Lavoisier 0 Denunciar post Postado Maio 28, 2009 Ola.. pois é.. uso O Avast, e ele fica falando q um monte de arquivos .exe ta infectado pelo Sality! Vi alguns pessoas tiveram esse problema.. mas num encontrei solução!! Logfile of HijackThis v1.99.1 Scan saved at 17:11:23, on 28/5/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe D:\WINDOWS\system32\cmpe.exe D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\svchost.exe D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\RTHDCPL.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\system32\wuauclt.exe D:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe D:\Arquivos de programas\Internet Explorer\iexplore.exe D:\Documents and Settings\Lavoisier\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com.br O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [GrooveMonitor] "D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] D:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: Append to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'd:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com.br O17 - HKLM\System\CCS\Services\Tcpip\..\{1F8FE592-9EDD-4936-AE38-2908860530FB}: NameServer = 200.165.132.155 200.149.55.140 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Adobe Version Cue CS3 - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - D:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Context Manager Process Extension (cmpe) - LightComm - D:\WINDOWS\system32\cmpe.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - D:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 28, 2009 Boa Noite! Lavoisier <@> Baixe: < DrWebCureIt > <@> Salve-o no desktop! <@> Reinicie o computador em Modo de Segurança. <@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit. <@> Na janela que abrir,clique em Iniciar --> OK. <@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda! <@> Terminando,marque a caixa de "Verificação Completa". <@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis". Neste modo são verificados os seguintes objectos: * Sectores de Arranque de Todos os Discos. <-- * Todas as Unidades Removíveis. <-- * Todos os Discos Locais. <-- <@> Clique em "Iniciar verificação" --> Aguarde! <@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim. <@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios". <@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Texto! <@> Poste: DrWeb.csv + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Lavoisier 0 Denunciar post Postado Maio 29, 2009 Olha..naum to conseguindo entrar no modo de segurança.. quando coloco pra entrar.. ele começa abrir os dados.. e depois reinicia sozinho..!! acho q o virus fez algo pra q naum entrasse no modo de segurança..!! e ai?? passo o scan sem tá no modo de segurança?? Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 29, 2009 Olha..naum to conseguindo entrar no modo de segurança..quando coloco pra entrar.. ele começa abrir os dados.. e depois reinicia sozinho..!! acho q o virus fez algo pra q naum entrasse no modo de segurança..!! e ai?? passo o scan sem tá no modo de segurança?? <><><><><><><><><> Opa! Lavoisier <!> Restabeleça o Modo Seguro,com o SafeBootKeyRepair. <><><><><><><><><> <@> Baixe: < SafeBootKeyRepair > <@> Salve-a,diretamente,no Disco-local D. <@> Execute-a!E,ao terminar,gerará um relatório: D:\SafeBoot_Repair.txt <-- Não poste! <@> Verifique se já pode entrar,em Modo de Segurança! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Lavoisier 0 Denunciar post Postado Maio 29, 2009 Já notei melhoras.. mas espero sua verificação, pra v se ta tudo limpoa..há ..mas uma coisa.. acho q o q contaminou meu pc.. foi um pendrive como limpar ele?? Quando passei o programa pra scan. passei com o pendrive e la no fim do log tem dizendo q esse "virus" foi excluido do pendrive..mas queria segurança pra afirmar isso..!!(quando passei o Hijack havia tirado o Pendrive..) Desde já muito agradecido com a ajuda! Logfile of HijackThis v1.99.1 Scan saved at 02:13:54, on 29/5/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\ctfmon.exe D:\Documents and Settings\Lavoisier\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com.br O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [GrooveMonitor] "D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] D:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: Append to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'd:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Adobe Version Cue CS3 - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - D:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Context Manager Process Extension (cmpe) - LightComm - D:\WINDOWS\system32\cmpe.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - D:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe Compartilhar este post Link para o post Compartilhar em outros sites
Lavoisier 0 Denunciar post Postado Maio 29, 2009 Ocorreu um problema.. coloquei ele completo.. e o forum deu erro direto..apaguei alguns dessas linhas,por apresentarem a mesma coisa..pois foram muitos arquivos desinfictados...! DrWeb.csv(ele aqui abre como arquivo excel..copiei e colei) acrotray.exe d:\arquivos de programas\adobe\acrobat 8.0\acrobat Win32.Sector.17 Desinfectado. hpwuschd2.exe d:\arquivos de programas\hp\hp software update Win32.Sector.17 Desinfectado. onenotem.exe d:\arquivos de programas\microsoft office\office12 Win32.Sector.17 Desinfectado. msnmsgr.exe d:\arquivos de programas\msn messenger Win32.Sector.17 Desinfectado. 1 PAQUIMETRO EM MM.exe C:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 10 Manômetro bordon PSI.exe C:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 100 FRENAGEM POR CONTRA CORRENTE.exe C:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 101 FRENAGEM COM CORRENTE RETIFICADA.exe C:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 102 CHAVE SÉRIE PARALELO.exe C:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 107 PUNÇÃO PNEUMÁTICO.exe C:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 110 PORTA PNEUMÁTICA.exe C:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 113 INJETORA DE DESINFETANTE.exe C:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 119 TERMÍSTOR.exe C:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 127 ATERRAMENTO.exe C:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 130 CARGA DE REFRIGERANTE LÍQUIDO.exe C:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. objetivo.exe C:\ANIMAÇÕES DIDÁTICAS\0-RELAÇÃO LINKADA Win32.Sector.17 Desinfectado. vampire.exe C:\Arquivos de programas\Activision\Vampire - Bloodlines Win32.Sector.17 Desinfectado. acrobat_sl.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat Win32.Sector.17 Desinfectado. acrodist.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat Win32.Sector.17 Desinfectado. acrotray.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat Win32.Sector.17 Desinfectado. ConvertIP.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Designer 8.0 Win32.Sector.17 Desinfectado. ConvertPDF.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Designer 8.0 Win32.Sector.17 Desinfectado. ConvertWord.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Designer 8.0 Win32.Sector.17 Desinfectado. FormDesigner.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Designer 8.0 Win32.Sector.17 Desinfectado. ConvertIFD.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Designer 8.0\ConvertIFD Win32.Sector.17 Desinfectado. PDFMAec.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\PDFMaker\AutoCAD Win32.Sector.17 Desinfectado. Bridge.exe C:\Arquivos de programas\Adobe\Adobe Bridge Win32.Sector.17 Desinfectado. winamp.exe C:\Arquivos de programas\Winamp Win32.Sector.17 Desinfectado. A0022032.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022039.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022040.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022041.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022042.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022043.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022044.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022045.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022046.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022047.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022048.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022049.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022050.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022051.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022052.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022054.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022055.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022056.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022057.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022058.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022059.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022060.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022061.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022062.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022063.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022064.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022065.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022066.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022067.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022068.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022069.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022070.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022071.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022072.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022073.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022074.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022075.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022076.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022077.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022078.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022079.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022080.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022081.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022082.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022083.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022084.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022085.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022086.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022087.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022088.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022089.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022090.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022091.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022092.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022093.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022094.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022095.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024162.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024166.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024167.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024170.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024201.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.HLLW.Autoruner.2077 Eliminado. A0024253.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024255.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024260.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024261.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024266.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024273.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024274.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024279.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024281.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024283.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024287.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024288.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024289.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024290.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024291.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024293.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024295.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024299.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024306.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024307.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024308.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024309.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024311.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024314.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024315.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024316.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024317.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024319.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024321.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024325.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024327.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024329.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado....... ..... A0024392.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024393.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Modificação de Win32.Sector.5 Movido. A0024394.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024395.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024397.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024404.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024406.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024408.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024410.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024412.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024413.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024414.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024415.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024428.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024429.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado..................... ... A0028863.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0028864.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0028865.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Modificação de Win32.Sector.5 Movido. A0028903.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0028904.exe C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. 1 PAQUIMETRO EM MM.exe D:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 10 Manômetro bordon PSI.exe D:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 100 FRENAGEM POR CONTRA CORRENTE.exe D:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 101 FRENAGEM COM CORRENTE RETIFICADA.exe D:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 102 CHAVE SÉRIE PARALELO.exe D:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 103 PROPIEDADE DO AR.exe D:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 104 DISTRIBUIDORES.exe D:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 105 LEVANTAMENTO DE CARGA.exe D:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 106 COMANDO DE REGISTRO.exe D:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. 107 PUNÇÃO PNEUMÁTICO.exe D:\ANIMAÇÕES DIDÁTICAS Win32.Sector.17 Desinfectado. objetivo.exe D:\AREA DE TRABALHO\MATRIZ ANIMAÇÃO\ANIMAÇÕES DIDÁTICAS\0-RELAÇÃO LINKADA Win32.Sector.17 Desinfectado. Acrobat.exe D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat Win32.Sector.17 Desinfectado. Dreamweaver.exe D:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3 Win32.Sector.17 Desinfectado. FlashPlayer.exe D:\Arquivos de programas\Adobe\Adobe Flash CS3\Players Win32.Sector.17 Desinfectado. SetupDTSB.exe D:\Arquivos de programas\DAEMON Tools Adware.SaveNow Flash.exe D:\Arquivos de programas\Macromedia\Flash MX Win32.Sector.17 Desinfectado. SAFlashPlayer.exe D:\Arquivos de programas\Macromedia\Flash MX\Players Win32.Sector.17 Desinfectado. EXCEL.EXE D:\Arquivos de programas\Microsoft Office\Office12 Win32.Sector.17 Desinfectado. MSACCESS.EXE D:\Arquivos de programas\Microsoft Office\Office12 Win32.Sector.17 Desinfectado. OIS.EXE D:\Arquivos de programas\Microsoft Office\Office12 Win32.Sector.17 Desinfectado. WINWORD.EXE D:\Arquivos de programas\Microsoft Office\Office12 Win32.Sector.17 Desinfectado. firefox.exe D:\Arquivos de programas\Mozilla Firefox Win32.Sector.17 Desinfectado. Autoriza.exe D:\Arquivos de programas\Oi Velox\Manager Win32.Sector.17 Desinfectado. Álbum clicfolio.exe D:\Documents and Settings\Fernandes\Desktop\ALBUM SOLANA Win32.Sector.17 Desinfectado. compressor alternativo.exe D:\Documents and Settings\Fernandes\Desktop\compressor de ar marcos26 Win32.Sector.17 Desinfectado. livro de fotos.exe D:\Documents and Settings\Fernandes\Desktop\foto leda Win32.Sector.17 Desinfectado. teste carregamento.exe D:\Documents and Settings\Fernandes\Desktop\teste de carregamento 21 Win32.Sector.17 Desinfectado. A0006669.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP12 Adware.SaveNow A0022028.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022029.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022030.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022031.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022035.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022036.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0022038.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024109.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024120.EXE D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024322.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Modificação de Win32.Sector.5 Movido. A0024324.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024326.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024328.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024330.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024548.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024550.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Modificação de Win32.Sector.5 Movido. A0024552.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0024553.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0029010.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Modificação de Win32.Sector.5 Movido. A0029011.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0029399.EXE D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0029400.EXE D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0029401.EXE D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0029402.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0029403.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0029404.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0029405.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0029406.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. A0029407.exe D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32 Win32.Sector.17 Desinfectado. autorun.inf G:\ Win32.HLLW.Autoruner.2077 Eliminado. jcpaj.exe G:\ Win32.Sector.17 Eliminado. sys32.exe G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 Win32.HLLW.Autoruner.2077 Eliminado. FORAM NO TOTAL DE 1734 arquivos.. Essa lista acima ta bem resumida.. se quizer ver o arquivo..me encina ai a anexar aqui no forum o arquivo..rsrs!! Tentei tentei e num consegui!! Aguardo resposta!! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 30, 2009 Boa Noite! Lavoisier FORAM NO TOTAL DE 1734 arquivos.. Essa lista acima ta bem resumida.. se quizer ver o arquivo..me encina ai a anexar aqui no forum o arquivo..rsrs!! Tentei tentei e num consegui!! <!> O que foi postado,é suficiente. mas espero sua verificação, pra v se ta tudo limpoa..há ..mas uma coisa.. acho q o q contaminou meu pc.. foi um pendrive como limpar ele?? <!> Tentaremos com o Flash Disinfector. :thumbsup: <><><><><><><><><><> <@> Baixe: < Flash Disinfector > <@> Salve-o,diretamente,no Disco Local-D. <@> Conecte,na entrada USB,suas unidades removíveis! <@> Dê um duplo clique em: Flash_Disinfector.exe <@> Espere a conclusão! <><><><><><><><><><> <@> Baixe: < Kaspersky Virus Removal Tool > <@> Salve-o em Arquivos de Programas,e instale-o aí mesmo! <@> Reinicie o computador,em Modo de Segurança! <-- Importante! <@> Dê início ao exame,clicando em "Scan". <@> A verificação é muito demorada. <-- Aguarde! <@> Caso seja encontrada infecções,clique em "disinfect". <@> Terminando,clique na aba Events. <@> Desmarque a caixa de seleção "Show all events". <@> Clique em "Save to file". <@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem! <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Lavoisier 0 Denunciar post Postado Maio 30, 2009 Ola.. o link Flash desinfector naum ta funcionando..to baixando o outro karpsky, mas vou aguarda instruçoes ou um novo link :P! Vlw pela ajuda desculpe ter colocado aquele post enorme.. mas você disse q queria o Log.rsrs!! VLW! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 30, 2009 Bom Dia! Lavoisier <@> Vá à este link,e baixe o Flash Disinfector. < http://www.pplware.com/2009/01/20/virus-nas-pens-drives/ > <@> Existe,também,a opção adicional no uso do PenClean. <@> Caso queira,pode utilizar essa ferramenta. <@> Ps: Cabe notificar,que essa(s) aplicações devem ser realizadas antes do Kaspersky Virus Removal Tool. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Lavoisier 0 Denunciar post Postado Junho 2, 2009 Desculpe a demora!! Seguem os logs.! Scan ---- Scanned: 1288426 Detected: 11 Untreated: 0 Start time: 1/6/2009 17:26:54 Duration: 05:36:42 Finish time: 1/6/2009 23:03:36 Detected -------- Status Object ------ ------ disinfected: virus Virus.Win32.Sality.aa File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\149 Circuito elétrico condicionador de ar.exe disinfected: virus Virus.Win32.Sality.aa File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\8 TERMÔMETRO.exe disinfected: virus Virus.Win32.Sality.aa File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024322.exe disinfected: virus Virus.Win32.Sality.aa File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024393.exe disinfected: virus Virus.Win32.Sality.aa File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024550.exe disinfected: virus Virus.Win32.Sality.aa File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0028865.exe disinfected: virus Virus.Win32.Sality.aa File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0029010.exe disinfected: virus Virus.Win32.Sality.aa File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0029178.exe disinfected: virus Virus.Win32.Sality.aa File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\COMPENSADORA.exe disinfected: virus Virus.Win32.Sality.aa File: G:\bpnikm.exe deleted: virus Worm.Win32.AutoRun.dsf File: G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe Events ------ Time Name Status Reason ---- ---- ------ ------ 1/6/2009 18:03:20 File: D:\AREA DE TRABALHO\PENDRIVE2\SENHA\senha_multipla\senha_multipla.zip/senha_multipla.swf password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\Install.exe password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\myth.nfo password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.ace password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c00 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c01 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c02 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c03 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c04 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c05 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c06 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c07 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c08 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c09 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c10 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c11 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c12 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c13 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c14 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c15 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c16 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c17 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c18 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c19 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c20 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c21 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c22 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c23 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c24 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c25 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c26 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c27 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c28 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c29 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c30 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c31 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c32 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c33 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c34 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c35 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c36 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c37 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c38 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c39 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c40 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c41 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c42 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c43 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c44 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c45 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c46 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c47 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c48 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c49 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c50 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c51 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c52 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\Install.exe password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\myth.nfo password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.ace password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c00 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c01 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c02 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c03 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c04 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c05 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c06 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c07 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c08 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c09 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c10 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c11 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c12 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c13 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c14 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c15 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c16 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c17 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c18 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c19 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c20 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c21 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c22 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c23 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c24 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c25 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c26 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c27 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c28 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c29 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c30 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c31 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c32 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c33 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c34 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c35 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c36 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c37 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c38 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c39 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c40 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c41 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c42 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c43 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c44 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c45 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c46 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c47 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c48 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c49 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c50 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c51 password protected 1/6/2009 19:47:09 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c52 password protected 1/6/2009 19:53:21 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\149 Circuito elétrico condicionador de ar.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 19:53:22 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\149 Circuito elétrico condicionador de ar.exe not disinfected postponed 1/6/2009 19:53:22 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\8 TERMÔMETRO.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 19:53:23 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\8 TERMÔMETRO.exe not disinfected postponed 1/6/2009 19:53:23 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024322.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 19:53:24 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024322.exe not disinfected postponed 1/6/2009 19:53:24 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024393.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 19:53:24 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024393.exe not disinfected postponed 1/6/2009 19:53:25 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024550.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 19:53:25 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024550.exe not disinfected postponed 1/6/2009 19:53:25 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0028865.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 19:53:25 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0028865.exe not disinfected postponed 1/6/2009 19:53:26 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0029010.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 19:53:26 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0029010.exe not disinfected postponed 1/6/2009 19:53:27 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0029178.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 19:53:27 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0029178.exe not disinfected postponed 1/6/2009 19:53:27 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\COMPENSADORA.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 19:53:28 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\COMPENSADORA.exe not disinfected postponed 1/6/2009 20:13:48 File: G:\bpnikm.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 20:13:48 File: G:\bpnikm.exe not disinfected postponed 1/6/2009 20:14:13 File: G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe detected virus 'Worm.Win32.AutoRun.dsf' 1/6/2009 20:14:13 File: G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe not disinfected postponed 1/6/2009 20:27:33 File: g:\bpnikm.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 20:27:40 File: g:\bpnikm.exe disinfected virus 'Virus.Win32.Sality.aa' 1/6/2009 20:52:00 File: D:\AREA DE TRABALHO\PENDRIVE2\SENHA\senha_multipla\senha_multipla.zip/senha_multipla.swf password protected 1/6/2009 22:35:18 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\Install.exe password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\myth.nfo password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.ace password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c00 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c01 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c02 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c03 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c04 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c05 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c06 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c07 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c08 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c09 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c10 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c11 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c12 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c13 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c14 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c15 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c16 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c17 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c18 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c19 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c20 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c21 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c22 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c23 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c24 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c25 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c26 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c27 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c28 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c29 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c30 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c31 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c32 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c33 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c34 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c35 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c36 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c37 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c38 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c39 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c40 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c41 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c42 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c43 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c44 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c45 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c46 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c47 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c48 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c49 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c50 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c51 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part1.rar/mytnml54\nomans.c52 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\Install.exe password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\myth.nfo password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.ace password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c00 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c01 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c02 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c03 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c04 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c05 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c06 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c07 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c08 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c09 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c10 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c11 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c12 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c13 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c14 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c15 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c16 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c17 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c18 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c19 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c20 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c21 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c22 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c23 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c24 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c25 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c26 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c27 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c28 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c29 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c30 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c31 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c32 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c33 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c34 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c35 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c36 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c37 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c38 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c39 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c40 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c41 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c42 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c43 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c44 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c45 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c46 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c47 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c48 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c49 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c50 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c51 password protected 1/6/2009 22:35:19 File: D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns.part2.rar/mytnml54\nomans.c52 password protected 1/6/2009 22:41:20 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\149 Circuito elétrico condicionador de ar.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 22:41:20 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\149 Circuito elétrico condicionador de ar.exe not disinfected postponed 1/6/2009 22:41:20 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\8 TERMÔMETRO.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 22:41:20 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\8 TERMÔMETRO.exe not disinfected postponed 1/6/2009 22:41:20 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024322.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 22:41:20 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024322.exe not disinfected postponed 1/6/2009 22:41:21 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024393.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 22:41:21 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024393.exe not disinfected postponed 1/6/2009 22:41:21 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024550.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 22:41:21 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0024550.exe not disinfected postponed 1/6/2009 22:41:21 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0028865.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 22:41:21 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0028865.exe not disinfected postponed 1/6/2009 22:41:22 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0029010.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 22:41:22 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0029010.exe not disinfected postponed 1/6/2009 22:41:22 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0029178.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 22:41:22 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\A0029178.exe not disinfected postponed 1/6/2009 22:41:22 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\COMPENSADORA.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 22:41:22 File: D:\Documents and Settings\Lavoisier\DoctorWeb\Quarantine\COMPENSADORA.exe not disinfected postponed 1/6/2009 23:02:27 File: G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe detected virus 'Worm.Win32.AutoRun.dsf' 1/6/2009 23:02:28 File: G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe not disinfected postponed 1/6/2009 23:02:44 File: d:\documents and settings\lavoisier\doctorweb\quarantine\149 circuito elétrico condicionador de ar.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:02:50 File: d:\documents and settings\lavoisier\doctorweb\quarantine\149 circuito elétrico condicionador de ar.exe disinfected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:02:51 File: d:\documents and settings\lavoisier\doctorweb\quarantine\8 termômetro.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:02:55 File: d:\documents and settings\lavoisier\doctorweb\quarantine\8 termômetro.exe disinfected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:02:55 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0024322.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:02:59 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0024322.exe disinfected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:02:59 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0024393.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:01 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0024393.exe disinfected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:02 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0024550.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:03 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0024550.exe disinfected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:04 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0028865.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:06 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0028865.exe disinfected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:06 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0029010.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:08 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0029010.exe disinfected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:08 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0029178.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:09 File: d:\documents and settings\lavoisier\doctorweb\quarantine\a0029178.exe disinfected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:10 File: d:\documents and settings\lavoisier\doctorweb\quarantine\compensadora.exe detected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:11 File: d:\documents and settings\lavoisier\doctorweb\quarantine\compensadora.exe disinfected virus 'Virus.Win32.Sality.aa' 1/6/2009 23:03:11 File: g:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe detected virus 'Worm.Win32.AutoRun.dsf' 1/6/2009 23:03:36 File: g:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe deleted Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- All objects 1288426 11 0 1 0 8255 18548 226 6 System memory 725 0 0 0 0 1 0 0 0 Startup objects 689 0 0 0 0 0 125 0 0 Disk boot sectors 8 0 0 0 0 0 0 0 0 Meus documentos 221 0 0 0 0 3 0 0 0 Mail databases 0 0 0 0 0 0 0 0 0 Meu computador 644098 11 0 1 0 4126 9274 113 3 Disco local (C:) 123100 0 0 0 0 448 842 0 0 Disco local (D:) 513208 0 0 0 0 3563 6488 113 3 Disco removível (F:) 5230 0 0 0 0 42 1753 0 0 FERNANDES (G:) 1147 0 0 0 0 72 66 0 0 Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- Logfile of HijackThis v1.99.1 Scan saved at 23:07:09, on 1/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\explorer.exe D:\Documents and Settings\Lavoisier\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com.br O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [GrooveMonitor] "D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] D:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: is-LTK4O.lnk = D:\Arquivos de programas\Virus Removal Tool\is-LTK4O\startup.exe O8 - Extra context menu item: Append to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'd:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Adobe Version Cue CS3 - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - D:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Context Manager Process Extension (cmpe) - LightComm - D:\WINDOWS\system32\cmpe.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - D:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 2, 2009 Boa Noite! Lavoisier <@> Baixe: < a-squared Free 4.0 > <!> Link Opcional: < > <@> Salve-o em Arquivos de programas. <@> Abra o programa e clique em: Atualizar agora --> Aguarde! <@> Terminando,clique em: "Scan PC" <@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar". <@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena". <@> Salve e poste o relatório desta verificação. ( a2scan_xxyy09-xxxxxx.txt ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Lavoisier 0 Denunciar post Postado Junho 10, 2009 Desculpe pela demora estava viajando.. mil perdoes...!!! a-squared Free - Versão 4.5 Última atualização 3/6/2009 23:08:30 Configurações da análise: Scan type: deep Objetos: Memória, Rastros, Cookies, C:\, D:\ Análise de arquivos: Ligado Heurística: Desligado Análise de ADS: Ligado Início da análise: 10/6/2009 18:18:30 D:\Documents and Settings\Lavoisier\Dados de aplicativos\Mozilla\Firefox\Profiles\tqfg66hd.default\cookies.txt:28 detectado: Trace.TrackingCookie.doubleclick.net!A2 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe detectado: Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032966.exe detectado: Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP35\A0037196.exe detectado: Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP35\A0038446.exe detectado: Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP35\A0038486.exe detectado: Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038556.exe detectado: Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038607.exe detectado: Packer.RLPack.D!IK D:\AREA DE TRABALHO\MATRIZ ANIMAÇÕA2\Programa Flash MX 6\Programa Flash mx6\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidj.exe detectado: Backdoor.Rbot!IK D:\AREA DE TRABALHO\matriz3\Programa Flash MX 6\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidj.exe detectado: Backdoor.Rbot!IK D:\AREA DE TRABALHO\PENDRIVE2\Cópia de PLASH MX\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe detectado: Backdoor.Rbot!IK D:\AREA DE TRABALHO\PENDRIVE2\flash 6\Macromedia Flash MX_v6.0_Portuguese Patch.zip/Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe detectado: Backdoor.Rbot!IK D:\AREA DE TRABALHO\Técnica CO2\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe detectado: Backdoor.Rbot!IK D:\Arquivos de programas\Adobe\Acrobat 8.0\Setup Files\{AC76BA86-1033-F400-7760-000000000003}\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA.rar/KeyMaker.exe detectado: Riskware.Hacktool.Keygen.winamp!IK D:\Arquivos de programas\Adobe\Acrobat 8.0\Setup Files\{AC76BA86-1033-F400-7760-000000000003}\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA.rar/Winamp keygen-Pro.exe detectado: Virus.Win32.Trojan!IK D:\Arquivos de programas\Adobe\Acrobat 8.0\Setup Files\{AC76BA86-1033-F400-7760-000000000003}\Winrar_3.70_b2_BR+Patch.rar/Patch_Winrar_3.70_By_VTSM.exe detectado: Trojan.WpePro!IK D:\Arquivos de programas\DAEMON Tools\SetupDTSB.exe/DaemonTools_WhenUSave_Installer.exe detectado: Riskware.WebToolbar!IK D:\Arquivos de programas\WinRAR\Patch_Winrar_3.70_By_VTSM.exe detectado: Trojan.WpePro!IK D:\bakap1\flash 6\Macromedia Flash MX_v6.0_Portuguese Patch.zip/Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe detectado: Backdoor.Rbot!IK D:\bakap1\Nova pasta (2)\Cópia de PLASH MX\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe detectado: Backdoor.Rbot!IK D:\bakap1\Nova pasta (2)\Técnica CO2\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe detectado: Backdoor.Rbot!IK D:\bakap1\Programa Flash MX 6\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe detectado: Backdoor.Rbot!IK D:\Bakap3\matriz grava\Programa Flash mx6\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidj.exe detectado: Backdoor.Rbot!IK D:\Bakap3\padrão\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidj.exe detectado: Backdoor.Rbot!IK D:\Documents and Settings\Lavoisier\Desktop\instaladores\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA\KeyGen\KeyMaker.exe detectado: Riskware.Hacktool.Keygen.winamp!IK D:\Documents and Settings\Lavoisier\Desktop\instaladores\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA\KeyGen\Winamp keygen-Pro.exe detectado: Virus.Win32.Trojan!IK D:\Documents and Settings\Lavoisier\Desktop\instaladores\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA.rar/KeyMaker.exe detectado: Riskware.Hacktool.Keygen.winamp!IK D:\Documents and Settings\Lavoisier\Desktop\instaladores\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA.rar/Winamp keygen-Pro.exe detectado: Virus.Win32.Trojan!IK D:\Documents and Settings\Lavoisier\Desktop\instaladores\Winrar_3.70_b2_BR+Patch.rar/Patch_Winrar_3.70_By_VTSM.exe detectado: Trojan.WpePro!IK D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns\mytnml54\nomans.ace/Dupe.exe detectado: BehavesLikeWin32.ProcessHijack!IK D:\Programa Flash mx6\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidj.exe detectado: Backdoor.Rbot!IK D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP10\A0005126.exe detectado: Trojan-Dropper.Softomat!IK D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP12\A0006669.exe detectado: Riskware.WebToolbar!IK D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP4\A0001362.exe detectado: Backdoor.Rbot!IK Analisado Arquivos: 516937 Objetos: 757583 Cookies: 63 Processos: 38 Encontrado Arquivos: 33 Objetos: 0 Cookies: 1 Processos: 0 Chaves do registro: 0 Fim da análise: 10/6/2009 20:37:22 Duração da análise: 2:18:52 D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP10\A0005126.exe Em quarentena Trojan-Dropper.Softomat!IK D:\Documents and Settings\Lavoisier\Desktop\LOAm\NLoAmNaDns\mytnml54\nomans.ace/Dupe.exe Em quarentena BehavesLikeWin32.ProcessHijack!IK D:\Arquivos de programas\DAEMON Tools\SetupDTSB.exe/DaemonTools_WhenUSave_Installer.exe Em quarentena Riskware.WebToolbar!IK D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP12\A0006669.exe Em quarentena Riskware.WebToolbar!IK D:\Arquivos de programas\Adobe\Acrobat 8.0\Setup Files\{AC76BA86-1033-F400-7760-000000000003}\Winrar_3.70_b2_BR+Patch.rar/Patch_Winrar_3.70_By_VTSM.exe Em quarentena Trojan.WpePro!IK D:\Arquivos de programas\WinRAR\Patch_Winrar_3.70_By_VTSM.exe Em quarentena Trojan.WpePro!IK D:\Documents and Settings\Lavoisier\Desktop\instaladores\Winrar_3.70_b2_BR+Patch.rar/Patch_Winrar_3.70_By_VTSM.exe Em quarentena Trojan.WpePro!IK D:\Arquivos de programas\Adobe\Acrobat 8.0\Setup Files\{AC76BA86-1033-F400-7760-000000000003}\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA.rar/Winamp keygen-Pro.exe Em quarentena Virus.Win32.Trojan!IK D:\Documents and Settings\Lavoisier\Desktop\instaladores\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA\KeyGen\Winamp keygen-Pro.exe Em quarentena Virus.Win32.Trojan!IK D:\Documents and Settings\Lavoisier\Desktop\instaladores\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA.rar/Winamp keygen-Pro.exe Em quarentena Virus.Win32.Trojan!IK D:\Arquivos de programas\Adobe\Acrobat 8.0\Setup Files\{AC76BA86-1033-F400-7760-000000000003}\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA.rar/KeyMaker.exe Em quarentena Riskware.Hacktool.Keygen.winamp!IK D:\Documents and Settings\Lavoisier\Desktop\instaladores\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA\KeyGen\KeyMaker.exe Em quarentena Riskware.Hacktool.Keygen.winamp!IK D:\Documents and Settings\Lavoisier\Desktop\instaladores\Winamp 5.32 Professional MultiLang KeyGen Controller Programmi ITA.rar/KeyMaker.exe Em quarentena Riskware.Hacktool.Keygen.winamp!IK D:\AREA DE TRABALHO\MATRIZ ANIMAÇÕA2\Programa Flash MX 6\Programa Flash mx6\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidj.exe Em quarentena Backdoor.Rbot!IK D:\AREA DE TRABALHO\matriz3\Programa Flash MX 6\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidj.exe Em quarentena Backdoor.Rbot!IK D:\AREA DE TRABALHO\PENDRIVE2\Cópia de PLASH MX\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe Em quarentena Backdoor.Rbot!IK D:\AREA DE TRABALHO\PENDRIVE2\flash 6\Macromedia Flash MX_v6.0_Portuguese Patch.zip/Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe Em quarentena Backdoor.Rbot!IK D:\AREA DE TRABALHO\Técnica CO2\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe Em quarentena Backdoor.Rbot!IK D:\bakap1\flash 6\Macromedia Flash MX_v6.0_Portuguese Patch.zip/Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe Em quarentena Backdoor.Rbot!IK D:\bakap1\Nova pasta (2)\Cópia de PLASH MX\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe Em quarentena Backdoor.Rbot!IK D:\bakap1\Nova pasta (2)\Técnica CO2\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe Em quarentena Backdoor.Rbot!IK D:\bakap1\Programa Flash MX 6\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidjan.exe Em quarentena Backdoor.Rbot!IK D:\Bakap3\matriz grava\Programa Flash mx6\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidj.exe Em quarentena Backdoor.Rbot!IK D:\Bakap3\padrão\Macromedia Flash MX_v6.0_Portuguese Patch\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidj.exe Em quarentena Backdoor.Rbot!IK D:\Programa Flash mx6\Macromedia Flash MX version 6.0 Portuguese - Patch by Bidj.exe Em quarentena Backdoor.Rbot!IK D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP4\A0001362.exe Em quarentena Backdoor.Rbot!IK C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe Em quarentena Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032966.exe Em quarentena Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP35\A0037196.exe Em quarentena Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP35\A0038446.exe Em quarentena Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP35\A0038486.exe Em quarentena Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038556.exe Em quarentena Packer.RLPack.D!IK C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038607.exe Em quarentena Packer.RLPack.D!IK D:\Documents and Settings\Lavoisier\Dados de aplicativos\Mozilla\Firefox\Profiles\tqfg66hd.default\cookies.txt:28 Em quarentena Trace.TrackingCookie.doubleclick.net!A2 Em quarentena Arquivos: 33 Objetos: 0 Cookies: 1 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 11, 2009 Boa Tarde! Lavoisier <@> Vá à este Link,logo abaixo,e execute a vacina anti-sality. < Win32_Sality > <@> Execute estas instruções: Win32/Sality <@> Baixe os três arquivos,para a pasta: D:\Sality <-- Crie esta pasta! <1> rmsality.exe <2> rmsality.nt <3> rmsality.dos <@> Execute o arquivo: rmsality.exe <@> Você também pode especificar os discos,para restaurar,como parâmetro de um comando. <@> Exemplo: D:\Sality\rmsality D: C: <@> Se o comando é usado sem parâmetros,será restaurado todos os discos no computador. <@> Ps: O êxito do removedor,necessita de direitos administrativos. <@> Para a funcionalidade apropriada do removedor,é necessário salvar o rmsality.nt e o rmsality.dos,na mesma pasta que o rmsality.exe. <@> Ps: Caso possua ficheiro(s) infectados,execute o procedimento logo abaixo. <@> Vá em Iniciar --> Executar --> Digite: d:\Sality\rmsality d:\windows\explorer.exe --> Aperte Enter. <@> Aguarde! <><><><><><><><><><> <@> Baixe: < Norman Malware Cleaner > <@> Salve-o no desktop. <@> Abra o arquivo e clique em Executar --> Accept. <@> Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( C:\*.*,D:\*.*,E:\*.*,etc... ) <@> Clique em "Start scan" --> Aguarde! <@> Terminando,poste o relatório,que estará no desktop. ( NFix_2009-xx-xx_yy-yy-yy.log ) <-- <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Lavoisier 0 Denunciar post Postado Junho 11, 2009 Rapaz.. no link q você postou só tem o Dowload do : rmslt.exe aguardo instruçoes! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 12, 2009 Rapaz.. no link q você postou só tem o Dowload do : rmslt.exe aguardo instruçoes! <><><><><><><><><> Opa! Lavoisier <!> Pode utilizar o mesmo,dispensando os outros! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Lavoisier 0 Denunciar post Postado Junho 13, 2009 segue o log: Norman Malware Cleaner Copyright © 1990 - 2009, Norman ASA. Built 2009/06/11 12:01:32 Norman Scanner Engine Version: 6.01.09 Nvcbin.def Version: 6.01.00, Date: 2009/06/11 12:01:32, Variants: 3265324 Scan started: 13/06/2009 00:59:02 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2 Logged on user: DESTROYE-D3F7DB\Lavoisier Scanning running processes and process memory... Number of processes/threads found: 1898 Number of processes/threads scanned: 1884 Number of processes/threads not scanned: 14 Number of infected processes/threads terminated: 0 Total scanning time: 40s Scanning file system... Scanning: C:\*.* C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe (Infected with W32/Smalltroj.ECSP) Deleted file C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038651.exe (Infected with W32/Smalltroj.ECSP) Deleted file C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038707.exe (Infected with W32/Smalltroj.ECSP) Deleted file C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP37\A0038808.exe (Infected with W32/Smalltroj.ECSP) Deleted file C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP37\A0038836.exe (Infected with W32/Smalltroj.ECSP) Deleted file Scanning: D:\*.* D:\Arquivos de programas\Macromedia\Flash MX\Players\Debug\SAFlashPlayer.exe (Infected with W32/Smalltroj.EPYS) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP10\A0005130.sys (Infected with W32/Agent.HHSF) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP10\A0005131.sys (Infected with W32/Agent.HHSF) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP32\A0027747.sys (Infected with W32/Agent.HHSF) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032884.exe (Infected with W32/Sality.AQ) Repaired file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032886.exe (Infected with W32/Sality.AQ) Repaired file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032888.exe (Infected with W32/Sality.AQ) Repaired file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032890.exe (Infected with W32/Sality.AQ) Repaired file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032891.exe (Infected with W32/Sality.AQ) Repaired file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032892.exe (Infected with W32/Sality.AQ) Repaired file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038637.exe (Infected with W32/SaveNow.XO) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038641.exe (Infected with W32/Spybot.DKAH) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038642.exe (Infected with W32/Spybot.DKAH) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038643.exe (Infected with W32/Spybot.DKAH) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038644.exe (Infected with W32/Spybot.DKAH) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038645.exe (Infected with W32/Spybot.DKAH) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038646.exe (Infected with W32/Spybot.DKAH) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038647.exe (Infected with W32/Spybot.DKAH) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038648.exe (Infected with W32/Spybot.DKAH) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038649.exe (Infected with W32/Spybot.DKAH) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038650.exe (Infected with W32/Spybot.DKAH) Deleted file D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP37\A0038837.exe (Infected with W32/Smalltroj.EPYS) Deleted file Running post-scan cleanup routine: Number of files found: 501261 Number of archives unpacked: 2065 Number of files scanned: 501238 Number of files not scanned: 23 Number of files skipped due to exclude list: 0 Number of infected files found: 27 Number of infected files repaired/deleted: 27 Number of infections removed: 27 Total scanning time: 1h 24m 15s ----------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 03:13:04, on 13/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\userinit.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe D:\WINDOWS\RTHDCPL.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe D:\WINDOWS\system32\ctfmon.exe D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe D:\Arquivos de programas\a-squared Free\a2service.exe D:\WINDOWS\system32\cmpe.exe D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\svchost.exe D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe D:\Documents and Settings\Lavoisier\Desktop\HijackThis\HijackThis.exe D:\WINDOWS\System32\svchost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com.br O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [GrooveMonitor] "D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] D:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: is-LTK4O.lnk = D:\Arquivos de programas\Virus Removal Tool\is-LTK4O\startup.exe O8 - Extra context menu item: Append to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'd:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: Adobe Version Cue CS3 - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - D:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Context Manager Process Extension (cmpe) - LightComm - D:\WINDOWS\system32\cmpe.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - D:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 13, 2009 Bom Dia! Lavoisier <!> Execute estes scans online,de desinfecção: Nod32 --> BitDefender. <><><><><><><><><><> <@> Faça um escaneamento,online,em Eset. <@> Utilize o navegador Internet Explorer. <@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar. <@> Marque a caixa: "YES, I accept the Terms of Use" --> Start. <@> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( D:\Arquivos de programas\EsetOnlineScanner\log ) <><><><><><><><><><> <@> Faça um escaneamento de desinfecção,em < BitDefender > e poste o relatório. <@> Ps: Utilize o navegador Internet Explorer! <@> Abrirá a página: < BitDefender OnLine Scanner > <@> Clique em: < > <@> Aguarde e aceite a instalação do ActiveX,para que possa ocorrer o scan. <@> Terminando,poste o relatório: D:\Windows\BDOSCAN8\bdoscan.log <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Lavoisier 0 Denunciar post Postado Junho 18, 2009 ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=55919aef1e10a341975b0d4819326d2a # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-06-17 09:53:56 # local_time=2009-06-17 06:53:56 (-0300, Hora oficial do Brasil) # country="Brazil" # lang=1046 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=769 21 100 100 65870625000 # scanned=279567 # found=2 # cleaned=2 # scan_time=3556 D:\WINDOWS\system32\cmpe.dll provavelmente uma variante de Win32/Agent cavalo de Tróia (limpo por exclusão - em quarentena) 00000000000000000000000000000000 D:\WINDOWS\system32\cmpe.exe provavelmente uma variante de Win32/Agent cavalo de Tróia (limpo por exclusão (após a próxima reinicialização) - em quarentena) 00000000000000000000000000000000 BDscan ------------------------------------------------------------------- [General] App = "楂䑴晥湥敤湏楬敮匠慣湮牥 v8" Date = 17:06:2009 Time = 22:32:39 Scan Path = A:\;C:\;D:\;E:\; [Engines Info] Virus Definitions = 3349289 Engine build = "AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)" Scan plugins = 17 Archive plugins = 45 Unpack plugins = 7 E-mail plugins = 6 System plugins = 4 [scan Statistics] Folders = 24745 Files = 831192 Archives = 7048 Packed files = 86623 Identified viruses = 7 Infected files = 20 Warnings = 0 Suspect files = 0 Disinfected files = 0 Deleted files = 20 Copied files = 0 Moved files = 0 Renamed files = 0 I/O Errors = 29 [scan Settings] SecondAction = Delete FirstAction = Disinfect Heuristics = 1 Enable Warnings = 1 Exclude Ext = Extensions = *; Scan Emails = 1 Scan Archives = 1 Scan Packed = 1 Scan Files = 1 Scan Boot = 1 Verify Memory = 0 [scan Results] Line00000050 = "C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP37\A0042291.exe Infected with: Packer.RLPack.D" Line00000049 = "C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP37\A0042291.exe Disinfection failed" Line00000048 = "C:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP37\A0042291.exe Deleted" Line00000047 = "D:\Documents and Settings\Lavoisier\Configurações locais\Temp\Rar$DR02.219\Cliente_MuEagle\3d.dll Infected with: Trojan.Generic.1916523" Line00000046 = "D:\Documents and Settings\Lavoisier\Configurações locais\Temp\Rar$DR02.219\Cliente_MuEagle\3d.dll Deleted" Line00000045 = "D:\Documents and Settings\Lavoisier\Configurações locais\Temp\Rar$DR02.219\Cliente_MuEagle\main.exe Infected with: Trojan.Generic.1759868" Line00000044 = "D:\Documents and Settings\Lavoisier\Configurações locais\Temp\Rar$DR02.219\Cliente_MuEagle\main.exe Deleted" Line00000043 = "D:\Documents and Settings\Lavoisier\Desktop\Cliente_MuEagle.rar=>Cliente_MuEagle\3d.dll Infected with: Trojan.Generic.1916523" Line00000042 = "D:\Documents and Settings\Lavoisier\Desktop\Cliente_MuEagle.rar=>Cliente_MuEagle\3d.dll Deleted" Line00000041 = "D:\Documents and Settings\Lavoisier\Desktop\Cliente_MuEagle.rar Update failed" Line00000040 = "D:\Documents and Settings\Lavoisier\Desktop\Cliente_MuEagle.rar=>Cliente_MuEagle\main.exe Infected with: Trojan.Generic.1759868" Line00000039 = "D:\Documents and Settings\Lavoisier\Desktop\Cliente_MuEagle.rar=>Cliente_MuEagle\main.exe Deleted" Line00000038 = "D:\Documents and Settings\Lavoisier\Desktop\Cliente_MuEagle.rar Update failed" Line00000037 = "D:\Documents and Settings\Lavoisier\Desktop\muegle\Cliente_MuEagle\3d.dll Infected with: Trojan.Generic.1916523" Line00000036 = "D:\Documents and Settings\Lavoisier\Desktop\muegle\Cliente_MuEagle\3d.dll Deleted" Line00000035 = "D:\Documents and Settings\Lavoisier\Desktop\muegle\Cliente_MuEagle\main.exe Infected with: Trojan.Generic.1759868" Line00000034 = "D:\Documents and Settings\Lavoisier\Desktop\muegle\Cliente_MuEagle\main.exe Deleted" Line00000033 = "D:\Documents and Settings\Lavoisier\Desktop\muegle\Patch\main.exe Infected with: Trojan.Generic.1759868" Line00000032 = "D:\Documents and Settings\Lavoisier\Desktop\muegle\Patch\main.exe Deleted" Line00000031 = "D:\Documents and Settings\Lavoisier\Desktop\mxone.exe Infected with: Dropped:Trojan.Generic.1765014" Line00000030 = "D:\Documents and Settings\Lavoisier\Desktop\mxone.exe Disinfection failed" Line00000029 = "D:\Documents and Settings\Lavoisier\Desktop\mxone.exe Deleted" Line00000028 = "D:\Documents and Settings\Lavoisier\Desktop\Patch_MuEagle.rar=>Patch\main.exe Infected with: Trojan.Generic.1759868" Line00000027 = "D:\Documents and Settings\Lavoisier\Desktop\Patch_MuEagle.rar=>Patch\main.exe Deleted" Line00000026 = "D:\Documents and Settings\Lavoisier\Desktop\Patch_MuEagle.rar Update failed" Line00000025 = "D:\sality\rmslt.exe Infected with: Generic.HorstBased.28F5ED63" Line00000024 = "D:\sality\rmslt.exe Disinfection failed" Line00000023 = "D:\sality\rmslt.exe Deleted" Line00000022 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032885.exe Infected with: Gen:Win32.Sality.Dam" Line00000021 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032885.exe Disinfection failed" Line00000020 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032885.exe Deleted" Line00000019 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032887.exe Infected with: Gen:Win32.Sality.Dam" Line00000018 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032887.exe Disinfection failed" Line00000017 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032887.exe Deleted" Line00000016 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032889.exe Infected with: Gen:Win32.Sality.Dam" Line00000015 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032889.exe Disinfection failed" Line00000014 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP33\A0032889.exe Deleted" Line00000013 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038638.exe Infected with: Trojan.Wgapatch.A" Line00000012 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP36\A0038638.exe Deleted" Line00000011 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042457.dll Infected with: Trojan.Generic.1916523" Line00000010 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042457.dll Deleted" Line00000009 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042458.exe Infected with: Trojan.Generic.1759868" Line00000008 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042458.exe Deleted" Line00000007 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042459.exe Infected with: Trojan.Generic.1759868" Line00000006 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042459.exe Deleted" Line00000005 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042460.exe Infected with: Dropped:Trojan.Generic.1765014" Line00000004 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042460.exe Disinfection failed" Line00000003 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042460.exe Deleted" Line00000002 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042461.exe Infected with: Generic.HorstBased.28F5ED63" Line00000001 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042461.exe Disinfection failed" Line00000000 = "D:\System Volume Information\_restore{EC1C1AC5-4941-4E37-B9F4-27668DFF7640}\RP38\A0042461.exe Deleted" Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 18, 2009 Bom Dia! Lavoisier <@> Estabeleça um ponto limpo na Restauração do Sistema. <@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema. <@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok. <@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok. <@> Para maiores detalhes,leia o Tutorial: < Link > <><><><><><><><><><> <@> Baixe: < Malwarebytes > <@> Atualize o programa! <@> Escolha o escaneamento Completo! <@> Desabilite programas de proteção,ao executar o malwarebytes. <@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens. <@> Para maiores detalhes: < Link > <><><><><><><><><><> <@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Lavoisier 0 Denunciar post Postado Junho 18, 2009 Malwarebytes' Anti-Malware 1.38 Versão do banco de dados: 2304 Windows 5.1.2600 Service Pack 2 18/6/2009 14:50:51 mbam-log-2009-06-18 (14-50-51).txt Tipo de Verificação: Completa (C:\|D:\|) Objetos verificados: 412833 Tempo decorrido: 1 hour(s), 7 minute(s), 58 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 1 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 1 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully. Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of HijackThis v1.99.1 Scan saved at 14:53:57, on 18/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\Arquivos de programas\a-squared Free\a2service.exe D:\Arquivos de programas\Java\jre6\bin\jqs.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\svchost.exe D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\Explorer.EXE D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe D:\WINDOWS\RTHDCPL.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe D:\Arquivos de programas\Mx One\mogtr.exe D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe D:\Documents and Settings\Lavoisier\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com.br O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [GrooveMonitor] "D:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] D:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Mx_One_Guardian_Tiempo_Real] D:\Arquivos de programas\Mx One\mogtr.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: is-LTK4O.lnk = D:\Arquivos de programas\Virus Removal Tool\is-LTK4O\startup.exe O8 - Extra context menu item: Append to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'd:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com.br O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: Adobe Version Cue CS3 - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - D:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Context Manager Process Extension (cmpe) - Unknown owner - D:\WINDOWS\system32\cmpe.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - D:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe Compartilhar este post Link para o post Compartilhar em outros sites