postado 20 outubro 2009 - 10:16

Antonio, não estou conseguindo desabilitar o AVG antivirus, eu fechei o ícone que aparece ao lado do relógio mas o Combofix continua acusando que o programa de proteção residente está ativo, o que faço? estou com a janela do combofix aguardando um ok para rodar, mesmo com o AVG ativo.

Cris

:seta: Reinicie então o PC em Modo Seguro e execute o Combofix no Modo seguro. Depois poste os logs pedidos.
  • 0

#11 Cristiane F.

Cristiane F.
  • Membros
  • 15 posts

Postado 20 outubro 2009 - 10:44

Não foi necessário executar o Combofix em modo seguro, consegui desativar a proteção residente do AVG e rodei o combo em modo normal. Aqui vão os logs solicitados:

Combofix:

ComboFix 09-10-19.02 - cfantinati 20/10/2009 11:25.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1014.548 [GMT -2:00]
Executando de: c:\documents and settings\cfantinati\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\Arquivos comuns\afinojafo.ban
c:\arquivos de programas\Arquivos comuns\uvajyrotuw._sy
c:\arquivos de programas\Arquivos comuns\ylajo.exe
c:\documents and settings\All Users\Dados de aplicativos\akibovo._dl
c:\documents and settings\All Users\Dados de aplicativos\calaxujak.dl
c:\documents and settings\All Users\Dados de aplicativos\kolabota.scr
c:\documents and settings\cfantinati\Configura‡äes locais\Dados de aplicativos\adufuc.bat
c:\documents and settings\cfantinati\Cookies\axice---a.vbs
c:\documents and settings\cfantinati\Cookies\soxexorut._dl
c:\documents and settings\cfantinati\Cookies\tiponiqed.dat
c:\documents and settings\cfantinati\Dados de aplicativos\facoz.bin
c:\windows\buteh.bat
c:\windows\diwiv.pif
c:\windows\system32\ivuhicafyr._sy
c:\windows\system32\wihomac.exe
c:\windows\unujyhec._sy
c:\windows\uvegoloje.reg

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-20 to 2009-10-20 ))))))))))))))))))))))))))))
.

2009-10-20 12:59 . 2009-10-20 12:59 -------- d-----w- c:\arquivos de programas\backups
2009-10-19 18:53 . 2009-10-20 13:34 6271008 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-19 18:53 . 2008-07-08 16:54 148496 ----a-w- c:\windows\system32\drivers\01366944.sys
2009-10-19 17:02 . 2009-10-19 17:02 46668096 ----a-w- c:\arquivos de programas\Kaspersky_setup_7.0.0.290_19.10.2009_19-37.exe
2009-10-19 13:51 . 2009-10-19 13:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com
2009-10-19 13:51 . 2009-10-19 13:51 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware
2009-10-19 13:51 . 2009-10-19 13:51 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com
2009-10-19 13:50 . 2009-10-19 13:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2009-10-19 13:49 . 2009-10-19 13:50 7280672 ----a-w- c:\arquivos de programas\SUPERAntiSpyware.exe
2009-10-19 13:34 . 2009-10-19 13:34 714528 ----a-w- c:\arquivos de programas\JavaSetup6u16.exe
2009-10-16 12:55 . 2009-10-16 12:56 401720 ----a-w- c:\arquivos de programas\HiJackThis.exe
2009-10-14 13:49 . 2009-10-14 13:51 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\HpUpdate
2009-10-13 15:14 . 2009-10-13 15:14 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\Malwarebytes
2009-10-13 15:14 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-13 15:14 . 2009-10-13 15:14 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-10-13 15:14 . 2009-10-13 15:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-10-13 15:14 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-13 15:01 . 2009-10-13 15:01 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\FreeFixer
2009-10-09 18:24 . 2009-10-09 18:29 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\Sonic
2009-10-09 17:17 . 2009-10-09 17:17 547603116 ----a-w- C:\Extreme - Arquivos Compartilhados.zip
2009-10-09 17:08 . 2009-10-09 17:08 97959759 ----a-w- C:\Extreme.zip
2009-10-09 16:26 . 2006-12-05 12:15 1126017 ----a-w- c:\arquivos de programas\wrar361br.exe
2009-10-09 16:25 . 2009-10-08 15:05 16409960 ----a-w- c:\arquivos de programas\spybotsd162.exe
2009-10-09 16:24 . 2006-06-29 13:14 10321592 ----a-w- c:\arquivos de programas\SkypeSetup.exe
2009-10-09 15:50 . 2009-10-19 13:43 -------- d-----w- C:\$AVG8.VAULT$
2009-10-09 15:08 . 2009-10-09 15:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-09 15:08 . 2009-10-09 15:45 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-09 15:08 . 2009-10-09 15:45 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-09 15:08 . 2009-10-09 15:45 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-09 15:08 . 2009-10-19 11:14 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-09 15:08 . 2009-10-09 15:08 -------- d-----w- c:\arquivos de programas\AVG
2009-10-09 15:08 . 2009-10-13 14:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8
2009-10-08 15:17 . 2009-10-09 12:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-10-08 15:17 . 2009-10-08 15:22 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy
2009-09-25 14:51 . 2009-09-25 14:51 -------- d-----w- c:\arquivos de programas\OneNote Notebooks

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 12:56 . 2006-06-29 13:15 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\Skype
2009-10-20 12:53 . 2009-10-19 18:53 40148 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-20 12:50 . 2009-10-20 12:50 581 ----a-w- c:\arquivos de programas\Atalho para HiJackThis.exe.lnk
2009-10-20 12:49 . 2009-10-16 12:56 3762 ----a-w- c:\arquivos de programas\hijackthis.log
2009-10-20 11:24 . 2009-04-29 12:17 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\skypePM
2009-10-20 11:13 . 2004-09-08 17:01 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-10-19 13:41 . 2004-09-08 16:52 63094 ----a-w- c:\windows\system32\perfc016.dat
2009-10-19 13:41 . 2004-09-08 16:52 417530 ----a-w- c:\windows\system32\perfh016.dat
2009-10-19 13:37 . 2006-01-12 23:33 -------- d-----w- c:\arquivos de programas\Java
2009-10-16 15:22 . 2008-03-25 14:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-10-14 13:49 . 2006-01-27 11:52 -------- d-----w- c:\arquivos de programas\HP
2009-10-09 18:18 . 2006-01-20 11:30 -------- d-----w- c:\arquivos de programas\VERITAS Software
2009-10-09 15:02 . 2006-01-19 12:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Network Associates
2009-10-06 12:33 . 2006-01-12 23:34 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-09-25 18:55 . 2008-01-28 14:54 69632 ----a-w- c:\documents and settings\cfantinati\MSJCE.dll
2009-09-25 05:36 . 2004-09-08 16:52 669184 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:36 . 2004-09-08 16:52 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:19 . 2004-09-08 16:52 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-09-08 16:52 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:01 . 2004-09-08 16:52 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 02:33 . 2009-08-18 02:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:00 . 2004-09-08 16:52 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:27 . 2004-09-08 16:52 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:27 . 2004-08-04 02:40 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-31 17:23 . 2009-03-31 14:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-12-21 18:26 . 2006-12-21 18:26 3534076 ----a-w- c:\arquivos de programas\eMule0.47c-Installer.exe
2006-03-24 17:54 . 2006-03-24 17:54 712129 ----a-w- c:\arquivos de programas\Gif animator.exe
2006-03-24 17:32 . 2006-03-24 17:32 1607370 ----a-w- c:\arquivos de programas\pf-setup-en.exe
2006-03-09 17:42 . 2006-03-09 17:42 6431945 ----a-w- c:\arquivos de programas\TPNQ_INSTALL.EXE
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2006-10-25 282624]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"updateMgr"="c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]
"YSearchProtection"="c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Search Protection"="c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"DVDLauncher"="c:\arquivos de programas\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-01-23 180269]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]
"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2006-10-25 282624]
"eTCertManger"="c:\windows\system32\eTCrtMng.exe" [2006-01-25 98304]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-30 24576]
"YSearchProtection"="c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"DkAutoReg.exe"="c:\arquivos de programas\Datakey\Crypt32\DkAutoReg.exe" [2004-12-10 245760]
"DkMonitor.exe"="c:\arquivos de programas\Datakey\Crypt32\DkMonitor.exe" [2004-12-10 32768]
"DkStartup"="c:\arquivos de programas\Datakey\Crypt32\DkStartup.exe" [2004-12-10 217088]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-10-19 2025752]
"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"CertificateRegistration"="aetcrss1.exe" - c:\windows\system32\aetcrss1.exe [2005-07-29 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\cfantinati\Menu Iniciar\Programas\Inicializar\
is-J8NM1.lnk - c:\documents and settings\cfantinati\Desktop\Virus Removal Tool\is-J8NM1\startup.exe [2009-10-19 65536]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Inicializa‡Æo r pida do HP Image Zone.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Windows Desktop Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 17:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-09 15:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DkWLNP]
2004-12-10 16:58 61440 ----a-w- c:\windows\system32\DkWLNP.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/10/2009 13:08 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/10/2009 13:08 108552]
R1 is-J8NM1drv;is-J8NM1drv;c:\windows\system32\drivers\01366944.sys [19/10/2009 16:53 148496]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [09/10/2009 13:45 297752]
R2 DkVcm;Datakey's Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [10/12/2004 14:58 122880]
R2 PPNT;PPNT;c:\windows\system32\drivers\ppnt.sys [01/12/2003 01:44 13824]
R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [30/10/2007 11:05 11256]
R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [30/10/2007 11:05 16696]
R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408]
S1 CorexCardScan;CardScan USB Scanner;c:\windows\system32\drivers\slcorex.sys [21/05/2003 23:32 8448]
S3 8c382712-4cc3-4f22-9275-60a74a552288;8c382712-4cc3-4f22-9275-60a74a552288;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [02/02/2007 10:04 34406]
S3 GRCCID;GRCCID;c:\windows\system32\drivers\GrCCID.sys [21/05/2004 20:23 62416]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [18/06/2007 15:17 61776]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2006-10-10 19:13]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - c:\arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-msnmsgr - c:\arquivos de programas\MSN Messenger\msnmsgr.exe
HKCU-Run-CardScan AutoSync - (no file)
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 11:33
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\DkWLNP.dll
.
Tempo para conclusão: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-10-20 13:36

Pré-execução: 15 pasta(s) 40.753.205.248 bytes disponíveis
Pós execução: 20 pasta(s) 44.174.983.168 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8D6F2D508ECFD548B85F065F73EE48D1
__________________________________________________________________________________________________________
Avenger:
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\restorer64_a.exe" not found!
Deletion of file "C:\WINDOWS\system32\restorer64_a.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
_________________________________________________________________________________________________________

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:44, on 20/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\DkLog.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dkvcm.exe
C:\WINDOWS\system32\eTCrtMng.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\eTSrv.exe
C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe
C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\dkcktkn.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell....c=br&l=pt&s=gen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe
O4 - HKLM\..\Run: [DkMonitor.exe] C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe
O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\Datakey\Crypt32\DkStartup.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Search Protection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-J8NM1.lnk = C:\Documents and Settings\cfantinati\Desktop\Virus Removal Tool\is-J8NM1\startup.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll
O9 - Extra 'Tools' menuitem: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe
O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe
O23 - Service: Datakey's Virtual Channel Monitor (DkVcm) - Datakey, Inc. - C:\WINDOWS\system32\dkvcm.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11481 bytes

O PC está aparentemente normal.




Grata
Cris
  • 0

#12 Power Max

Power Max
  • Moderadores
  • 2.916 posts

Postado 20 outubro 2009 - 12:06

:) Oi Cris! Vários problemas foram removidos pelo Combofix.

:seta: Acesse o site http://virscan.org/ e envie estes arquivos destacados em vermelho abaixo para serem analisados (um de cada vez) e copie o link que aparecerá na barra de endereços do seu navegador assim que cada arquivo for analisado e poste estes dois links em sua próxima resposta:

c:\windows\system32\drivers\01366944.sys
c:\documents and settings\cfantinati\MSJCE.dll
  • 0

#13 Cristiane F.

Cristiane F.
  • Membros
  • 15 posts

Postado 20 outubro 2009 - 13:24

Que ótimo que o Combofix ajudou bastante! E vocês são ótimos!

Aqui vai o link dos resultados:

http://virscan.org/r...c7b1d5bf71.html
http://virscan.org/r...8491eb1853.html

Parece que não são maliciosos.



Cris
  • 0

#14 Power Max

Power Max
  • Moderadores
  • 2.916 posts

Postado 20 outubro 2009 - 13:30

O segundo link está certo.

Mas o primeiro parece-me que você enviou um arquivo diferente, no link consta que o arquivo enviado foi o 44165954.sys e o certo seria 01366944.sys

:seta: Envie por gentileza novamente este arquivo c:\windows\system32\drivers\01366944.sys para análize.
  • 0

#15 Cristiane F.

Cristiane F.
  • Membros
  • 15 posts

Postado 20 outubro 2009 - 13:35

Eu repeti o processo, enviei o arquivo correto, mas o resultado volta de outro.

Durante a pesquisa, aparece a seguinte mensagem:O arquivo 01366944.sys já foi enviado e pesquisado por outro usuário em 20/10/2009, e desde então já houveram 23 atualizações da base de vírus dos softwares.

Depois disso, aparece o link que te enviei.

O que será?? Estranho...
  • 0

#16 Power Max

Power Max
  • Moderadores
  • 2.916 posts

Postado 20 outubro 2009 - 13:47

Tente então enviá-lo para análize nestes sites abaixo:
http://www.virustotal.com/
http://virusscan.jotti.org/

E aí nos diga o resultado.
  • 0

#17 Cristiane F.

Cristiane F.
  • Membros
  • 15 posts

Postado 20 outubro 2009 - 14:07

Pesquisei, e no resultado o nome do arquivo também voltou diferente, veja:

http://www.virustota...b2aa-1256046637
http://virusscan.jot...eb71c0ad365e240

E agora?

Cris
  • 0

#18 Power Max

Power Max
  • Moderadores
  • 2.916 posts

Postado 20 outubro 2009 - 14:17

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

Tutorial do antivirus Nod32 Online

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

Ficamos no aguardo de sua resposta.
  • 0

#19 Cristiane F.

Cristiane F.
  • Membros
  • 15 posts

Postado 20 outubro 2009 - 15:31

Antonio,

O scan do Nod32 está rodando, mas pelo visto vai demorar para sempre (em 30 minutos escaneou só 12%). Como vou precisar sair antes do scan terminar e só vou ter acesso ao computador na manhã seguinte, e portanto, só poderia tratar dos resultados amanhã, você vê algum risco de propagação de alguma ameaça se eu deixar o computador on-line durante todo esse tempo? Ou é melhor parar o scan e rodá-lo quando eu estiver presente e puder acompanhar todo o progresso?


Muito, muito grata!
Cris
  • 0

#20 Power Max

Power Max
  • Moderadores
  • 2.916 posts

Postado 20 outubro 2009 - 15:46

Normalmente o scan do Nod32 é mais rápido do que aquele do Kaspersky (o do Nod32 costuma demorar umas duas horas mais ou menos). Tem vezes que ele parece estar parado assim, mas se você olhar aquela luzinha do Hd você pode ver que ela deve estar piscando (o que mostra que o Nod32 está trabalhando e escaneando o Pc).
  • 0




Publicidade

/ins>