[Resolvido!]Caixa de alerta 'ae'

leozeferino · Dezembro 24, 2006

Clique aqui para ver o código gerado, jgarcia.

Cyclad · Dezembro 26, 2006

Amigo, eu tb estava com esse erro uma caixa com titulo ae e um botao ok mais um numero 5. O que fiz segue abaixo1 entre no ie ferramentas, opções da internet, guia avançadas.2 configurações, Navegação.3 desmarque " Habilitar extensões do navegador de terceiros"4 reinicie o computador.Ok, favor responda se deu certo.

leozeferino · Dezembro 26, 2006

Olá Cyclad.Poxa, deu certo sim. Não apareceu mais a caixa de alerta.Mas será que meu computador está seguro agora???Brigadão amigo.Abraços! :natal_biggrin:

Cyclad · Dezembro 26, 2006

Tenho feito isso a uma semana, e minha maquinha esta perfeita sem lentidão, meu antvirus e original aki na empresa virusscanatualizado, nao tenho problemas com virus aki.Provavelmente algum erro no ie.Posso te garantir que virus em minha maquina ate agora não tem.Valeu!!!

jgarcia · Dezembro 26, 2006

Opa leozeferino,

Ainda há o que fazer, então vamos lá.

1. Baixe a seguinte ferramenta:

Remdelf2b

Importante: Após baixar a ferramenta mova o arquivo para o C:\.

É prudente que você imprima ou salve estas instruções em um local de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

2. Reinicie o computador em Modo Seguro;

3. Vá até Iniciar -> Executar -> digite C:\Remdelf.exe C: -> clique em Ok;

OBS: Caso possua outras unidades de disco, você deverá adicioná-las ao comando, da seguinte forma: C:\Remdelf.exe C: D:

Abrir-ser-á uma tela do prompt do MS-DOS.

4. Aguarde até que a verificação seja concluída;

Quando o processo for finalizado pressione a tecla ENTER, a fim de que o computador seja reiniciado.

5. Retorne com um novo log com o HijackThis.

Abraços.

NeoDamX · Dezembro 29, 2006

Tambem estou enfrentando o mesmo problema aqui vai meu log.Clique Aqui

jgarcia · Dezembro 29, 2006

Opa NeoDamX,

Será um prazer ajudar, mas peço que crie um tópico próprio para o se problema, ok? ;)

Abraços.

leozeferino · Dezembro 29, 2006

Olá jgarcia.

Desculpa, só vi hoje que tinha mais coisa para se fazer.

Fiz o que você me passou e estou postando o log do hijack this.

Logfile of HijackThis v1.99.1Scan saved at 16:49:40, on 29/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\RunDll32.exeC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\WINDOWS\system32\sistray.exeC:\Arquivos de programas\Borland\InterBase\bin\ibguard.exeC:\WINDOWS\system32\HPZipm12.exeC:\Arquivos de programas\Registry Defragmentation\RegManServ.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exeC:\Arquivos de programas\Borland\InterBase\bin\ibserver.exeC:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeC:\Hijack\HijackThis.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\WgaTray.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: LR.LexRefXml2RTFObject.1.0.1 - {3F176C8B-58EE-4EBB-896E-A8CB89797BC1} - C:\WINDOWS\system32\cmprops.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dllO4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgentO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cabO16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - file://C:\Arquivos de programas\OpenCube\NavStudio\program\comdlg32.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Arquivos de programas\Registry Defragmentation\RegManServ.exe

Brigadão! Abraços.

jgarcia · Dezembro 30, 2006

Opa leozeferino,

Vá em Iniciar -> Executar -> digite msconfig -> dê Ok -> aba Inicializar -> marque todas as caixas.

Feito isto poste um novo log.

Abraços.

leozeferino · Dezembro 31, 2006

Conforme pedido, aí vai meu log com Inicialização completa.

Logfile of HijackThis v1.99.1Scan saved at 15:33:59, on 31/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\RunDll32.exeC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exeC:\Arquivos de programas\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\pctspk.exeC:\Arquivos de programas\iolo\System Mechanic 6\SMSystemAnalyzer.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Borland\InterBase\bin\ibguard.exeC:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeC:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exeC:\Arquivos de programas\Registry Defragmentation\RegManServ.exeC:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\sistray.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Borland\InterBase\bin\ibserver.exeC:\WINDOWS\system32\WgaTray.exeC:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\system32\wuauclt.exeC:\Hijack\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: LR.LexRefXml2RTFObject.1.0.1 - {3F176C8B-58EE-4EBB-896E-A8CB89797BC1} - C:\WINDOWS\system32\cmprops.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dllO4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgentO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"O4 - HKLM\..\Run: [RAM Idle Professional] C:\Arquivos de programas\RAM Idle LE\RAM_XP.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Arquivos de programas\iolo\System Mechanic 6\SMSystemAnalyzer.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Picture Package Menu.lnk = ?O4 - Global Startup: Picture Package VCD Maker.lnk = ?O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cabO16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - file://C:\Arquivos de programas\OpenCube\NavStudio\program\comdlg32.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Arquivos de programas\Registry Defragmentation\RegManServ.exe

Abraços e Feliz Ano Novo! :natal_biggrin:

jgarcia · Dezembro 31, 2006

Opa leozeferino,

Siga as instruções abaixo:

1. Baixe o PC Cillin da TrendMicro;

2. Instale-o e atualize o seu banco de dados (ele irá remover todos os dispositivos do seu AV atual);

3. Execute uma verificação completa com o PC Cillin;

4. Retorne com o resultado final da verificação, e com um novo log do HijackThis.

Abraços.

PS.: Caro leozeferino é importante que você execute as ações acima, pois o malware Delf está em sua máquina e, segundo minhas últimas pesquisas, somente o PC Cillin está sendo capaz de removê-lo. Preciso que você dê continuidade ao tópico para saber como agir em casos futuros.

leozeferino · Janeiro 2, 2007

Olá jgarcia.

Fiz o que me passou.

Instalei o programa. Porém, na hora de atualizar, ele pede o número de série. Minha versão é trial.

Passei o ratreador mesmo assim de duas maneiras: no mode de segurança e no modo normal com todos os programas inicializados do "msconfig". Nos dois, não foi encontrado nenhum virus.

Com isso, não foi gerado nenhum log pelo programa.

Passei o hijack this de novo e o log está logo abaixo:

Logfile of HijackThis v1.99.1Scan saved at 22:57:15, on 01/01/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\TMOAgent.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\PCClient.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\pccguide.exeC:\WINDOWS\system32\RunDll32.exeC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exeC:\Arquivos de programas\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\iolo\System Mechanic 6\SMSystemAnalyzer.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\Borland\InterBase\bin\ibguard.exeC:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Arquivos de programas\Registry Defragmentation\RegManServ.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\Tmntsrv.exeC:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exeC:\WINDOWS\system32\sistray.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\tmproxy.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\PccPfw.exeC:\Arquivos de programas\Borland\InterBase\bin\ibserver.exeC:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wuauclt.exeC:\Hijack\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: LR.LexRefXml2RTFObject.1.0.1 - {3F176C8B-58EE-4EBB-896E-A8CB89797BC1} - C:\WINDOWS\system32\cmprops.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dllO4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Arquivos de programas\Trend Micro\PC-cillin 11\TMOAgent.exe" /runO4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgentO4 - HKLM\..\Run: [PCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 11\PCClient.exe"O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 11\pccguide.exe"O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"O4 - HKLM\..\Run: [RAM Idle Professional] C:\Arquivos de programas\RAM Idle LE\RAM_XP.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Arquivos de programas\iolo\System Mechanic 6\SMSystemAnalyzer.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Picture Package Menu.lnk = ?O4 - Global Startup: Picture Package VCD Maker.lnk = ?O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cabO16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - file://C:\Arquivos de programas\OpenCube\NavStudio\program\comdlg32.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\PC-cillin 11\PccPfw.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Arquivos de programas\Registry Defragmentation\RegManServ.exeO23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\PC-cillin 11\Tmntsrv.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\PC-cillin 11\tmproxy.exe

Abraços.

jgarcia · Janeiro 2, 2007

Opa leozeferino,

Vamos lá.

Habilite o Windows para mostrar todos os arquivos (até ocultos).

1ª Etapa

Baixe o CCleaner em:

CCleaner

Baixe, mas não execute ainda.

Baixe o Killbox em:

Killbox

1. Execute o Killbox, clique em Delete on Reboot.

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

C:\WINDOWS\system32\cmprops.ocx

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

2ª Etapa

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: LR.LexRefXml2RTFObject.1.0.1 - {3F176C8B-58EE-4EBB-896E-A8CB89797BC1} - C:\WINDOWS\system32\cmprops.ocx

Clique em Fix Checked.

3ª Etapa

Reinicie em Modo Normal.

Execute o CCleaner e clique em Executar Cleaner.

Submeta o arquivo abaixo ao site VirusTotal:

C:\Arquivos.exe

Retorne com o resultado e um novo log do HijackThis.

Aguardo retorno.

Um abraço.

leozeferino · Janeiro 2, 2007

jgarcia,

Fiz o que você me passou. Porém ao enviar o arquivo C:\Arquivos.exe ao site VirusTotal, este arquivo não foi encontrado.

Estou te passando o log do CCleaner

Limpeza completa - (95,015 segundos)------------------------------------------------------------------------------------------210,7MB removidos.------------------------------------------------------------------------------------------Detalhes dos arquivos removidos------------------------------------------------------------------------------------------Arquivos temporários do Internet Explorer (172 arquivos) 1,73MBCookie:administrador@img.wmp10.elsitiodc.com/(&H100001) 112 bytesCookie:administrador@login.live.com/(&H100001) 185 bytesCookie:administrador@2o7.net/(&H100001) 141 bytesCookie:administrador@rad.msn.com/(&H100001) 690 bytesCookie:administrador@messenger.msn.com/(&H100001) 96 bytesCookie:administrador@msn.com/(&H100001) 93 bytesCookie:administrador@onlinestores.metaservices.microsoft.com/serviceswitching/(&H100001) 146 bytesCookie:administrador@youtube.com/(&H100001) 466 bytesCookie:administrador@mail.google.com/mail(&H100001) 107 bytesCookie:administrador@iolo.com/(&H100001) 428 bytesCookie:administrador@live.com/(&H100001) 94 bytesMarcado para ser removido: C:\Documents and Settings\Administrador\Cookies\index.datLixeira Esvaziada (4 arquivos) 106,7MBC:\WINDOWS\TEMP\Bb.gdt 86 bytesC:\WINDOWS\TEMP\Perflib_Perfdata_5f8.dat 16,00KBC:\WINDOWS\TEMP\Perflib_Perfdata_694.dat 16,00KBC:\WINDOWS\TEMP\Perflib_Perfdata_698.dat 16,00KBC:\WINDOWS\TEMP\Perflib_Perfdata_6a0.dat 16,00KBC:\WINDOWS\TEMP\Perflib_Perfdata_6a4.dat 16,00KBC:\WINDOWS\TEMP\Perflib_Perfdata_6a8.dat 16,00KBC:\WINDOWS\TEMP\Perflib_Perfdata_6ac.dat 16,00KBC:\WINDOWS\TEMP\Perflib_Perfdata_6b4.dat 16,00KBC:\WINDOWS\TEMP\Perflib_Perfdata_6b8.dat 16,00KBC:\WINDOWS\TEMP\Perflib_Perfdata_6c0.dat 16,00KBC:\WINDOWS\TEMP\Perflib_Perfdata_6c4.dat 16,00KBC:\WINDOWS\TEMP\pwi64.log 0,65MBC:\WINDOWS\TEMP\tpm2912.log 0,33MBC:\WINDOWS\TEMP\WGAErrLog.txt 255 bytesC:\WINDOWS\TEMP\WGANotify.settings 408 bytesC:\WINDOWS\TEMP\_avast4_\Webshlock.txt 0 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\3add47.mst 44,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\DIOB.tmp 46,02KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\DIOD.tmp 46,02KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpzPT43a.hlp 0,16MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\iolowupd\SystemMechanic6Pro.exe 33,4MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\java_install_reg.log 416 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\jupdate1.5.0.xml 1,46KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\jusched.log 1,46KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MAR1.tmp 1,31KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MAR2.tmp 1,25KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MAR3.tmp 1,31KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MAR4.tmp 1,25KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MAR5.tmp 1,31KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MAR6.tmp 1,25KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MAR7.tmp 1,31KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MAR8.tmp 1,25KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MAR9.tmp 1,31KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\MARA.tmp 1,25KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\!db_pcc.dat 10,10KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\license.rtf 57,79KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\Pattern\lpt$vpn.955 9,12MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\PCC.exe 3,80MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\en_US.dsc 39,29KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\ja_JP.dsc 1,16KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\tm011364.exp 64,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\tm011364.rul 0,10MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\tm011364.sig 0,17MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\tmasbdch.bin 2,30MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\tmasdtch.bin 7,38KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\tmasfrch.bin 43,40KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\tmasmich.bin 19,63KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\tmasrtch.bin 3,15KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\tmassbch.bin 0,31MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\AspmData\tmastoch.bin 14,48KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\ASPWhite.txt 0 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\aucfg.ini 256 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\BinDT00.PDP 48 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\BinDT01.PDP 48 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\BinDT02.PDP 48 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\BinDT03.PDP 48 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\BinDT04.PDP 48 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\BPM95.DLL 45,50KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\BPMNT.DLL 42,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Detect.gif 886 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\DZIP32.DLL 0,14MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Filter32.VXD 91,74KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\GENKEY32.DLL 70,50KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\hhupd.exe 0,70MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Http.htm 6,52KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\HttpPrivacy.htm 6,73KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\icudt18l.DLL 9,05MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\icuin18.dll 0,48MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\icuuc18.dll 0,45MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\LastScan.ini 0 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\LOADHTTP.DLL 76,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\lpt$vpn.955 9,12MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\MEMBOOT.DLL 25,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\NVAlert.ini 844 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Patch.exe 0,27MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PATCHW32.DLL 0,16MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\pc-cillin.ini 1,10KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PCCBrows.exe 0,27MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\pccguide.exe 0,91MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PCCIOMON.exe 0,39MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PCClient.exe 0,61MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\pccmain.bmp 39,18KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\pccmain.exe 2,16MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PccMsi.dll 0,48MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\pccntsec.dll 68,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PCCPFW.exe 0,67MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PCCTool.exe 1,07MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PCCTool.ini 121 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PCTSCLog.dll 72,07KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PDPAlt.htm 2,51KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PDPCfg.dat 2,80KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PEW952.dll 0,10MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PEWNT2.dll 0,13MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Pop3.htm 6,78KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Profile\!direct.dat 4,41KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Profile\!home.dat 198 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Profile\!office.dat 4,06KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Profile\!wireles.dat 4,06KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Profile\profile.def 4,41KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\psapi.dll 28,27KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\PWD.DLL 40,05KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\qguide.chm 51,84KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Readme.txt 31,71KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Realtime.htm 7,70KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Rescue\DOS4GW.EXE 0,26MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Rescue\PCSCAN.DAT 32,35KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Rescue\pcscan.exe 0,42MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Rescue\Readme.txt 9,15KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Rescue\Rescue.exe 0,24MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Rescue\Rescue.ini 32 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Smtp.htm 6,80KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\SmtpPrivacy.htm 6,95KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\system.dat 1,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TASK\PCC75.TSK 994 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TASK\PCC76.TSK 996 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TASK\PCC77.TSK 820 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TASK\PCC78.TSK 998 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TASK\PCC79.TSK 775 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TASK\PCC7A.TSK 792 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TASK\PCC7B.TSK 765 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TASK\PCC7C.TSK 770 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tmaptn.124 60,80KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmAsEng.dll 0,30MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmcfScan.dll 24,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tmCfwApi.dll 96,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tmdbg.dll 0,13MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Tmdshell.dll 68,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmEmLex.dll 0,25MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TMEVENT.dll 12,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tmf10111.ptn 4,81KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tmhelp.chm 0,33MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmMsg.dll 0,60MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmNewML.txt 339 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TMNotify.dat 686 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TMNotify.set 682 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Tmntsrv.exe 0,23MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TMOAgent.exe 0,28MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmpeAspm.dll 0,13MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmpePDP.dll 0,11MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmpeUrlF.dll 92,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmpeVS.dll 96,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmphHttp.dll 0,27MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmphPop3.dll 92,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmphSMTP.dll 92,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmProxy.dll 92,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tmproxy.exe 0,20MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmProxy.ini 50 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmpxCfg.dll 0,25MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmpxHelp.dll 0,12MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmRegUtl.dll 0,46MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmsmHttp.dll 0,27MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmsmMail.dll 0,13MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tmtdi.dll 48,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tmtdi.vxd 24,59KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmUins11.ini 29,73KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmUpdate.dll 0,48MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tmupdito.exe 0,24MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmvDlg.dll 0,23MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TmWarn.txt 83 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tm_cfw.vxd 0,69MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TRA.EXE 48,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TraApi.dll 0,11MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TRIALMSG.bmp 0,10MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TRIALMSG.exe 0,32MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\TSC.EXE 0,54MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\Tsc.htm 5,84KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tsc.ini 653 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\tsc.ptn 0,78MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\UNZIP.DLL 68,06KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\UpdPcc.ini 2 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\UpdTmpx.ini 1,50KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\URLBlack.dat 40 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\URLfAlt.htm 2,40KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\URLWhite.dat 112 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\VBProp.bmp 64,34KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\VBProp.dll 92,00KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\verinfo.txt 727 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\VSAPI32.DLL 0,99MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\VSAPI32.VXD 0,92MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\program files\Trend Micro\PC-cillin\ZLib.dll 68,05KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\setup.exe 0,21MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\setup.ini 16 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\System32\drivers\drivers\tmengine.inf 4,75KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\System32\drivers\drivers\tmpreflt.sys 20,38KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\System32\drivers\drivers\TmXPFlt.sys 0,19MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\System32\drivers\drivers\trend.cat 7,61KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\System32\drivers\drivers\vsapint.sys 0,89MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\System32\drivers\Tmfilter.sys 0,20MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\System32\drivers\tmpreflt.sys 20,38KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\System32\drivers\tmtdi.sys 14,63KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\System32\drivers\TmXPFlt.sys 0,19MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\System32\drivers\TM_CFW.sys 0,72MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\System32\drivers\VSAPINT.SYS 0,89MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Pc-Cillin 11\Trend Micro Internet Security.msi 1,02MBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\STS13.tmp 115 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\STS4.tmp 102 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\STS6.tmp 102 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\STS8.tmp 102 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\STSE.tmp 115 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\TWAIN.LOG 0 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Twain001.Mtx 2 bytesC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65x0404.ini 2,82KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65x0407.ini 4,48KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65x0409.ini 4,01KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65x040a.ini 4,62KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65x040c.ini 4,75KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65x0410.ini 4,52KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65x0411.ini 4,15KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65x0412.ini 3,71KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65x0416.ini 4,31KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65x0804.ini 2,87KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65\Setup.INI 1,25KBC:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\_is65\_ISMSIDEL.INI 711 bytesC:\WINDOWS\system32\wbem\Logs\FrameWork.log 0,20MBC:\WINDOWS\system32\wbem\Logs\mofcomp.log 14,14KBC:\WINDOWS\system32\wbem\Logs\NTEVT.log 2 bytesC:\WINDOWS\system32\wbem\Logs\replog.log 397 bytesC:\WINDOWS\system32\wbem\Logs\setup.log 5,46KBC:\WINDOWS\system32\wbem\Logs\wbemcore.log 188 bytesC:\WINDOWS\system32\wbem\Logs\wbemess.log 57,97KBC:\WINDOWS\system32\wbem\Logs\wbemprox.log 4,94KBC:\WINDOWS\system32\wbem\Logs\WBEMSNMP.log 2 bytesC:\WINDOWS\system32\wbem\Logs\WinMgmt.log 93 bytesC:\WINDOWS\system32\wbem\Logs\wmiadap.log 2,88KBC:\WINDOWS\system32\wbem\Logs\wmiprov.log 34,67KBC:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64,03KBC:\WINDOWS\system32\wbem\Logs\wmiprov.lo_ 64,02KBC:\WINDOWS.log 0 bytesC:\WINDOWS\cmsetacl.log 200 bytesC:\WINDOWS\COM+.log 4,14KBC:\WINDOWS\dasetup.log 19,04KBC:\WINDOWS\DPINST.LOG 7,65KBC:\WINDOWS\DtcInstall.log 360 bytesC:\WINDOWS\EventSystem.log 1,19KBC:\WINDOWS\FaxSetup.log 0,55MBC:\WINDOWS\GEARInstall.log 491 bytesC:\WINDOWS\ie7_main.log 1,16KBC:\WINDOWS\iis6.log 0,94MBC:\WINDOWS\imsins.log 4,77KBC:\WINDOWS\InstalaRecnet.log 3,45KBC:\WINDOWS\KB873339.log 32,88KBC:\WINDOWS\KB885250.log 34,46KBC:\WINDOWS\KB885835.log 34,64KBC:\WINDOWS\KB885836.log 33,73KBC:\WINDOWS\KB886185.log 8,04KBC:\WINDOWS\KB887472.log 33,16KBC:\WINDOWS\KB887742.log 33,42KBC:\WINDOWS\KB888113.log 32,94KBC:\WINDOWS\KB888302.log 23,32KBC:\WINDOWS\KB890046.log 25,23KBC:\WINDOWS\KB890859.log 21,83KBC:\WINDOWS\KB891781.log 28,68KBC:\WINDOWS\KB893756.log 33,90KBC:\WINDOWS\KB893803v2.log 4,97KBC:\WINDOWS\KB894391.log 21,72KBC:\WINDOWS\KB896358.log 33,31KBC:\WINDOWS\KB896422.log 34,90KBC:\WINDOWS\KB896423.log 11,04KBC:\WINDOWS\KB896424.log 34,60KBC:\WINDOWS\KB896428.log 20,92KBC:\WINDOWS\KB898461.log 6,69KBC:\WINDOWS\KB899587.log 35,75KBC:\WINDOWS\KB899589.log 24,66KBC:\WINDOWS\KB899591.log 34,40KBC:\WINDOWS\KB900485.log 11,77KBC:\WINDOWS\KB900725.log 24,99KBC:\WINDOWS\KB901017.log 34,09KBC:\WINDOWS\KB901214.log 23,93KBC:\WINDOWS\KB902400.log 33,88KBC:\WINDOWS\KB904706.log 21,50KBC:\WINDOWS\KB905414.log 24,97KBC:\WINDOWS\KB905749.log 22,10KBC:\WINDOWS\KB905915.log 35,87KBC:\WINDOWS\KB908519.log 12,54KBC:\WINDOWS\KB908531.log 16,22KBC:\WINDOWS\KB910437.log 9,37KBC:\WINDOWS\KB911280.log 16,64KBC:\WINDOWS\KB911562.log 15,62KBC:\WINDOWS\KB911564.log 3,77KBC:\WINDOWS\KB911565.log 8,88KBC:\WINDOWS\KB911567.log 10,49KBC:\WINDOWS\KB911927.log 34,58KBC:\WINDOWS\KB912812.log 17,08KBC:\WINDOWS\KB912919.log 22,30KBC:\WINDOWS\KB913446.log 9,14KBC:\WINDOWS\KB913580.log 11,44KBC:\WINDOWS\KB914388.log 12,23KBC:\WINDOWS\KB914389.log 12,88KBC:\WINDOWS\KB916281.log 20,55KBC:\WINDOWS\KB916595.log 10,23KBC:\WINDOWS\KB917159.log 11,61KBC:\WINDOWS\KB917344.log 17,99KBC:\WINDOWS\KB917422.log 13,29KBC:\WINDOWS\KB917537.log 11,31KBC:\WINDOWS\KB917734.log 13,45KBC:\WINDOWS\KB917953.log 16,94KBC:\WINDOWS\KB918439.log 17,29KBC:\WINDOWS\KB918899.log 22,02KBC:\WINDOWS\KB919007.log 11,19KBC:\WINDOWS\KB920213.log 14,27KBC:\WINDOWS\KB920214.log 18,57KBC:\WINDOWS\KB920670.log 13,08KBC:\WINDOWS\KB920683.log 13,58KBC:\WINDOWS\KB920685.log 11,03KBC:\WINDOWS\KB920872.log 12,69KBC:\WINDOWS\KB921398.log 19,16KBC:\WINDOWS\KB921883.log 10,89KBC:\WINDOWS\KB922582.log 7,69KBC:\WINDOWS\KB922616.log 18,65KBC:\WINDOWS\KB922760.log 17,00KBC:\WINDOWS\KB922819.log 12,03KBC:\WINDOWS\KB923191.log 8,60KBC:\WINDOWS\KB923414.log 11,23KBC:\WINDOWS\KB923689.log 10,14KBC:\WINDOWS\KB923694.log 12,07KBC:\WINDOWS\KB923980.log 15,11KBC:\WINDOWS\KB924191.log 12,12KBC:\WINDOWS\KB924270.log 14,75KBC:\WINDOWS\KB924496.log 11,23KBC:\WINDOWS\KB925398.log 8,78KBC:\WINDOWS\KB925454.log 24,31KBC:\WINDOWS\KB925486.log 11,97KBC:\WINDOWS\KB926255.log 11,31KBC:\WINDOWS\medctroc.Log 41,65KBC:\WINDOWS\msgsocm.log 29,62KBC:\WINDOWS\msmqinst.log 0,20MBC:\WINDOWS\netfxocm.log 100,01KBC:\WINDOWS\ntdtcsetup.log 0,12MBC:\WINDOWS\ocgen.log 0,30MBC:\WINDOWS\ocmsn.log 36,33KBC:\WINDOWS\regopt.log 1,25KBC:\WINDOWS\sessmgr.setup.log 1,25KBC:\WINDOWS\setupact.log 0,17MBC:\WINDOWS\setupapi.log 0,59MBC:\WINDOWS\setuperr.log 0 bytesC:\WINDOWS\spupdsvc.log 31,61KBC:\WINDOWS\svcpack.log 0,41MBC:\WINDOWS\tabletoc.log 28,47KBC:\WINDOWS\tsoc.log 0,27MBC:\WINDOWS\updspapi.log 37,42KBC:\WINDOWS\vminst.log 2,07KBC:\WINDOWS\WGA.log 3,91KBC:\WINDOWS\WgaNotify.log 6,49KBC:\WINDOWS\Windows Update.log 280 bytesC:\WINDOWS\wmsetup.log 0,10MBC:\WINDOWS\wmsetup10.log 236 bytesC:\WINDOWS\OEWABLog.txt 1,50KBC:\WINDOWS\setuplog.txt 0,63MBC:\WINDOWS\Debug\blastcln.log 286 bytesC:\WINDOWS\Debug\mrt.log 7,39KBC:\WINDOWS\Debug\UserMode\userenv.log 22,47KBC:\WINDOWS\Debug\UserMode\userenv.bak 0,29MBC:\WINDOWS\security\logs\backup.log 2,74KBC:\WINDOWS\security\logs\SceRoot.log 558 bytesC:\WINDOWS\security\logs\scesetup.log 0,38MBC:\WINDOWS\security\logs\update.log 6,87KBC:\WINDOWS\security\logs\scecomp.old 320 bytesC:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\profiles\xeoph7s2.default\cache\_CACHE_001_ 4,00KBC:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\profiles\xeoph7s2.default\cache\_CACHE_002_ 4,00KBC:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\profiles\xeoph7s2.default\cache\_CACHE_003_ 4,00KBC:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\profiles\xeoph7s2.default\cache\_CACHE_MAP_ 8,27KBC:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\profiles\xeoph7s2.default\history.dat 402 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\profiles\xeoph7s2.default\downloads.rdf 360 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#Security\FlashAuthor.cfg 782 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\cidadeinternet.com.br\home\secoes\jogos\2005\11\desca_a_ladeira\1660.swf\FlashGamesStudio.sol 69 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\fulano.com.br\scripts\JogosOnline\LeTroca\game.swf\dats.sol 353 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\google.com\gtalksettings.sol 72 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\idmc.com.br\endeavor\player\Player.asp\login.sol 67 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\oddcast.com\vhsssecure.php\oddcast_vhss.sol 81 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\pr.terra.com\copa2006\envivo\fb_mwm\swf\content.swf\dpaLigaTicker.sol 126 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\skype.com\#ui\preferences.sol 233 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\static.userplane.com\presence\m\presence.swf\presence.sol 93 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\video.google.com\datastore.swf\videoPlayerSettings.sol 141 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol 94 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\www.autoban.com.br\concessionaria\trechos_356FA1ED-EA68-B026-8B518A302A8AD4D9.swf\TestMovie_Config_Info.sol 341 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\www.claro.com.br\intervencao\portalclaro_intervencao.swf\claro_intervencao_novopos_v2.sol 68 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\www.correios.com.br\servicos\cep\cep.swf\TestMovie_Config_Info.sol 341 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\www.correios.com.br\servicos\cep\cep_loc_log.swf\TestMovie_Config_Info.sol 341 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\www.orkut.com\gtalksettings.sol 72 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\www.youtube.com\soundData.sol 58 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\9DLTTEYF\youtube.com\soundData.sol 58 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cidadeinternet.com.br\settings.sol 91 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fulano.com.br\settings.sol 83 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#idmc.com.br\settings.sol 81 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#oddcast.com\settings.sol 81 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pr.terra.com\settings.sol 82 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.userplane.com\settings.sol 90 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol 86 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.autoban.com.br\settings.sol 88 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.claro.com.br\settings.sol 86 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.correios.com.br\settings.sol 89 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#youtube.com\settings.sol 81 bytesC:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 593 bytesC:\Arquivos de programas\Ahead\Nero\NeroHistory.log 0,10MB------------------------------------------------------------------------------------------

Estou te passando o log do Hijack this:

Logfile of HijackThis v1.99.1Scan saved at 20:43:28, on 02/01/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\TMOAgent.exeC:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exeC:\Arquivos de programas\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\pctspk.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\PCClient.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\pccguide.exeC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\Arquivos de programas\iolo\System Mechanic 6\SMSystemAnalyzer.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\Borland\InterBase\bin\ibguard.exeC:\WINDOWS\system32\HPZipm12.exeC:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Arquivos de programas\Registry Defragmentation\RegManServ.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\Tmntsrv.exeC:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exeC:\WINDOWS\system32\sistray.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\tmproxy.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\PccPfw.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\CCleaner\ccleaner.exeC:\Arquivos de programas\Borland\InterBase\bin\ibserver.exeC:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeC:\Hijack\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dllO4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Arquivos de programas\Trend Micro\PC-cillin 11\TMOAgent.exe" /runO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgentO4 - HKLM\..\Run: [RAM Idle Professional] C:\Arquivos de programas\RAM Idle LE\RAM_XP.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [PCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 11\PCClient.exe"O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 11\pccguide.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Arquivos de programas\iolo\System Mechanic 6\SMSystemAnalyzer.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Picture Package Menu.lnk = ?O4 - Global Startup: Picture Package VCD Maker.lnk = ?O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cabO16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - file://C:\Arquivos de programas\OpenCube\NavStudio\program\comdlg32.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\PC-cillin 11\PccPfw.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Arquivos de programas\Registry Defragmentation\RegManServ.exeO23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\PC-cillin 11\Tmntsrv.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\PC-cillin 11\tmproxy.exe

Abraços.

jgarcia · Janeiro 3, 2007

Opa leozeferino,

Você reconhece como legítimo o serviço abaixo?

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

leozeferino · Janeiro 3, 2007

Fala jgarcia.Cara, não entendi muito bem sua pergunta. Você quer saber se fui eu quem deletou o arquivo?Eu tô achando que foi na hora em que fui deletar o MySQL do meu computador a um tempo atrás.Abraços!! :natal_wink:

jgarcia · Janeiro 3, 2007

Opa leozeferino,

Vamos lá.

1ª Etapa

Faça o seguinte:

Vá em Iniciar -->Executar --> digite services.msc e dê OK.

Procure o serviço MySQL.

Dê um clique direito nele e vá para Propriedades.

Clique em Parar e modifique o Tipo de Inicialização para Desativado.

1. Execute o Killbox, clique em Delete on Reboot.

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

C:\Arquivos.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

2ª Etapa

Reinicie o computador em Modo Seguro.

Execute o HijackThis, clique em Open the Misc Tools section.

Clique em Delete an NT service.

Coloque:

MySQL

Elimine o serviço.

Execute o HijackThis novamente, clique em Do a system scan only e marque:

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

Clique em Fix Checked.

3ª Etapa

Reinicie em Modo Normal.

Poste o novo log do HijackThis.

Aguardo retorno.

Um abraço.

leozeferino · Janeiro 3, 2007

Fala jgarcia.

Fiz o que me passou. Só não teve necessidade de fazer a seguinte etapa abaixo pois a linha: "O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)" já tinha sido deletada quando eliminei o MySQL.

Execute o HijackThis novamente, clique em Do a system scan only e marque:QUOTEO23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)Clique em Fix Checked.

Bom, aí vai o log

Logfile of HijackThis v1.99.1Scan saved at 10:21:29, on 03/01/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\TMOAgent.exeC:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exeC:\Arquivos de programas\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\WINDOWS\system32\pctspk.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\PCClient.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\pccguide.exeC:\Arquivos de programas\Borland\InterBase\bin\ibguard.exeC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\Arquivos de programas\iolo\System Mechanic 6\SMSystemAnalyzer.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\Registry Defragmentation\RegManServ.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\Tmntsrv.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\tmproxy.exeC:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\PccPfw.exeC:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exeC:\WINDOWS\system32\sistray.exeC:\Arquivos de programas\Trend Micro\PC-cillin 11\TSC.EXEC:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\wuauclt.exeC:\Hijack\HijackThis.exeC:\WINDOWS\System32\imapi.exeC:\Arquivos de programas\Alwil Software\Avast4\setup\setup.ovrO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dllO4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Arquivos de programas\Trend Micro\PC-cillin 11\TMOAgent.exe" /runO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgentO4 - HKLM\..\Run: [RAM Idle Professional] C:\Arquivos de programas\RAM Idle LE\RAM_XP.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [PCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 11\PCClient.exe"O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 11\pccguide.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Arquivos de programas\iolo\System Mechanic 6\SMSystemAnalyzer.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Picture Package Menu.lnk = ?O4 - Global Startup: Picture Package VCD Maker.lnk = ?O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cabO16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - file://C:\Arquivos de programas\OpenCube\NavStudio\program\comdlg32.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exeO23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exeO23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\PC-cillin 11\PccPfw.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Arquivos de programas\Registry Defragmentation\RegManServ.exeO23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\PC-cillin 11\Tmntsrv.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Arquivos de programas\Trend Micro\PC-cillin 11\tmproxy.exe

Brigadão pela ajuda. Abraços.

jgarcia · Janeiro 3, 2007

Opa leozeferino,

Boa notícia: o seu log está LIMPO. :thumbsup:

Para finalizar:

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como.

Abraços.

leozeferino · Janeiro 3, 2007

AEEE!Pronto!!Kra, brigadão pela ajuda. Foi de essencial importância! Brigadão mesmo! :natal_biggrin: Abraços.

Arquivado

[Resolvido!]Caixa de alerta 'ae'

Recommended Posts

leozeferino 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Cyclad 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

leozeferino 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Cyclad 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

NeoDamX 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

leozeferino 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

leozeferino 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

leozeferino 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

leozeferino 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

leozeferino 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

leozeferino 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

leozeferino 0