[Resolvido!]Infectado com o hldrrr.exe e outros

jgarciajr · Fevereiro 5, 2008

Boa tarde DigRam,

Obrigado mais uma vez,

Garcia Jr

ComboFix 08-02.02.5 - Administrador 2008-02-05 16:05:35.2 - NTFSx86 MINIMAL

Executando de: C:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))))

.

2008-02-05 15:59 . 2008-02-02 13:55 1,593,209 --a------ C:\ComboFix.exe

2008-02-05 07:29 . 2008-02-05 07:29 <DIR> d-------- C:\WinLogon

2008-02-05 07:24 . 2008-01-17 17:02 219,325 --a------ C:\clean.cmd

2008-02-05 07:23 . 2008-02-05 07:23 <DIR> d-------- C:\clean

2008-02-05 07:23 . 2008-02-05 07:22 226,258 --a------ C:\clean.zip

2008-02-05 07:21 . 2008-02-05 07:21 344,598 --a------ C:\ELISTARA.14022008.EXE

2008-02-05 07:21 . 2008-02-05 07:21 103,958 --a------ C:\ELITRIIP.9022008.EXE

2008-02-04 21:38 . 2008-02-04 21:38 3,306 --a------ C:\WINDOWS\system32\tmp.reg

2008-02-04 21:20 . 2008-02-04 21:27 121 --a------ C:\WINDOWS\bdagent.INI

2008-02-04 21:18 . 2008-02-04 21:18 <DIR> d-------- C:\SmitfraudFix

2008-02-04 21:17 . 2008-02-04 21:17 <DIR> d-------- C:\Documents and Settings\Cliente\SmitfraudFix

2008-02-04 21:16 . 2008-02-04 21:16 1,149,101 --a------ C:\SmitfraudFix.zip

2008-02-04 15:19 . 2008-02-04 15:19 22,361,766 --a------ C:\upload_moi_USER.tar.gz

2008-02-04 15:16 . 2008-02-04 15:16 <DIR> d-------- C:\DiagHelp

2008-02-04 15:16 . 2008-02-04 15:07 827,972 --a------ C:\DiagHelp.zip

2008-02-04 13:03 . 2008-02-04 13:03 <DIR> d-------- C:\l2mfix

2008-02-04 13:03 . 2008-02-04 13:01 350,891 --a------ C:\l2mfix.exe

2008-02-04 13:03 . 2005-01-20 13:47 175,616 --a------ C:\WINDOWS\system32\strings.exe

2008-02-04 13:03 . 2006-03-02 23:42 73,728 --a------ C:\WINDOWS\system32\pv.exe

2008-02-04 13:03 . 2005-01-13 21:41 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe

2008-02-04 13:03 . 2005-10-19 18:50 16,384 --a------ C:\WINDOWS\system32\restart.exe

2008-02-04 13:03 . 2005-01-13 21:41 11,254 --a------ C:\WINDOWS\system32\locate.com

2008-02-04 09:07 . 2008-02-04 09:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-02-04 09:03 . 2007-03-31 10:28 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-02-04 09:03 . 2007-03-31 07:21 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-02-04 09:03 . 2007-03-31 07:21 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-02-04 09:03 . 2007-03-31 07:21 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-02-04 09:03 . 2007-03-31 07:21 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-02-04 09:03 . 2008-02-04 09:04 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-02-04 09:03 . 2008-02-02 14:08 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

2008-02-04 09:03 . 2007-03-31 07:21 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-02-04 09:03 . 2007-03-31 07:21 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-02-04 08:49 . 2008-02-04 08:49 <DIR> d-------- C:\PenClean

2008-02-04 08:48 . 2008-02-04 08:45 307,340 --a------ C:\PenClean.zip

2008-02-04 08:48 . 2008-02-04 08:47 103,641 --a------ C:\Flash_Disinfector.exe

2008-02-03 14:55 . 2008-02-03 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-02-03 14:50 . 2008-02-03 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-02-03 14:43 . 2008-02-03 13:57 423,736 --a------ C:\avgarkt-setup-1.1.0.42.exe

2008-02-03 14:43 . 2007-01-18 09:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-02-03 14:34 . 2008-02-03 14:34 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-02-03 14:02 . 2008-01-31 14:11 2,733,928 --a------ C:\ccsetup204.exe

2008-02-03 14:01 . 2008-01-31 14:07 92,672 --a------ C:\KillBox.exe

2008-02-03 14:01 . 2008-01-31 14:09 610 --a------ C:\UnHookExec.inf

2008-02-03 09:28 . 2008-02-03 09:29 <DIR> d-------- C:\LinhaDefensiva

2008-02-03 09:25 . 2008-02-03 09:25 180,719 --a------ C:\bankerfix.exe

2008-02-02 14:08 . 2008-02-02 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-02-02 14:08 . 2008-02-02 14:08 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-02-02 14:08 . 2008-02-02 14:08 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-02-02 14:08 . 2008-02-02 14:08 <DIR> d-------- C:\Documents and Settings\Default User\Configuraþ§es locais

2008-02-02 14:08 . 2008-02-02 14:08 <DIR> d-------- C:\Documents and Settings\Cliente\Configuraþ§es locais

2008-02-02 13:58 . 2008-02-02 13:57 25,121 --a------ C:\SProces.exe

2008-02-02 08:03 . 2008-02-02 08:03 49,163 --a------ C:\EliBaglA.exe

2008-02-01 15:40 . 2008-02-01 15:40 <DIR> d-------- C:\Arquivos de programas\Sophos

2008-02-01 08:30 . 2008-02-01 14:33 <DIR> d-------- C:\Arquivos de programas\EsetOnlineScanner

2008-02-01 08:23 . 2008-02-01 15:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-02-01 08:23 . 2008-02-01 08:23 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-02-01 08:23 . 2008-02-01 08:23 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-02-01 08:23 . 2008-02-01 08:23 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-02-01 08:10 . 2008-02-01 08:10 <DIR> d-------- C:\Documents and Settings\Cliente\Dados de aplicativos\Prevx

2008-01-31 14:37 . 2008-02-02 14:15 <DIR> d-------- C:\Arquivos de programas\PrevxCSI

2008-01-31 14:23 . 2008-01-31 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Prevx

2008-01-31 14:22 . 2008-02-01 07:57 <DIR> d-------- C:\Documents and Settings\Cliente\Dados de aplicativos\PrevxCSI

2008-01-29 21:19 . 2008-01-29 21:19 <DIR> d-------- C:\Documents and Settings\Cliente\Dados de aplicativos\Winamp

2008-01-29 21:19 . 2008-01-29 21:19 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-01-21 15:39 . 1996-01-12 01:00 722,192 --a------ C:\WINDOWS\system32\vb40032.dll

2008-01-21 15:39 . 2002-05-17 11:19 462,848 --a------ C:\WINDOWS\system32\dformd.dll

2008-01-21 15:39 . 2001-05-23 03:02 329,423 --a------ C:\WINDOWS\system32\sbe6_000.hlp

2008-01-21 15:39 . 1996-08-05 05:00 92,160 --a------ C:\WINDOWS\system32\grid32.ocx

2008-01-21 15:39 . 2001-05-23 03:02 6,255 --a------ C:\WINDOWS\system32\sbe6_000.cnt

2008-01-21 15:33 . 2008-01-22 08:34 <DIR> d-------- C:\Arquivos de programas\SPSS

2008-01-09 22:22 . 2008-01-09 22:22 197 --a------ C:\WINDOWS\system32\MRT.INI

2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe

2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini

2008-01-08 16:58 . 2008-02-02 11:22 54,156 --a------ C:\WINDOWS\QTFont.qfn

2008-01-08 16:58 . 2008-01-08 16:58 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-07 15:17 . 2008-01-07 15:17 <DIR> d-------- C:\WINDOWS\%DownloadedProgramFiles%

2008-01-07 15:15 . 2006-07-27 13:52 367 --a------ C:\WINDOWS\system32\LegitCheckControl.inf

2008-01-07 06:18 . 2008-01-07 06:18 244 --a------ C:\sqmnoopt13.sqm

2008-01-07 06:18 . 2008-01-07 06:18 232 --a------ C:\sqmdata13.sqm

2008-01-07 06:16 . 2008-01-07 06:16 244 --a------ C:\sqmnoopt12.sqm

2008-01-07 06:16 . 2008-01-07 06:16 232 --a------ C:\sqmdata12.sqm

2008-01-07 06:15 . 2008-01-07 06:15 244 --a------ C:\sqmnoopt11.sqm

2008-01-07 06:15 . 2008-01-07 06:15 232 --a------ C:\sqmdata11.sqm

2008-01-06 13:27 . 2008-01-06 13:27 <DIR> d-------- C:\Arquivos de programas\streetchaves PC GAME

2008-01-06 13:27 . 2008-01-06 13:27 <DIR> d-------- C:\Arquivos de programas\StreetChaves

2008-01-06 13:22 . 2008-01-06 13:22 244 --a------ C:\sqmnoopt10.sqm

2008-01-06 13:22 . 2008-01-06 13:22 232 --a------ C:\sqmdata10.sqm

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-05 18:31 --------- d-----w C:\Arquivos de programas\eMule

2008-02-05 10:20 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-04 14:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-02-03 17:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-02-01 14:40 --------- d-----w C:\Arquivos de programas\Share_Accelerator_MM

2008-02-01 14:28 --------- d-----w C:\Arquivos de programas\PowerISO

2008-02-01 13:48 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-02-01 12:30 --------- d-----w C:\Arquivos de programas\DAP

2008-01-22 20:46 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\Skype

2008-01-15 00:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-01-02 21:00 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\BSplayer

2007-12-29 11:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-12-27 14:28 --------- d-----w C:\Arquivos de programas\wavpack-4.41

2007-12-19 14:12 --------- d-----w C:\Arquivos de programas\Google

2007-12-19 13:16 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-08 22:43 --------- d-----w C:\Arquivos de programas\Soulseek-Test

2007-12-08 22:38 --------- d-----w C:\Arquivos de programas\Audio Phonics, Inc

2007-12-07 13:28 --------- d-----w C:\Arquivos de programas\Guitar Pro 5

2007-12-06 23:05 --------- d-----w C:\Arquivos de programas\Softinterface, Inc

2007-11-30 22:10 1,713 ----a-w C:\Documents and Settings\Cliente\Dados de aplicativos\WWB7_32.DAT

2007-11-27 19:46 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll

2007-11-24 21:42 50,176 ----a-w C:\WINDOWS\system32\P2CTDAO.DLL

2007-11-24 21:42 1,846,784 ----a-w C:\WINDOWS\system32\CRPE32.DLL

2007-11-19 23:50 77,824 ----a-w C:\WINDOWS\uinst001.exe

2007-11-10 16:37 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-04-10 10:14 14 ----a-w C:\Documents and Settings\Cliente\getfile.dat

2007-04-08 19:53 524,300 ----a-w C:\Documents and Settings\Cliente\Dados de aplicativos\position.bin

2006-01-15 20:21 1,990,144 ----a-w C:\Arquivos de programas\Billion Chords.exe

2004-02-28 20:08 1,363,968 ----a-w C:\Documents and Settings\Cliente\Dados de aplicativos\arasanx.exe

2004-02-28 14:47 581,632 ----a-w C:\Documents and Settings\Cliente\Dados de aplicativos\arasan.exe

2004-02-25 09:42 655,360 ----a-w C:\Documents and Settings\Cliente\Dados de aplicativos\book.bin

1999-05-18 18:25 581,632 ----a-w C:\Arquivos de programas\Converte.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Atalho para a Página de Propriedades do High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"Cmaudio"="cmicnfg.cpl" []

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 21:05 7557120]

"nwiz"="nwiz.exe" [2006-02-13 21:05 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 21:05 86016]

"SMSERIAL"="sm56hlpr.exe" [2005-06-06 06:40 544768 C:\WINDOWS\sm56hlpr.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"BDNewsAgent"="c:\arquivos de programas\softwin\bitdefender8\bdnagent.exe" [2005-05-09 12:19 8192]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-02-16 10:54 282624]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"WindowsTranslator"="C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe" [2003-06-26 17:20 407040]

"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [2007-08-06 21:05 200704]

"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2006-06-01 11:26 20480]

"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-08-21 14:35 114688]

"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-05-10 09:20 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IETI"="C:\Arquivos de programas\Skype\Phone\IEPlugin\unins000.exe" [2007-03-31 18:23 674138]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2007-12-03 15:30 347976 C:\Arquivos de programas\GbPlugin\gbieh.dll

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-02-05 12:14:25 C:\WINDOWS\Tasks\User_Feed_Synchronization-{2D18E1C0-A4EB-4DA3-8A8F-4165B9AE6F17}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-05 16:07:45

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-02-05 16:08:18

ComboFix2.txt 2008-02-02 17:08:23

.

2008-01-10 01:22:33 --- E O F ---

DigRam · Fevereiro 5, 2008

Boa Noite jgarciajr!

Delete:

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

File::
C:\WINDOWS\system32\pavas.ico

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\system32\Help.ico

Folder::

C:\Arquivos de programas\Sophos

C:\Arquivos de programas\EsetOnlineScanner

C:\WINDOWS\system32\ActiveScan

C:\Documents and Settings\Cliente\Dados de aplicativos\Prevx

C:\Arquivos de programas\PrevxCSI

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx

C:\Documents and Settings\Cliente\Dados de aplicativos\PrevxCSI

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste: C:\ComboFix.txt <!> Veja se já pode instalar algum antivírus!

Abraços!

jgarciajr · Fevereiro 5, 2008

Boa Noite DigRam,

Já consegui instalar o BitDefender e ele aparentemente está funcionando normalmente.

Ainda estou tentando instalar outros antivírus.

Só não sei se o problema realmente foi solucionado.

Pelos logs e relatórios você consegue saber disso?

Abaixo está o log do ComboFix.

Muito obrigado pela atenção e paciência.

Garcia Jr

ComboFix 08-02.02.5 - Cliente 2008-02-05 18:25:35.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.662 [GMT -3:00]

Executando de: C:\ComboFix.exe

Command switches used :: C:\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\pavas.ico

C:\WINDOWS\system32\Uninstall.ico

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\EsetOnlineScanner

C:\Arquivos de programas\EsetOnlineScanner\debuglog.txt

C:\Arquivos de programas\EsetOnlineScanner\log.txt

C:\Arquivos de programas\EsetOnlineScanner\nod32.000

C:\Arquivos de programas\EsetOnlineScanner\nod32.002

C:\Arquivos de programas\EsetOnlineScanner\nod32.003

C:\Arquivos de programas\EsetOnlineScanner\nod32.004

C:\Arquivos de programas\EsetOnlineScanner\nod32.005

C:\Arquivos de programas\EsetOnlineScanner\nod32.006

C:\Arquivos de programas\EsetOnlineScanner\nup\advheur0.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\archs0.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\archs1.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\archs2.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\charon0.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\charon1.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\charon2.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\engine0.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\engine1.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\engine2.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\pwscan0.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\pwscan1.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\pwscan2.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\update.ver

C:\Arquivos de programas\EsetOnlineScanner\nup\utilmod0.nup

C:\Arquivos de programas\EsetOnlineScanner\nup\utilmod1.nup

C:\Arquivos de programas\PrevxCSI

C:\Arquivos de programas\Sophos

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\helper.exe

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\MEMSWEEP.sys

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\readsar.txt

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\sar1.dll

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\sar2.dll

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\sar3.dll

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\sar4.dll

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\sar5.dll

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\sar6.dll

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\sarcli.exe

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\sargui.cnt

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\sargui.exe

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\SARGUI.HLP

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\sarman.pdf

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\savrkboottasks.sys

C:\Arquivos de programas\Sophos\Sophos Anti-Rootkit\vdl.dat

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx

C:\Documents and Settings\Cliente\Dados de aplicativos\Prevx

C:\Documents and Settings\Cliente\Dados de aplicativos\Prevx\filter_db.cache

C:\Documents and Settings\Cliente\Dados de aplicativos\Prevx\sagui.log

C:\Documents and Settings\Cliente\Dados de aplicativos\PrevxCSI

C:\WINDOWS\system32\ActiveScan

C:\WINDOWS\system32\ActiveScan\as.dll

C:\WINDOWS\system32\ActiveScan\ascontrol.dll

C:\WINDOWS\system32\ActiveScan\asmdat.dll

C:\WINDOWS\system32\ActiveScan\assetup.inf

C:\WINDOWS\system32\ActiveScan\certdll.dll

C:\WINDOWS\system32\ActiveScan\getrootcert.cer

C:\WINDOWS\system32\ActiveScan\instlsp.dll

C:\WINDOWS\system32\ActiveScan\JID.dll

C:\WINDOWS\system32\ActiveScan\memvfile.dll

C:\WINDOWS\system32\ActiveScan\msvcr71.dll

C:\WINDOWS\system32\ActiveScan\Nano.SIG

C:\WINDOWS\system32\ActiveScan\nano.xml

C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll

C:\WINDOWS\system32\ActiveScan\Panda ActiveScanPSK_NAMES

C:\WINDOWS\system32\ActiveScan\Panda ActiveScanPSK_NAMES2

C:\WINDOWS\system32\ActiveScan\pav.sig

C:\WINDOWS\system32\ActiveScan\pavaleas.dll

C:\WINDOWS\system32\ActiveScan\pavdr.exe

C:\WINDOWS\system32\ActiveScan\pavexcom.dll

C:\WINDOWS\system32\ActiveScan\pavinas.dll

C:\WINDOWS\system32\ActiveScan\pavoe.dll

C:\WINDOWS\system32\ActiveScan\pavpz.dll

C:\WINDOWS\system32\ActiveScan\pavsddl.dll

C:\WINDOWS\system32\ActiveScan\pfdnnt.exe

C:\WINDOWS\system32\ActiveScan\port32.dll

C:\WINDOWS\system32\ActiveScan\Prescan.dll

C:\WINDOWS\system32\ActiveScan\pscpu.dll

C:\WINDOWS\system32\ActiveScan\pskahk.dll

C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll

C:\WINDOWS\system32\ActiveScan\pskalloc.dll

C:\WINDOWS\system32\ActiveScan\pskas.dll

C:\WINDOWS\system32\ActiveScan\pskavs.dll

C:\WINDOWS\system32\ActiveScan\pskcmp.dll

C:\WINDOWS\system32\ActiveScan\pskfss.dll

C:\WINDOWS\system32\ActiveScan\pskhtml.dll

C:\WINDOWS\system32\ActiveScan\pskmas.dll

C:\WINDOWS\system32\ActiveScan\pskmdfs.dll

C:\WINDOWS\system32\ActiveScan\pskpack.dll

C:\WINDOWS\system32\ActiveScan\pskscs.dll

C:\WINDOWS\system32\ActiveScan\pskutil.dll

C:\WINDOWS\system32\ActiveScan\pskvfile.dll

C:\WINDOWS\system32\ActiveScan\pskvfs.dll

C:\WINDOWS\system32\ActiveScan\pskvm.dll

C:\WINDOWS\system32\ActiveScan\psnahk.dll

C:\WINDOWS\system32\ActiveScan\psndsk.dll

C:\WINDOWS\system32\ActiveScan\psnflg.dll

C:\WINDOWS\system32\ActiveScan\psnglknt.dll

C:\WINDOWS\system32\ActiveScan\psnhsh.dll

C:\WINDOWS\system32\ActiveScan\psnjidsign.dll

C:\WINDOWS\system32\ActiveScan\psnkrnl.dll

C:\WINDOWS\system32\ActiveScan\psnmem.dll

C:\WINDOWS\system32\ActiveScan\PsnPen.dll

C:\WINDOWS\system32\ActiveScan\psntuc.dll

C:\WINDOWS\system32\ActiveScan\PSNXprs.dll

C:\WINDOWS\system32\ActiveScan\psscan.dll

C:\WINDOWS\system32\ActiveScan\qrv.krn

C:\WINDOWS\system32\ActiveScan\rawvfile.dll

C:\WINDOWS\system32\ActiveScan\RKPavProc.sys

C:\WINDOWS\system32\ActiveScan\sdthook.sys

C:\WINDOWS\system32\ActiveScan\sporder.dll

C:\WINDOWS\system32\ActiveScan\tcpvfile.dll

C:\WINDOWS\system32\ActiveScan\Tucan.dll