Ir para conteúdo
    • João Batista Neto

      iMasters InterCon 2017   10-10-2017

      Ainda dá tempo de se inscrever no iMasters InterCon 2017, o maior evento dev do Brasil!  

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Cristiane F.

[Resolvido!] remover Cavalo de Tróia Generic 14.beleza

Recommended Posts

Oi Oi!!

 

Estou precisando muito da preciosa ajuda de vocês, sou usuária sem muita experiência em remoção de vírus. Meu PC foi infectado na semana passada com um spyware que criava falsos pop-ups solicitando atualização de um suposto antivírus "Windows Pro 2009", que nem mesmo tenho no meu computador.

Meu anti-vírus acusou a presença de lizkavd.exe/svcst.exe e seres.exe. Segui um procedimento que encontrei num tópico daqui, pois a pessoa tinha extamente o mesmo problema, que havia sido solucionado. Instalei o Malware Bytes e o executei, ele acusou diversas entradas, que foram todas colocadas em quarentena e então removidas. Segui também as instruções para estabelecer um ponto limpo na restauração do sistema. Aparentemente, tinha funcionado bem, os falso pop-ups tinham desaparecido e os arquivos lizkavd.exe/svcst.exe e seres.exe também tinham sumido da pasta documents and settings/usuário/dados de aplicativos.Tudo parecia normal, porém, ao fazer novo scan com meu anti-vírus AVG, ele acusa a presença de um Cavalo de Troia Generic 14.BLZO, que não consegue remover por fazer parte de um arquivo crítico do sistema (arquivo C:\windows\system32\drivers\agp440.sys).

 

Segue aqui o meu log no Hijackthis para sua análise:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:56:57, on 16/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\eTCrtMng.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\DkLog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\eTSrv.exe

C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\dkcktkn.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Java\jre6\bin\jucheck.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\HiJackThis.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe

O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [YSearchProtection] "C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe

O4 - HKLM\..\Run: [DkMonitor.exe] C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\Datakey\Crypt32\DkStartup.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [YSearchProtection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [search Protection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\cfantinati\restorer64_a.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra 'Tools' menuitem: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe

O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe

O23 - Service: Datakey's Virtual Channel Monitor (DkVcm) - Datakey, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 12096 bytes

 

 

Aqui o log do Malware Bytes:

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2968

Windows 5.1.2600 Service Pack 3

 

16/10/2009 09:02:58

mbam-log-2009-10-16 (09-02-58).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 195246

Tempo decorrido: 1 hour(s), 16 minute(s), 34 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

 

O que será que está acontecendo??

 

 

Desde já agradeço imensamente!

 

Cris

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Oi Cristiane! Seja bem-vinda ao Fórum Imasters.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

• Faça o download do Superantispyware;

• Dê um duplo clique no ícone do programa e instale-o clicando em (Next > Aceite o contrato > Next > Next > escolha a opção de salvá-lo na pasta de Arquivos de Programas > Next > Next > aguarde a instalação > clique no botão Finish.

• Aparecerá uma caixa pedindo para que seja escolhida o seu idioma, escolha a opção de Portuguese (BR) e clique no botão Ok.

• Aparecerá uma mensagem perguntando: “Você quer que o SUPERAntiSpyware procure as regras e definições atuais agora (Recomendado)? Conecte o computador à Internet e clique no botão Sim. Aguarde a sua atualização

• Surgirá mais uma tela, clique no botão Avançar >Avançar >Avançar > - Avançar >Concluir.

• Aparecerá uma janela perguntando se você deseja proteger a sua página inicial do Internet Explorer contra mudanças. Escolha a opção desejada.

• Reinicie o computador,em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança);

• Caso não seja possível reiniciar o computador em Modo de segurança, faça o escaneamento no modo normal.

• Execute o SuperAntispyware e clique em: Escaneia seu PC...

• Em Local de escaneamento escolha: C:\ Fixed Drive ( NTFS ) e se você tiver outros discos a serem escaneados marque-os também;

• Marque a opção Faz Escaneamento Completo;

• Clique em Avançar. Aguarde!

• Terminando,abrir-se-à a janela: Resumo de Escaneamento SUPERAntiSpyware. Clique no botão Ok. Clique no botão Avançar > para que as ameaças sejam excluídas.

• Poderá aparecer uma mensagem perguntando se você deseja que o computador seja reiniciado para que os itens sejam excluídos. Clique em Sim.

• Após o reinício do PC, clique com o botão direito do mouse sobre o ícone do SUPERAntiSpyware ao lado do relógio do Windows e escolha a opção – Ver Centro de Controle (Preferências/Opções)... – clique na aba: Estatísticas/Arquivos de Log - Dê um duplo clique com o botão esquerdo do mouse sobre o log e será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).

• Depois disso é só voltar aqui no fórum e postar este log do SUPERAntiSpyware juntamente com um novo log do Hijackthis para que eles possam ser analizados e nos diga se todos os problemas encontrados pelo SuperAntispyware foram removidos.

• Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Oi Antonio,

 

Muito obrigada pelo passo a passo tão detalhado :thumbsup: !

 

Vamos aos logs então.

Do Superantispyware:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 10/19/2009 at 01:14 PM

 

Application Version : 4.29.1004

 

Core Rules Database Version : 4173

Trace Rules Database Version: 2093

 

Scan type : Complete Scan

Total Scan Time : 01:12:57

 

Memory items scanned : 234

Memory threats detected : 0

Registry items scanned : 6523

Registry threats detected : 0

File items scanned : 23214

File threats detected : 161

 

Adware.Tracking Cookie

C:\Documents and Settings\cfantinati\Cookies\cfantinati@adservingml[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@adtech[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@tns-counter[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@www.hairfinder[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@adserver-2.bnetwork.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@server.iad.liveperson[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@sixapart.adbureau[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@statcounter[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@overture[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.clicksor[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@fortuneopub.solution.weborama[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@oas.adservingml[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.buscape.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@msnportal.112.2o7[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@xiti[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@sistema.allinmedia.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@adinterax[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ad.zanox[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@eas.apm.emediate[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@hairfinder[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@myroitracking[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@trvlnet.adbureau[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@fl01.ct2.comclick[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@amilportal.ad.adnetwork.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@zbox.zanox[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@advertising[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@99counters[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@rambler[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@m1.webstats.motigo[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.realmedia.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@tscounter[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@abril.112.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ice.112.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@apmebf[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.sun[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@specificmedia[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@realmedia[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@a1.interclick[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.abril.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@76959217[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ad.adnetwork.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@specificclick[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ad.yieldmanager[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.viddler[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@atlanticahotels.ad.adnetwork.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@atdmt[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@tam.ad.adnetwork.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.us.e-planning[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.bolsademulher[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@list[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.directaclick[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@tribalfusion[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@adsense2008.mpl[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@doubleclick[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@adbrite[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@serving-sys[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@roiservice[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@richmedia.yahoo[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.bluelithium[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@himidia.112.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.twenga[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@chitika[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@snap9.advertserve[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@boursoramabanque.solution.weborama[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@24631554[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@portalclaro.ad.adnetwork.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.hardmob.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@trafficmp[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@walmartbrasil.112.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@please[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@bravenet[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads1.mediaops.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@smartadserver[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@statse.webtrendslive[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@stats.adbrite[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@interclick[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@revsci[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@videoegg.adbureau[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@b2wviagens.122.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@kontera[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@weborama[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@azul.ad.adnetwork.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ad.virgula.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@visiteurope[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@aunica.112.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@questionmarket[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@paypal.112.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ad2.pop.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@millenniumhotels.122.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@52829327[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@msnbc.112.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@cdn4.specificclick[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@adopt.specificclick[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@trackalyzer[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@service.liveperson[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ak[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@yadro[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.sapo[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@golalmap.ad.adnetwork.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@stats.jollypeople[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@www.imediaexcellence.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1042569231[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.minhavida.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@sulamerica.ad.adnetwork.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@deloitte.122.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1069390747[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@content.yieldmanager[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@adserver.internet-arts[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.pugetsoundsoftware[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@bs.serving-sys[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@stats1.clicktracks[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1033633648[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.xpg.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1035911751[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@stat.blogorama[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@adserver.jacotei.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@at.atwola[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@tacoda[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@008.free-counters.co[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1066419315[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@oasc05.247realmedia[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1055809208[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@cgi-bin[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@loreal.ad.adnetwork.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@adserver.dialhost.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@perf.overture[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@avgtechnologies.112.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1072707600[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1059546366[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.as4x.tmcs.ticketmaster[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@claroideias.ad.adnetwork.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1060637718[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1068000933[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1044263752[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@ads.clubedohardware.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@contoursexpress.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1066977303[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@fastclick[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@tripod[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@skyac.ad.adnetwork.com[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@link.mercent[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@e-2dj6wml4okcjghq.stats.esomniture[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@pro-market[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1068758887[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@semdirector.112.2o7[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@19452074[2].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@media.realmedia.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@1071095996[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@ehg-extreme.hitbox[1].txt

C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@server.iad.liveperson[2].txt

C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@ads.obaoba.com[1].txt

C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@ads1.mediaops.com[1].txt

C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@stats.guiamais.com[1].txt

C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@banner.tpi.com[1].txt

C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@tam.ad.adnetwork.com[2].txt

C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@ad.adnetwork.com[1].txt

C:\Documents and Settings\cfantinati\Configurações locais\Temp\Cookies\cfantinati@ads.abril.com[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@neocounter2[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@accounts[1].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@accounts[3].txt

C:\Documents and Settings\cfantinati\Cookies\cfantinati@accounts[4].txt

 

 

E para o meu desespero, quando eu fui fazer o scan no Hijackthis, o AVG novamente acusou o vírus Cavalo de Tróia 14.blzo no C:\\windows/system32\drivers\agp440.sys. De qualquer forma, segue o log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:25:32, on 19/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\eTCrtMng.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe

C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\System32\DkLog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\eTSrv.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\dkcktkn.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Arquivos de programas\HiJackThis.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe

O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [YSearchProtection] "C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe

O4 - HKLM\..\Run: [DkMonitor.exe] C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\Datakey\Crypt32\DkStartup.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [YSearchProtection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [search Protection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\cfantinati\restorer64_a.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra 'Tools' menuitem: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe

O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe

O23 - Service: Datakey's Virtual Channel Monitor (DkVcm) - Datakey, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 12358 bytes

 

Socorro!

 

Desde já, muito obrigada pela grande ajuda

Cris

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Antonio,

 

Já baixei o programa conforme sua orientação e logo mais vou fazer o scan, mas como é bem lento e logo mais tenho que sair, provavelmente só verificarei os resultados e os postarei aqui amanhã. Nesse meio tempo, você acha aconselhável que eu deixe o cabo de rede desconectado, enquanto o Kaspersky roda no modo de segurança? É que tenho medo de que novas infecções aconteçam enquanto estou ausente do computador, pois esse vírus está abrindo portas para isso a todo instante.

Queria porém te perguntar se não devo desinstalar alguns dos programas de proteção que aqui estão, o Spybot, o Malware Bytes e o Superantispyware. Esse excesso de programas de proteção não podem entrar em conflito em algum momento?

 

 

Grata!

Cris

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Antonio,

 

Já baixei o programa conforme sua orientação e logo mais vou fazer o scan, mas como é bem lento e logo mais tenho que sair, provavelmente só verificarei os resultados e os postarei aqui amanhã. Nesse meio tempo, você acha aconselhável que eu deixe o cabo de rede desconectado, enquanto o Kaspersky roda no modo de segurança? É que tenho medo de que novas infecções aconteçam enquanto estou ausente do computador, pois esse vírus está abrindo portas para isso a todo instante.

Realmente esta é uma boa idéia, o escaneamento dele é eficiente mas é meio demorado mesmo. E fazendo desta forma que você citou você evita que o virus se espalhe.

 

Queria porém te perguntar se não devo desinstalar alguns dos programas de proteção que aqui estão, o Spybot, o Malware Bytes e o Superantispyware. Esse excesso de programas de proteção não podem entrar em conflito em algum momento?

Você usar todos estes programas em conjunto, pois eles são compatíveis. Mas deixe só o Spybot e o seu antivirus iniciando juntamente com o seu PC para que o Windows não fique lento.

 

E os outros programas você deixa para fazer só uma verificação semanal.

 

E quanto ao Spybot depois que você terminar de fazer a limpeza com o Kaspersky é importante você fazer uma atualização (update) do Spybot > e depois disto faça um escaneamento com o Spybot e remova os problemas que ele encontrar.

 

E depois disto poste por gentileza os logs pedidos e nos diga como está o PC após estes procedimentos.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Oi Antonio!

 

Deixei o Kaspersky rodando durante e anoite, ele encontrou o vírus que os outros antivirus não conseguiram remover. Ele desinfectou o C:\system32\driver\agp440.sys e deletou o trojan backdoor.win.32.bredolab.ahd.

 

Isso feito, atualizei o Spybot e fiz o scan, duas entradas foram removidas.

 

Aqui vai o log do Kaspersky:

 

Scan

----

Scanned: 869481

Detected: 2

Untreated: 0

Start time: 19/10/2009 16:58:35

Duration: 16:15:19

Finish time: 20/10/2009 09:13:54

 

 

Detected

--------

Status Object

------ ------

disinfected: virus Virus.Win32.Protector.c File: c:\windows\system32\drivers\agp440.sys

deleted: Trojan program Backdoor.Win32.Bredolab.ahd File: C:\Documents and Settings\cfantinati\Configurações locais\Temp\~TM678.tmp

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

19/10/2009 17:04:30 File: c:\windows\system32\drivers\agp440.sys detected virus 'Virus.Win32.Protector.c'

19/10/2009 17:04:30 File: c:\windows\system32\drivers\agp440.sys not disinfected postponed

19/10/2009 17:06:56 File: c:\windows\system32\drivers\agp440.sys detected virus 'Virus.Win32.Protector.c'

19/10/2009 17:06:56 File: c:\windows\system32\drivers\agp440.sys not disinfected postponed

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip/sbRecovery.reg password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip/sbRecovery.ini password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip/svcst.exe password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip/sbRecovery.ini password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip/sbRecovery.reg password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip/sbRecovery.ini password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp3.zip/svcst.exe password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp3.zip/sbRecovery.ini password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip/sbRecovery.reg password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip/sbRecovery.ini password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp5.zip/svcst.exe password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp5.zip/sbRecovery.ini password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp6.zip/sbRecovery.reg password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp6.zip/sbRecovery.ini password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp7.zip/sbRecovery.reg password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp7.zip/sbRecovery.ini password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro.zip/sbRecovery.reg password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro.zip/sbRecovery.ini password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro1.zip/sbRecovery.reg password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro1.zip/sbRecovery.ini password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.reg password protected

19/10/2009 18:51:31 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.ini password protected

19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.reg password protected

19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.ini password protected

19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/deSrcAs.dll password protected

19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.ini password protected

19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinTDSSrtk.zip/sbRecovery.reg password protected

19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinTDSSrtk.zip/sbRecovery.ini password protected

19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\XPSecurityCenter.zip/_scui.cpl password protected

19/10/2009 18:51:32 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\XPSecurityCenter.zip/sbRecovery.ini password protected

19/10/2009 19:07:17 File: C:\Documents and Settings\cfantinati\Configurações locais\Temp\~TM678.tmp detected Trojan program 'Backdoor.Win32.Bredolab.ahd'

19/10/2009 19:07:17 File: C:\Documents and Settings\cfantinati\Configurações locais\Temp\~TM678.tmp not disinfected postponed

19/10/2009 19:14:35 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\6XZ7SZGF\_AVE_[1]._d_ password protected

19/10/2009 19:14:35 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\6XZ7SZGF\_AVE_[1]._d_ password protected

19/10/2009 19:14:48 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\7XWKRGMP\_AVE_[1]._d_ password protected

19/10/2009 19:14:48 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\7XWKRGMP\_AVE_[1]._d_ password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0186EA19-A080-4D06-8557-7AAE923A12D7} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{01AC6DA5-30AB-47FD-A709-18E502A54E25} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{038B36C0-2C6C-4CE7-A12C-2FA94DAA807A} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{04E5D7B3-C9C5-4B83-AE18-0B4F6F07CA3D} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0632BBC7-4547-4CFB-A162-783DE1A00362} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{08045D7B-8FEE-4EB5-BFDB-46FF96A86648} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0C665248-2A5D-4F3E-9F4F-DC274C09C727} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0C668C22-B8A4-4BEB-9CC6-08D662575854} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0D17A14A-92BF-404F-B888-480C734CFAD6} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0E7B6756-E4A6-445C-A1EB-21F511E54F2C} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0F74A9E6-422A-4078-92EB-A980DE26AFE7} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0FEFEEFD-FDF2-4A23-9FFF-F6161F1B2180} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{10F06D85-0A6F-4BBA-A79E-DDFA18B74F9E} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1422AF0A-F95F-4CF5-87C4-4A879288EDC9} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{154F7368-0BF4-42A0-BE8A-3A332BF35A70} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{156AF484-09DF-46F2-8799-4076C1934C7C} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{16D0E3F0-324C-4E00-B308-21F323C2B113} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1A733C08-B5CE-45EE-AC2C-EC098BE7BD8D} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1B25C9F4-3D5B-4D17-B4D5-602195A5E98E} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1BF02F00-7BF9-442F-AB7F-A23965783342} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1C7A736E-7B49-4667-9EBD-CE5B7E21E5C9} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1C86EF9A-6F86-49B5-92E1-5BC2C792C3DB} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1F4EF901-8364-4467-921A-95BF191CAC98} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{205AA73F-4028-4137-8BED-D3E051EC0ADF} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{206E3798-B5E6-4A83-B692-03AAB08F5C62} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{206EFBC6-3918-4E67-8A11-9840DF01C7C8} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2172FA60-85BB-4F7B-9E7B-F41392DFA356} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{270B40F9-D1B1-4D49-9C79-5ED78A50829F} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{288EA77F-8D8D-426E-9590-EA239564F060} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{28DF568A-3938-406D-A58D-E07D6847CF8A} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2AC3AC54-88DF-4E17-8953-4FEE343D2B2E} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2B75A01F-C936-4EA5-B0EA-F2BC6199C8DB} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{30AFC96F-168D-4097-B895-3A289C604E88} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{31E9AC62-7317-42B1-B742-7316F02AE578} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{32CC9300-59B0-4B1D-8C34-A2E4FEC96A48} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3577F9BE-7B3A-4809-B9DC-4448F5D186FC} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3988BF78-2290-43C8-A1DF-57AE579E872B} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3B894B58-767B-4485-A826-1F84674113A5} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3B913AC1-4CF7-40CC-9A43-2B29BC3EA6DF} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3E6BD6D0-7714-4E66-B317-D474938B4DF2} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{40F6555F-058E-4967-8122-F95891B083AD} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{453B2BFF-8AD6-4298-AFC7-DA29D4215BD1} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{45656A66-59AD-4BC1-8C39-4C1E34D92DCC} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{45BD2479-903C-4EF9-8334-EEF880E5CE8D} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4685B085-6971-4325-B5A6-2E7062C5C0BC} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4763232E-1929-45F0-B510-1C47BDB9AA51} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4781DE3D-8EF2-4616-AC0F-FBA10EFE6737} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{496B8CE5-9DB6-4253-B541-2FFFBC975C90} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{49EA557A-00A6-4069-B5B4-BA493E96EA6F} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4B570DE5-2603-42B3-99A6-6333C3BC1EF7} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4D08BB20-B13D-4019-B3EC-D09E120FA3B6} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{50087FDB-AA7E-4216-80F6-88E1369192CD} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{50A1E89A-4B65-45AD-8983-BBB155AFA27F} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{515E81EA-0962-47B2-984F-B21D2154F99F} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{53A3C576-5AB9-4B98-8615-34F8C5C8B7F6} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{5EFE2E30-5B6F-471F-B172-82EE2045604B} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{618B0B36-A4D9-4956-B7F9-17BD185E039D} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{625FD414-543B-4037-A624-E11A8B7D3031} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6286DDBE-7D32-4ACD-9002-5A7A6C6FBABF} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{62AC869E-614C-473C-8013-0B89CA949B50} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{63B4E8F6-8999-4714-A2CE-BB4C64FC6A3F} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{65B33AC1-4FA6-45D5-B9AA-C45AE75ECDEC} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{66FAEA38-25F8-4FCF-B6BC-5CC1F0740BC5} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6A374274-6D51-4889-A4B6-9531377B866F} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6B466351-1895-49B9-AE92-FBDBAE4C7ACC} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6C900B6D-8BA8-4432-9430-6B2D35D15917} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{701810CE-1129-4001-B883-F2BD40B70AF8} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{70FF2BAD-AEF2-4770-B67A-791776BB2664} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7824082A-C24E-4C01-B60C-BCC647A2D98F} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{797CDB3E-C397-4D4C-A637-FC6F37E4C3F0} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{79EA7C8E-34EF-4DA2-BA99-A6F02800B801} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7A277B8C-24D4-4643-BFDB-4EB5AA3020F8} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7AEE548F-B6E6-4CD7-8DC6-5D2A4B565222} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7B5BF411-3AB2-46F8-873A-BBFDC0E1A28F} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7EBE576A-F75F-47FE-BBFF-B93AE48912DD} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{84059DBF-B7F3-42EB-BEB3-7236330DAECA} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8441440A-6156-4C9E-8D13-2C20BC8C2359} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{86671AC4-DCC2-430A-BAAA-975A14ACB202} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{882356C6-D041-464F-BC6A-34F2255A864E} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B463B73-9875-4206-AFEA-F042A0EDDDE2} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B6CB2BF-7695-47E8-9AF0-56B2EFCB63A9} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B8DC122-754D-44D5-BA0E-015A401146AA} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8BB6307B-C494-4DCD-A078-25C34D871435} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8D447878-02F2-48A1-97AC-BD2574A0A040} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8FEF3E02-9D85-49E8-A3FD-736C57CB6880} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{9015549E-1DF9-40B5-BA1D-2E3107FB17C7} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{9093B41A-9DC1-472B-8F9F-8052884C5FDD} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{916BAB09-90F0-4B10-A531-BD0646E2F4CE} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{94F97614-4612-4ACE-9780-96BF7F6DE314} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{953695DD-8C2C-4387-B3EB-09E7FA9084FC} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{96844BA6-360E-420C-AC00-28DF6F6DE9A2} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{99E35F3A-A2C9-4262-8236-84F0DD9E7034} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{A2122E95-A4ED-4A0F-8C57-A0D0BA31F0C0} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{A2DDC83D-CA93-4855-8A8A-3526713AC8D8} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{AAD0DD3C-A7A2-403F-B296-59A65D7C9EC7} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B116DE56-CD7C-4E0F-B8C9-3C9A05F6FFAB} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B11AA807-0B24-4E66-9052-8484573703F2} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B2E0A0F1-1E8D-49E4-94D1-0DFB18C2CD05} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B3877683-994D-4AE8-B1EE-C9F1F4D9E054} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B673F967-C5C7-439C-A6C0-80EAACCE4A6E} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B6D9583F-F662-4933-9484-80F31584B2A0} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B80EB9D9-9771-4306-B9EE-68D52B9493B0} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BA208212-68F8-4EDD-8451-BB64C193C7DC} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BB9A28AE-933B-4E11-8840-5A8EF7C759E8} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BC507CFF-1A81-4D79-B7B6-F09F8D6AFA0C} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BC58102D-A87C-4B4D-9CEA-DB383678E176} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BCA75F95-D6A2-41DE-B114-B0A1678A8A3B} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BE4D3C6E-6340-4558-88E3-8AAD07FF1FDE} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BF0D15D1-1014-4465-BB86-25770EFD2DB3} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C3149D85-B035-4DF7-851C-EDBADE6BA6A5} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C3394AEA-0700-428D-9621-05F91761E850} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C5A6B49C-D117-413A-8ECB-327FAC09F4CE} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CBFAA8DB-6B2C-4745-869C-F0BD09E9BE62} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CCBFA2BA-9949-49A1-92B8-5DA28DBE7C8A} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CF1F2925-7826-44F4-B134-10D57BC3FBFB} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D004B0E6-4CFB-4D98-9A52-52FD5072E76A} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D09566A0-33B9-44F9-94DE-59B1C1DB7F54} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D1704AC2-8424-4538-ABB4-30F93CE71BF4} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D1C6AA95-8225-469D-8D8E-B7D909A990DE} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D3EB6FB9-F001-42D0-92F5-C53CEDF54C50} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D4B6AE0F-EE9B-4009-B90A-E926CFC0366D} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{DB1A16FA-FF5D-4597-AC3E-6436811384E6} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{DB437D67-9333-47B9-8D91-7A36E89D9116} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E042D964-6678-4406-BD98-77D6BAFE855D} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E1777072-468C-4401-A1AC-BF7CCBE35B5B} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E4574BEA-ABB6-4D9F-BFAC-8C6CD7781D6A} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E66BAE02-CCF5-4FCF-B80D-F56A76911788} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EAB9F198-76B0-4F75-BC5E-6A1668535B7E} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EBDDD305-543B-4095-B4B7-C5973DD6C3B2} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EC0FFBD1-27E6-4A6D-9CF5-AAEB2A103D8F} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EE517188-C40C-4709-8BB2-AE94727A7C46} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EEB0CFEF-D8B0-429D-A117-925DA6CDEE38} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EFE89D3A-4213-4439-B82A-BCD0513312F8} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F1DB8145-8F21-43D1-9579-A2182D56488C} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F25E1414-CEB0-4746-904F-AF41ECC13607} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F3DA0F37-4280-4DFA-BA8A-9E79F9C6FBF3} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F630F086-B539-4271-BDFB-81A20B387849} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F8A6F521-7CF3-4191-B2E1-01C55B78B347} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FA86CFB6-0DC2-48A5-A6DD-D17BDBF94E4B} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FA9BBCC9-2E23-4B3A-83CB-CEE6F4E5B475} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FD22FCA3-81DC-4B76-885B-DCDF1695A38F} password protected

19/10/2009 19:28:12 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/backup.db password protected

19/10/2009 21:57:52 File: C:\WINDOWS\system32\drivers\agp440.sys detected virus 'Virus.Win32.Protector.c'

19/10/2009 21:57:53 File: C:\WINDOWS\system32\drivers\agp440.sys not disinfected postponed

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip/sbRecovery.reg password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip/svcst.exe password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip/sbRecovery.reg password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp2.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp3.zip/svcst.exe password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp3.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip/sbRecovery.reg password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp5.zip/svcst.exe password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp5.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp6.zip/sbRecovery.reg password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp6.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp7.zip/sbRecovery.reg password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp7.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro.zip/sbRecovery.reg password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro1.zip/sbRecovery.reg password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\FraudAntivirusPro1.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.reg password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.reg password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/deSrcAs.dll password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinTDSSrtk.zip/sbRecovery.reg password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinTDSSrtk.zip/sbRecovery.ini password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\XPSecurityCenter.zip/_scui.cpl password protected

19/10/2009 23:44:48 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\XPSecurityCenter.zip/sbRecovery.ini password protected

20/10/2009 00:00:38 File: C:\Documents and Settings\cfantinati\Configurações locais\Temp\~TM678.tmp detected Trojan program 'Backdoor.Win32.Bredolab.ahd'

20/10/2009 00:00:38 File: C:\Documents and Settings\cfantinati\Configurações locais\Temp\~TM678.tmp not disinfected postponed

20/10/2009 00:07:57 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\6XZ7SZGF\_AVE_[1]._d_ password protected

20/10/2009 00:07:57 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\6XZ7SZGF\_AVE_[1]._d_ password protected

20/10/2009 00:08:10 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\7XWKRGMP\_AVE_[1]._d_ password protected

20/10/2009 00:08:10 File: C:\Documents and Settings\cfantinati\Configurações locais\Temporary Internet Files\Content.IE5\7XWKRGMP\_AVE_[1]._d_ password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0186EA19-A080-4D06-8557-7AAE923A12D7} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{01AC6DA5-30AB-47FD-A709-18E502A54E25} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{038B36C0-2C6C-4CE7-A12C-2FA94DAA807A} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{04E5D7B3-C9C5-4B83-AE18-0B4F6F07CA3D} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0632BBC7-4547-4CFB-A162-783DE1A00362} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{08045D7B-8FEE-4EB5-BFDB-46FF96A86648} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0C665248-2A5D-4F3E-9F4F-DC274C09C727} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0C668C22-B8A4-4BEB-9CC6-08D662575854} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0D17A14A-92BF-404F-B888-480C734CFAD6} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0E7B6756-E4A6-445C-A1EB-21F511E54F2C} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0F74A9E6-422A-4078-92EB-A980DE26AFE7} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{0FEFEEFD-FDF2-4A23-9FFF-F6161F1B2180} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{10F06D85-0A6F-4BBA-A79E-DDFA18B74F9E} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1422AF0A-F95F-4CF5-87C4-4A879288EDC9} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{154F7368-0BF4-42A0-BE8A-3A332BF35A70} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{156AF484-09DF-46F2-8799-4076C1934C7C} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{16D0E3F0-324C-4E00-B308-21F323C2B113} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1A733C08-B5CE-45EE-AC2C-EC098BE7BD8D} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1B25C9F4-3D5B-4D17-B4D5-602195A5E98E} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1BF02F00-7BF9-442F-AB7F-A23965783342} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1C7A736E-7B49-4667-9EBD-CE5B7E21E5C9} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1C86EF9A-6F86-49B5-92E1-5BC2C792C3DB} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{1F4EF901-8364-4467-921A-95BF191CAC98} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{205AA73F-4028-4137-8BED-D3E051EC0ADF} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{206E3798-B5E6-4A83-B692-03AAB08F5C62} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{206EFBC6-3918-4E67-8A11-9840DF01C7C8} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2172FA60-85BB-4F7B-9E7B-F41392DFA356} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{270B40F9-D1B1-4D49-9C79-5ED78A50829F} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{288EA77F-8D8D-426E-9590-EA239564F060} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{28DF568A-3938-406D-A58D-E07D6847CF8A} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2AC3AC54-88DF-4E17-8953-4FEE343D2B2E} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{2B75A01F-C936-4EA5-B0EA-F2BC6199C8DB} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{30AFC96F-168D-4097-B895-3A289C604E88} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{31E9AC62-7317-42B1-B742-7316F02AE578} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{32CC9300-59B0-4B1D-8C34-A2E4FEC96A48} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3577F9BE-7B3A-4809-B9DC-4448F5D186FC} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3988BF78-2290-43C8-A1DF-57AE579E872B} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3B894B58-767B-4485-A826-1F84674113A5} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3B913AC1-4CF7-40CC-9A43-2B29BC3EA6DF} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{3E6BD6D0-7714-4E66-B317-D474938B4DF2} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{40F6555F-058E-4967-8122-F95891B083AD} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{453B2BFF-8AD6-4298-AFC7-DA29D4215BD1} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{45656A66-59AD-4BC1-8C39-4C1E34D92DCC} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{45BD2479-903C-4EF9-8334-EEF880E5CE8D} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4685B085-6971-4325-B5A6-2E7062C5C0BC} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4763232E-1929-45F0-B510-1C47BDB9AA51} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4781DE3D-8EF2-4616-AC0F-FBA10EFE6737} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{496B8CE5-9DB6-4253-B541-2FFFBC975C90} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{49EA557A-00A6-4069-B5B4-BA493E96EA6F} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4B570DE5-2603-42B3-99A6-6333C3BC1EF7} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{4D08BB20-B13D-4019-B3EC-D09E120FA3B6} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{50087FDB-AA7E-4216-80F6-88E1369192CD} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{50A1E89A-4B65-45AD-8983-BBB155AFA27F} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{515E81EA-0962-47B2-984F-B21D2154F99F} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{53A3C576-5AB9-4B98-8615-34F8C5C8B7F6} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{5EFE2E30-5B6F-471F-B172-82EE2045604B} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{618B0B36-A4D9-4956-B7F9-17BD185E039D} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{625FD414-543B-4037-A624-E11A8B7D3031} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6286DDBE-7D32-4ACD-9002-5A7A6C6FBABF} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{62AC869E-614C-473C-8013-0B89CA949B50} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{63B4E8F6-8999-4714-A2CE-BB4C64FC6A3F} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{65B33AC1-4FA6-45D5-B9AA-C45AE75ECDEC} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{66FAEA38-25F8-4FCF-B6BC-5CC1F0740BC5} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6A374274-6D51-4889-A4B6-9531377B866F} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6B466351-1895-49B9-AE92-FBDBAE4C7ACC} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{6C900B6D-8BA8-4432-9430-6B2D35D15917} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{701810CE-1129-4001-B883-F2BD40B70AF8} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{70FF2BAD-AEF2-4770-B67A-791776BB2664} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7824082A-C24E-4C01-B60C-BCC647A2D98F} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{797CDB3E-C397-4D4C-A637-FC6F37E4C3F0} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{79EA7C8E-34EF-4DA2-BA99-A6F02800B801} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7A277B8C-24D4-4643-BFDB-4EB5AA3020F8} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7AEE548F-B6E6-4CD7-8DC6-5D2A4B565222} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7B5BF411-3AB2-46F8-873A-BBFDC0E1A28F} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{7EBE576A-F75F-47FE-BBFF-B93AE48912DD} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{84059DBF-B7F3-42EB-BEB3-7236330DAECA} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8441440A-6156-4C9E-8D13-2C20BC8C2359} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{86671AC4-DCC2-430A-BAAA-975A14ACB202} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{882356C6-D041-464F-BC6A-34F2255A864E} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B463B73-9875-4206-AFEA-F042A0EDDDE2} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B6CB2BF-7695-47E8-9AF0-56B2EFCB63A9} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8B8DC122-754D-44D5-BA0E-015A401146AA} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8BB6307B-C494-4DCD-A078-25C34D871435} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8D447878-02F2-48A1-97AC-BD2574A0A040} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{8FEF3E02-9D85-49E8-A3FD-736C57CB6880} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{9015549E-1DF9-40B5-BA1D-2E3107FB17C7} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{9093B41A-9DC1-472B-8F9F-8052884C5FDD} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{916BAB09-90F0-4B10-A531-BD0646E2F4CE} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{94F97614-4612-4ACE-9780-96BF7F6DE314} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{953695DD-8C2C-4387-B3EB-09E7FA9084FC} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{96844BA6-360E-420C-AC00-28DF6F6DE9A2} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{99E35F3A-A2C9-4262-8236-84F0DD9E7034} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{A2122E95-A4ED-4A0F-8C57-A0D0BA31F0C0} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{A2DDC83D-CA93-4855-8A8A-3526713AC8D8} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{AAD0DD3C-A7A2-403F-B296-59A65D7C9EC7} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B116DE56-CD7C-4E0F-B8C9-3C9A05F6FFAB} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B11AA807-0B24-4E66-9052-8484573703F2} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B2E0A0F1-1E8D-49E4-94D1-0DFB18C2CD05} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B3877683-994D-4AE8-B1EE-C9F1F4D9E054} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B673F967-C5C7-439C-A6C0-80EAACCE4A6E} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B6D9583F-F662-4933-9484-80F31584B2A0} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{B80EB9D9-9771-4306-B9EE-68D52B9493B0} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BA208212-68F8-4EDD-8451-BB64C193C7DC} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BB9A28AE-933B-4E11-8840-5A8EF7C759E8} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BC507CFF-1A81-4D79-B7B6-F09F8D6AFA0C} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BC58102D-A87C-4B4D-9CEA-DB383678E176} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BCA75F95-D6A2-41DE-B114-B0A1678A8A3B} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BE4D3C6E-6340-4558-88E3-8AAD07FF1FDE} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{BF0D15D1-1014-4465-BB86-25770EFD2DB3} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C3149D85-B035-4DF7-851C-EDBADE6BA6A5} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C3394AEA-0700-428D-9621-05F91761E850} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{C5A6B49C-D117-413A-8ECB-327FAC09F4CE} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CBFAA8DB-6B2C-4745-869C-F0BD09E9BE62} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CCBFA2BA-9949-49A1-92B8-5DA28DBE7C8A} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{CF1F2925-7826-44F4-B134-10D57BC3FBFB} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D004B0E6-4CFB-4D98-9A52-52FD5072E76A} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D09566A0-33B9-44F9-94DE-59B1C1DB7F54} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D1704AC2-8424-4538-ABB4-30F93CE71BF4} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D1C6AA95-8225-469D-8D8E-B7D909A990DE} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D3EB6FB9-F001-42D0-92F5-C53CEDF54C50} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{D4B6AE0F-EE9B-4009-B90A-E926CFC0366D} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{DB1A16FA-FF5D-4597-AC3E-6436811384E6} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{DB437D67-9333-47B9-8D91-7A36E89D9116} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E042D964-6678-4406-BD98-77D6BAFE855D} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E1777072-468C-4401-A1AC-BF7CCBE35B5B} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E4574BEA-ABB6-4D9F-BFAC-8C6CD7781D6A} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{E66BAE02-CCF5-4FCF-B80D-F56A76911788} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EAB9F198-76B0-4F75-BC5E-6A1668535B7E} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EBDDD305-543B-4095-B4B7-C5973DD6C3B2} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EC0FFBD1-27E6-4A6D-9CF5-AAEB2A103D8F} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EE517188-C40C-4709-8BB2-AE94727A7C46} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EEB0CFEF-D8B0-429D-A117-925DA6CDEE38} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{EFE89D3A-4213-4439-B82A-BCD0513312F8} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F1DB8145-8F21-43D1-9579-A2182D56488C} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F25E1414-CEB0-4746-904F-AF41ECC13607} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F3DA0F37-4280-4DFA-BA8A-9E79F9C6FBF3} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F630F086-B539-4271-BDFB-81A20B387849} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{F8A6F521-7CF3-4191-B2E1-01C55B78B347} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FA86CFB6-0DC2-48A5-A6DD-D17BDBF94E4B} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FA9BBCC9-2E23-4B3A-83CB-CEE6F4E5B475} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/{FD22FCA3-81DC-4B76-885B-DCDF1695A38F} password protected

20/10/2009 00:21:32 File: C:\Documents and Settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-19-2009 - 13-15-12.SBU/backup.db password protected

20/10/2009 02:51:16 File: C:\WINDOWS\system32\drivers\agp440.sys detected virus 'Virus.Win32.Protector.c'

20/10/2009 02:51:16 File: C:\WINDOWS\system32\drivers\agp440.sys not disinfected postponed

20/10/2009 02:53:45 File: c:\windows\system32\drivers\agp440.sys detected virus 'Virus.Win32.Protector.c'

20/10/2009 09:13:02 File: c:\windows\system32\drivers\agp440.sys disinfected virus 'Virus.Win32.Protector.c'

20/10/2009 09:13:06 File: c:\documents and settings\cfantinati\configurações locais\temp\~tm678.tmp detected Trojan program 'Backdoor.Win32.Bredolab.ahd'

20/10/2009 09:13:54 File: c:\documents and settings\cfantinati\configurações locais\temp\~tm678.tmp deleted

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

E aqui vai o log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:11:27, on 20/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\DkLog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\WINDOWS\system32\eTSrv.exe

C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\dkcktkn.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\eTCrtMng.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe

C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Arquivos de programas\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe

O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [YSearchProtection] "C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe

O4 - HKLM\..\Run: [DkMonitor.exe] C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\Datakey\Crypt32\DkStartup.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [YSearchProtection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [search Protection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\cfantinati\restorer64_a.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-J8NM1.lnk = C:\Documents and Settings\cfantinati\Desktop\Virus Removal Tool\is-J8NM1\startup.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra 'Tools' menuitem: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe

O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe

O23 - Service: Datakey's Virtual Channel Monitor (DkVcm) - Datakey, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 12343 bytes

 

 

Está limpo agora??

 

 

Grata!

Cris

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Um trojan e um backdoor foram eliminados pelo Kaspersky.

__________________________________

 

:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

 

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

 

Files to delete:

C:\WINDOWS\system32\restorer64_a.exe

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

__________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe

 

O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\cfantinati\restorer64_a.exe

__________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo!

 

Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

* Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log do Avenger que estará em C:\avenger.txt e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Antonio, não estou conseguindo desabilitar o AVG antivirus, eu fechei o ícone que aparece ao lado do relógio mas o Combofix continua acusando que o programa de proteção residente está ativo, o que faço? estou com a janela do combofix aguardando um ok para rodar, mesmo com o AVG ativo.

 

 

Cris

Compartilhar este post


Link para o post
Compartilhar em outros sites

Antonio, não estou conseguindo desabilitar o AVG antivirus, eu fechei o ícone que aparece ao lado do relógio mas o Combofix continua acusando que o programa de proteção residente está ativo, o que faço? estou com a janela do combofix aguardando um ok para rodar, mesmo com o AVG ativo.

 

Cris

:seta: Reinicie então o PC em Modo Seguro e execute o Combofix no Modo seguro. Depois poste os logs pedidos.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não foi necessário executar o Combofix em modo seguro, consegui desativar a proteção residente do AVG e rodei o combo em modo normal. Aqui vão os logs solicitados:

 

Combofix:

 

ComboFix 09-10-19.02 - cfantinati 20/10/2009 11:25.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1014.548 [GMT -2:00]

Executando de: c:\documents and settings\cfantinati\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Arquivos comuns\afinojafo.ban

c:\arquivos de programas\Arquivos comuns\uvajyrotuw._sy

c:\arquivos de programas\Arquivos comuns\ylajo.exe

c:\documents and settings\All Users\Dados de aplicativos\akibovo._dl

c:\documents and settings\All Users\Dados de aplicativos\calaxujak.dl

c:\documents and settings\All Users\Dados de aplicativos\kolabota.scr

c:\documents and settings\cfantinati\Configura‡äes locais\Dados de aplicativos\adufuc.bat

c:\documents and settings\cfantinati\Cookies\axicesexa.vbs

c:\documents and settings\cfantinati\Cookies\soxexorut._dl

c:\documents and settings\cfantinati\Cookies\tiponiqed.dat

c:\documents and settings\cfantinati\Dados de aplicativos\facoz.bin

c:\windows\buteh.bat

c:\windows\diwiv.pif

c:\windows\system32\ivuhicafyr._sy

c:\windows\system32\wihomac.exe

c:\windows\unujyhec._sy

c:\windows\uvegoloje.reg

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-20 to 2009-10-20 ))))))))))))))))))))))))))))

.

 

2009-10-20 12:59 . 2009-10-20 12:59 -------- d-----w- c:\arquivos de programas\backups

2009-10-19 18:53 . 2009-10-20 13:34 6271008 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-10-19 18:53 . 2008-07-08 16:54 148496 ----a-w- c:\windows\system32\drivers\01366944.sys

2009-10-19 17:02 . 2009-10-19 17:02 46668096 ----a-w- c:\arquivos de programas\Kaspersky_setup_7.0.0.290_19.10.2009_19-37.exe

2009-10-19 13:51 . 2009-10-19 13:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2009-10-19 13:51 . 2009-10-19 13:51 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2009-10-19 13:51 . 2009-10-19 13:51 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\SUPERAntiSpyware.com

2009-10-19 13:50 . 2009-10-19 13:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-10-19 13:49 . 2009-10-19 13:50 7280672 ----a-w- c:\arquivos de programas\SUPERAntiSpyware.exe

2009-10-19 13:34 . 2009-10-19 13:34 714528 ----a-w- c:\arquivos de programas\JavaSetup6u16.exe

2009-10-16 12:55 . 2009-10-16 12:56 401720 ----a-w- c:\arquivos de programas\HiJackThis.exe

2009-10-14 13:49 . 2009-10-14 13:51 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\HpUpdate

2009-10-13 15:14 . 2009-10-13 15:14 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\Malwarebytes

2009-10-13 15:14 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-13 15:14 . 2009-10-13 15:14 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-10-13 15:14 . 2009-10-13 15:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-10-13 15:14 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-13 15:01 . 2009-10-13 15:01 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\FreeFixer

2009-10-09 18:24 . 2009-10-09 18:29 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\Sonic

2009-10-09 17:17 . 2009-10-09 17:17 547603116 ----a-w- C:\Extreme - Arquivos Compartilhados.zip

2009-10-09 17:08 . 2009-10-09 17:08 97959759 ----a-w- C:\Extreme.zip

2009-10-09 16:26 . 2006-12-05 12:15 1126017 ----a-w- c:\arquivos de programas\wrar361br.exe

2009-10-09 16:25 . 2009-10-08 15:05 16409960 ----a-w- c:\arquivos de programas\spybotsd162.exe

2009-10-09 16:24 . 2006-06-29 13:14 10321592 ----a-w- c:\arquivos de programas\SkypeSetup.exe

2009-10-09 15:50 . 2009-10-19 13:43 -------- d-----w- C:\$AVG8.VAULT$

2009-10-09 15:08 . 2009-10-09 15:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-10-09 15:08 . 2009-10-09 15:45 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-10-09 15:08 . 2009-10-09 15:45 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-10-09 15:08 . 2009-10-09 15:45 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-10-09 15:08 . 2009-10-19 11:14 -------- d-----w- c:\windows\system32\drivers\Avg

2009-10-09 15:08 . 2009-10-09 15:08 -------- d-----w- c:\arquivos de programas\AVG

2009-10-09 15:08 . 2009-10-13 14:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-10-08 15:17 . 2009-10-09 12:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-10-08 15:17 . 2009-10-08 15:22 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-09-25 14:51 . 2009-09-25 14:51 -------- d-----w- c:\arquivos de programas\OneNote Notebooks

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-20 12:56 . 2006-06-29 13:15 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\Skype

2009-10-20 12:53 . 2009-10-19 18:53 40148 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-10-20 12:50 . 2009-10-20 12:50 581 ----a-w- c:\arquivos de programas\Atalho para HiJackThis.exe.lnk

2009-10-20 12:49 . 2009-10-16 12:56 3762 ----a-w- c:\arquivos de programas\hijackthis.log

2009-10-20 11:24 . 2009-04-29 12:17 -------- d-----w- c:\documents and settings\cfantinati\Dados de aplicativos\skypePM

2009-10-20 11:13 . 2004-09-08 17:01 42368 ----a-w- c:\windows\system32\drivers\agp440.sys

2009-10-19 13:41 . 2004-09-08 16:52 63094 ----a-w- c:\windows\system32\perfc016.dat

2009-10-19 13:41 . 2004-09-08 16:52 417530 ----a-w- c:\windows\system32\perfh016.dat

2009-10-19 13:37 . 2006-01-12 23:33 -------- d-----w- c:\arquivos de programas\Java

2009-10-16 15:22 . 2008-03-25 14:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-10-14 13:49 . 2006-01-27 11:52 -------- d-----w- c:\arquivos de programas\HP

2009-10-09 18:18 . 2006-01-20 11:30 -------- d-----w- c:\arquivos de programas\VERITAS Software

2009-10-09 15:02 . 2006-01-19 12:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Network Associates

2009-10-06 12:33 . 2006-01-12 23:34 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-09-25 18:55 . 2008-01-28 14:54 69632 ----a-w- c:\documents and settings\cfantinati\MSJCE.dll

2009-09-25 05:36 . 2004-09-08 16:52 669184 ----a-w- c:\windows\system32\wininet.dll

2009-09-25 05:36 . 2004-09-08 16:52 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-09-11 14:19 . 2004-09-08 16:52 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:04 . 2004-09-08 16:52 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-26 08:01 . 2004-09-08 16:52 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-18 02:33 . 2009-08-18 02:33 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-08-05 09:00 . 2004-09-08 16:52 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 17:27 . 2004-09-08 16:52 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-08-04 17:27 . 2004-08-04 02:40 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-07-31 17:23 . 2009-03-31 14:37 411368 ----a-w- c:\windows\system32\deploytk.dll

2006-12-21 18:26 . 2006-12-21 18:26 3534076 ----a-w- c:\arquivos de programas\eMule0.47c-Installer.exe

2006-03-24 17:54 . 2006-03-24 17:54 712129 ----a-w- c:\arquivos de programas\Gif animator.exe

2006-03-24 17:32 . 2006-03-24 17:32 1607370 ----a-w- c:\arquivos de programas\pf-setup-en.exe

2006-03-09 17:42 . 2006-03-09 17:42 6431945 ----a-w- c:\arquivos de programas\TPNQ_INSTALL.EXE

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2006-10-25 282624]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2009-04-16 24264488]

"updateMgr"="c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]

"YSearchProtection"="c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

"Search Protection"="c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"DVDLauncher"="c:\arquivos de programas\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-01-23 180269]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2006-10-25 282624]

"eTCertManger"="c:\windows\system32\eTCrtMng.exe" [2006-01-25 98304]

"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-30 24576]

"YSearchProtection"="c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

"DkAutoReg.exe"="c:\arquivos de programas\Datakey\Crypt32\DkAutoReg.exe" [2004-12-10 245760]

"DkMonitor.exe"="c:\arquivos de programas\Datakey\Crypt32\DkMonitor.exe" [2004-12-10 32768]

"DkStartup"="c:\arquivos de programas\Datakey\Crypt32\DkStartup.exe" [2004-12-10 217088]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-10-19 2025752]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-31 149280]

"CertificateRegistration"="aetcrss1.exe" - c:\windows\system32\aetcrss1.exe [2005-07-29 28672]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\cfantinati\Menu Iniciar\Programas\Inicializar\

is-J8NM1.lnk - c:\documents and settings\cfantinati\Desktop\Virus Removal Tool\is-J8NM1\startup.exe [2009-10-19 65536]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]

Inicializa‡Æo r pida do HP Image Zone.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

Windows Desktop Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 17:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-10-09 15:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DkWLNP]

2004-12-10 16:58 61440 ----a-w- c:\windows\system32\DkWLNP.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/10/2009 13:08 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/10/2009 13:08 108552]

R1 is-J8NM1drv;is-J8NM1drv;c:\windows\system32\drivers\01366944.sys [19/10/2009 16:53 148496]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [09/10/2009 13:45 297752]

R2 DkVcm;Datakey's Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [10/12/2004 14:58 122880]

R2 PPNT;PPNT;c:\windows\system32\drivers\ppnt.sys [01/12/2003 01:44 13824]

R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [30/10/2007 11:05 11256]

R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [30/10/2007 11:05 16696]

R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408]

S1 CorexCardScan;CardScan USB Scanner;c:\windows\system32\drivers\slcorex.sys [21/05/2003 23:32 8448]

S3 8c382712-4cc3-4f22-9275-60a74a552288;8c382712-4cc3-4f22-9275-60a74a552288;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]

S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [02/02/2007 10:04 34406]

S3 GRCCID;GRCCID;c:\windows\system32\drivers\GrCCID.sys [21/05/2004 20:23 62416]

S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [18/06/2007 15:17 61776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]

c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2006-10-10 19:13]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - c:\arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-msnmsgr - c:\arquivos de programas\MSN Messenger\msnmsgr.exe

HKCU-Run-CardScan AutoSync - (no file)

AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-20 11:33

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(656)

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\DkWLNP.dll

.

Tempo para conclusão: ~,10time:~,-3

ComboFix-quarantined-files.txt 2009-10-20 13:36

 

Pré-execução: 15 pasta(s) 40.753.205.248 bytes disponíveis

Pós execução: 20 pasta(s) 44.174.983.168 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 8D6F2D508ECFD548B85F065F73EE48D1

__________________________________________________________________________________________________________

Avenger:

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: file "C:\WINDOWS\system32\restorer64_a.exe" not found!

Deletion of file "C:\WINDOWS\system32\restorer64_a.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

_________________________________________________________________________________________________________

 

Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:43:44, on 20/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\DkLog.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\dkvcm.exe

C:\WINDOWS\system32\eTCrtMng.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

C:\WINDOWS\system32\eTSrv.exe

C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\dkcktkn.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe

O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [YSearchProtection] "C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe

O4 - HKLM\..\Run: [DkMonitor.exe] C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\Datakey\Crypt32\DkStartup.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [YSearchProtection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [search Protection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-J8NM1.lnk = C:\Documents and Settings\cfantinati\Desktop\Virus Removal Tool\is-J8NM1\startup.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra 'Tools' menuitem: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe

O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe

O23 - Service: Datakey's Virtual Channel Monitor (DkVcm) - Datakey, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 11481 bytes

 

O PC está aparentemente normal.

 

 

 

 

Grata

Cris

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Oi Cris! Vários problemas foram removidos pelo Combofix.

 

:seta: Acesse o site http://virscan.org/ e envie estes arquivos destacados em vermelho abaixo para serem analisados (um de cada vez) e copie o link que aparecerá na barra de endereços do seu navegador assim que cada arquivo for analisado e poste estes dois links em sua próxima resposta:

 

c:\windows\system32\drivers\01366944.sys

c:\documents and settings\cfantinati\MSJCE.dll

Compartilhar este post


Link para o post
Compartilhar em outros sites

O segundo link está certo.

 

Mas o primeiro parece-me que você enviou um arquivo diferente, no link consta que o arquivo enviado foi o 44165954.sys e o certo seria 01366944.sys

 

:seta: Envie por gentileza novamente este arquivo c:\windows\system32\drivers\01366944.sys para análize.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu repeti o processo, enviei o arquivo correto, mas o resultado volta de outro.

 

Durante a pesquisa, aparece a seguinte mensagem:O arquivo 01366944.sys já foi enviado e pesquisado por outro usuário em 20/10/2009, e desde então já houveram 23 atualizações da base de vírus dos softwares.

 

Depois disso, aparece o link que te enviei.

 

O que será?? Estranho...

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Antonio,

 

O scan do Nod32 está rodando, mas pelo visto vai demorar para sempre (em 30 minutos escaneou só 12%). Como vou precisar sair antes do scan terminar e só vou ter acesso ao computador na manhã seguinte, e portanto, só poderia tratar dos resultados amanhã, você vê algum risco de propagação de alguma ameaça se eu deixar o computador on-line durante todo esse tempo? Ou é melhor parar o scan e rodá-lo quando eu estiver presente e puder acompanhar todo o progresso?

 

 

Muito, muito grata!

Cris

Compartilhar este post


Link para o post
Compartilhar em outros sites

Normalmente o scan do Nod32 é mais rápido do que aquele do Kaspersky (o do Nod32 costuma demorar umas duas horas mais ou menos). Tem vezes que ele parece estar parado assim, mas se você olhar aquela luzinha do Hd você pode ver que ela deve estar piscando (o que mostra que o Nod32 está trabalhando e escaneando o Pc).

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, vou esperar então.

 

A propósito, ele já acusou 3 ameaças: win32/bagle.gen.zip worm.

Cara, isso dá um desânimo! Nunca tinha tido tantos problemas com vírus, e de repente parece que vieram todos de uma só vez! Até agora não entendi de onde eles surgiram, já que nunca executei ou abri nenhum arquivo suspeito.

 

Bem, assim que o scan for concluído, posto os logs aqui.

 

 

Obrigada de novo!

Cris

Compartilhar este post


Link para o post
Compartilhar em outros sites

Na mosca Antonio, levou 1h58 minutos!

 

Aqui vai o log do Nod32:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6210

# api_version=3.0.2

# EOSSerial=c1f6f556ee9efb4c92876d8e3e653623

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-10-20 07:48:40

# local_time=2009-10-20 05:48:40 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1028 16777189 100 83 0 42476 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=70251

# found=3

# cleaned=3

# scan_time=6760

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

____________________________________________________________________________________________________________

E do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:55:42, on 20/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\eTCrtMng.exe

C:\WINDOWS\System32\DkLog.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\eTSrv.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\dkcktkn.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Arquivos de programas\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe

O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [YSearchProtection] "C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe

O4 - HKLM\..\Run: [DkMonitor.exe] C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\Datakey\Crypt32\DkStartup.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [YSearchProtection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [search Protection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-J8NM1.lnk = C:\Documents and Settings\cfantinati\Desktop\Virus Removal Tool\is-J8NM1\startup.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra 'Tools' menuitem: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe

O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe

O23 - Service: Datakey's Virtual Channel Monitor (DkVcm) - Datakey, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 12172 bytes

 

 

 

Abs

Cris

Compartilhar este post


Link para o post
Compartilhar em outros sites

Na mosca Antonio, levou 1h58 minutos!

 

Aqui vai o log do Nod32:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6210

# api_version=3.0.2

# EOSSerial=c1f6f556ee9efb4c92876d8e3e653623

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-10-20 07:48:40

# local_time=2009-10-20 05:48:40 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1028 16777189 100 83 0 42476 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=70251

# found=3

# cleaned=3

# scan_time=6760

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

____________________________________________________________________________________________________________

E do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:55:42, on 20/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\eTCrtMng.exe

C:\WINDOWS\System32\DkLog.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\eTSrv.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\dkcktkn.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Arquivos de programas\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe

O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [YSearchProtection] "C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [DkAutoReg.exe] C:\Arquivos de programas\Datakey\Crypt32\DkAutoReg.exe

O4 - HKLM\..\Run: [DkMonitor.exe] C:\Arquivos de programas\Datakey\Crypt32\DkMonitor.exe

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\Datakey\Crypt32\DkStartup.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [YSearchProtection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [search Protection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-J8NM1.lnk = C:\Documents and Settings\cfantinati\Desktop\Virus Removal Tool\is-J8NM1\startup.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra 'Tools' menuitem: SmartLogon - {2E0DB803-2B3E-44C5-8D69-74300D3A73AE} - C:\Arquivos de programas\Datakey\Crypt32\DkSmartLogonExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Datakey's Log Service (DkLogger) - Datakey, Inc. - C:\WINDOWS\System32\DkLog.exe

O23 - Service: Datakey's Token Service (DkTknSrv) - Datakey, Inc. - C:\WINDOWS\System32\dkcktkn.exe

O23 - Service: Datakey's Virtual Channel Monitor (DkVcm) - Datakey, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 12172 bytes

 

 

 

Abs

Cris

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Muito bem, os seus logs estão limpos.

 

Os problemas que o Nod32 encontrou estavam na quarentena do Spybot.

 

Como está o seu PC?

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

Este projeto é mantido e patrocinado pelas empresas:
Hospedado por: