Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Titibas

Bem infectado....analizem log por favor

Recommended Posts

Pessoal, seguinte, vou postar meu log do hijackthis no entanto parece que coisas no hijackthis n vão esclarecer tudo. Fiz um onlinescan no KASPERSKY Online e acusou muitas coisas. Recorri a um outro forum primeiro para ver se resolvia o problema mas pouco foi resolvido. Infelizmente não sou o unico que uso o pc consequentemente há parentes que não o mesmo cuidado que eu logo acaba resultando nisso. N consigo instalar nenhum Antivirus ou antispyware que da erro na instalacao e/ou alguns arquivos sao deletados nos antivirus já existente, caso do AVG e Avast. Não da pra remove-los e instalar de novo pelo adicionar/remover programas também é como se eu tivesse sem saida mesmo para remover os malwares.

Enfim vou postar o log do hijackthis para que por gentileza me ajudem. Estou com o report do KASPERSKY aqui também postarei em seguida se acharem necessário e gostaria de saber de que modo eu posto já que n é possivel anexar esse tipo de arquivo.

Log do hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 21:56:09, on 11/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

D:\Programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

D:\programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Documents and Settings\Particular\Meus documentos\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.lycos.de/app/uploader/FileUploader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • KASPERSKY ONLINE SCANNER REPORT

    Monday, September 11, 2006 9:11:51 PM

    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

    Kaspersky Online Scanner version: 5.0.83.0

    Kaspersky Anti-Virus database last update: 11/09/2006

    Kaspersky Anti-Virus database records: 209544

    Scan Settings

    Scan using the following antivirus database standard

    Scan Archives true

    Scan Mail Bases true

    Scan Target My Computer

    A:\

    C:\

    D:\

    E:\

    F:\

    G:\

    Scan Statistics

    Total number of scanned objects 85123

    Number of viruses found 5

    Number of infected objects 14 / 0

    Number of suspicious objects 0

    Duration of the scan process 01:19:21

    Infected Object Name Virus Name Last Action

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vegeta_elite_fp@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vegeta_elite_fp@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vegeta_elite_fp@hotmail.com\SharingMetadata\Working\database_3CC0_6EC3_C06E_82CE\dfsr.db Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vegeta_elite_fp@hotmail.com\SharingMetadata\Working\database_3CC0_6EC3_C06E_82CE\fsr.log Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vegeta_elite_fp@hotmail.com\SharingMetadata\Working\database_3CC0_6EC3_C06E_82CE\fsrtmp.log Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vegeta_elite_fp@hotmail.com\SharingMetadata\Working\database_3CC0_6EC3_C06E_82CE\tmp.edb Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\vegeta_elite_fp@hotmail.com\real\members.stg Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\vegeta_elite_fp@hotmail.com\shadow\members.stg Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Temp\Perflib_Perfdata_650.dat Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Temp\~DF2BF3.tmp Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Temp\~DFD32A.tmp Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Temp\~DFD4C0.tmp Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Temp\~DFDDEF.tmp Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Temp\~DFDDFC.tmp Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Temporary Internet Files\Content.IE5\05GPM3KL\bind[1].htm Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Temporary Internet Files\Content.IE5\1CCF5XGH\6666[1].jpg Infected: Trojan-Proxy.Win32.Mitglieder.ei skipped

    C:\Documents and Settings\Particular\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Temporary Internet Files\Content.IE5\RZHFRHKS\bind[1].htm Object is locked skipped

    C:\Documents and Settings\Particular\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\m\data.oct Infected: Trojan-Proxy.Win32.Mitglieder.ei skipped

    C:\Documents and Settings\Particular\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Particular\ntuser.dat.LOG Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{8084E5C9-9D6E-4641-9A8B-F25A4434606E}\RP135\A0026856.exe Infected: Trojan-Spy.Win32.Banker.tw skipped

    C:\System Volume Information\_restore{8084E5C9-9D6E-4641-9A8B-F25A4434606E}\RP135\A0031913.exe Infected: Trojan-Spy.Win32.Banker.tw skipped

    C:\System Volume Information\_restore{8084E5C9-9D6E-4641-9A8B-F25A4434606E}\RP138\change.log Object is locked skipped

    C:\System Volume Information\_restore{8084E5C9-9D6E-4641-9A8B-F25A4434606E}\RP81\A0010531.EXE Infected: Trojan.Win32.StartPage.pj skipped

    C:\System Volume Information\_restore{8084E5C9-9D6E-4641-9A8B-F25A4434606E}\RP81\A0010532.exe Infected: Trojan.Win32.Agent.cq skipped

    C:\System Volume Information\_restore{8084E5C9-9D6E-4641-9A8B-F25A4434606E}\RP83\A0011538.exe Infected: Trojan.Win32.Agent.cq skipped

    C:\System Volume Information\_restore{8084E5C9-9D6E-4641-9A8B-F25A4434606E}\RP83\A0011540.EXE Infected: Trojan.Win32.StartPage.pj skipped

    C:\System Volume Information\_restore{8084E5C9-9D6E-4641-9A8B-F25A4434606E}\RP88\A0011724.exe Infected: Trojan.Win32.Agent.cq skipped

    C:\System Volume Information\_restore{8084E5C9-9D6E-4641-9A8B-F25A4434606E}\RP88\A0011817.EXE Infected: Trojan.Win32.StartPage.pj skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

    C:\WINDOWS\system32\drivers\sptd4829.sys Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    D:\Programas\Emule\Incoming\declan's german flashcards 1.0.101 crack\declan's german flashcards 1.0.101 crack.exe Infected: Trojan-Downloader.Win32.Bagle.ay skipped

    D:\Programas\Emule\Incoming\declan's german flashcards 1.0.101 crack.zip/declan's german flashcards 1.0.101 crack.exe Infected: Trojan-Downloader.Win32.Bagle.ay skipped

    D:\Programas\Emule\Incoming\declan's german flashcards 1.0.101 crack.zip ZIP: infected - 1 skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    D:\System Volume Information\_restore{8084E5C9-9D6E-4641-9A8B-F25A4434606E}\RP135\A0031916.exe Infected: Trojan-Downloader.Win32.Bagle.ay skipped

    D:\System Volume Information\_restore{8084E5C9-9D6E-4641-9A8B-F25A4434606E}\RP138\change.log Object is locked skipped

    Scan process completed.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Colerus, agradeço a ajuda desde já ele achou varios spy cookies e botou em quarentena aqui, vou passar o kaspersky online scanner mais uma vea para ver se ainda existem muitos

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Parece que deu uma melhorada mas 1 virus ainda continua, segue log do Kaspersky:

    KASPERSKY ONLINE SCANNER REPORT

    Tuesday, September 12, 2006 4:36:49 PM

    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

    Kaspersky Online Scanner version: 5.0.83.0

    Kaspersky Anti-Virus database last update: 12/09/2006

    Kaspersky Anti-Virus database records: 209745

    Scan Settings

    Scan using the following antivirus database standard

    Scan Archives true

    Scan Mail Bases true

    Scan Target Folders

    C:\

    D:\

    Scan Statistics

    Total number of scanned objects 71784

    Number of viruses found 1

    Number of infected objects 1 / 0

    Number of suspicious objects 0

    Duration of the scan process 01:46:43

    Infected Object Name Virus Name Last Action

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS052548D1-989F-412E-9A76-6D0AD490D446.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS06B4974C-7926-4FCA-BDBB-75CFA9A19C27.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS099163BF-3535-4DA4-A890-760EFC6F69B8.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS0ABCCACC-C3EC-49B8-A69A-CDF35C845B9B.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS0B20E5F8-54AA-4B55-A65E-81B6576780BC.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS0B7FDEC9-03BD-49D2-ADD8-1D0406D266CD.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS0DCBEEB7-F65C-41E3-BFF7-538B773D87BF.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS0E07E372-A738-481E-9B8F-F31E15A7A55E.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS0E59092F-9F59-452A-96B6-C11EB8699415.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS122E09DF-BC8A-49BD-9932-7E4C1B416398.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS13BCBAB0-E6DA-4889-8265-CC62EFAB46C5.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS198DD95F-7658-4909-83B2-22EBE748D5EE.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS1B033AA1-715E-4E3C-A065-E661D5082A61.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS1D49E23C-9CC0-47FE-A1FC-55196B67F2A5.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS2183EE3F-A46A-4A07-923C-1196149C7211.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS22366E76-FCDC-43F0-80AB-C3564C3B66EA.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS23BF89E4-617F-45F2-919B-BCB84623B050.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS288ABC93-17AB-4C34-BDD0-5FDABC529844.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS28D54888-C8BC-48A2-94E6-5B3EA935973B.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS2B49818F-094A-4306-9021-BF7F3973AF7D.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS2BB45025-0D7F-4BD7-8043-B5FAFF46F04C.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS2BC9D894-0A02-4229-A690-EDF35BDE584F.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS2BFAF58B-DD2B-4DF1-B691-AA35B3149B5B.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS2C082A3C-897D-4071-8ED2-46EBDCECC814.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS2C6DE1EB-60DF-482A-97D7-5066EAEF85BD.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS2E8A98E1-8949-4AAE-8A27-F195808FCA6F.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS2F60FF8C-67E4-4F50-A828-5E7014C01B51.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS36ED450B-CE30-4D3B-A28F-F5B143CFD868.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS3C91B4D8-2C23-4A0B-B356-C60DF284EB44.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS3D10BE28-DB5E-4BCB-AD22-B1FCDC2F6EF0.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS405278B3-C2B5-41AF-93AD-437A9CEC1D75.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS41D182CD-F7C7-493F-947E-F03C82D538C4.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS464C4FFB-E973-4C34-AF25-2F3963AFEAAF.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS47E8E6A1-8BCA-4DC3-B610-739FCD3EBECD.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS51D5F12F-E44E-4A2C-A211-F0F95558954F.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS551D348E-0C76-4B6D-AA04-4733EB448552.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS5985975C-65BC-4440-A377-5FCBD9DCBAC0.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS62D9F154-D85F-45B6-8B79-ABB2DB536E72.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS64EF1CC9-5572-46C7-B2F7-73A168F037D8.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS66094DA6-0114-48EF-B0DF-0446EA9C4069.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS673C3D8F-0398-4A76-953F-94705CC2195E.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS6B25D6AD-6495-4F37-9BBB-8CDA4838F966.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS6B40B254-D5E5-4F3F-8569-D3175F8F03C3.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS6EA3ED39-0354-4C58-870D-38D6757D69B3.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS6EEE78B4-E539-4764-9E33-D235885EB8CD.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS7459BE45-75FC-4F50-B171-9FB7F73B0748.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS75B4C7AA-FC09-4688-BDC1-489DF7A0100C.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS76637EBD-35DC-4658-95EB-C38A43C05ACD.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS7F4CCFF8-6D5E-4019-BABA-679DF12B36B7.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS82F1E5A2-9420-4ECF-BA03-70F20F52AFBB.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS834AF43C-5466-4962-9AA3-8775E9D68AFB.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS8538AC44-FACB-4B3F-B622-A989290E64D0.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS862BC7EF-ED6A-41B4-AF05-486B9AB162AA.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS86CCB6B9-97E0-467E-B720-B0CBAF40DE97.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS8A61F09C-243F-4B27-B2A7-B64285FE3106.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS8A776450-9F1C-46CA-B495-E8FCD603574F.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS8AD8D2A4-0F51-4C1E-A483-14BA411BF862.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS8F40BF8A-7DC8-4642-9C87-3D6932FB7E82.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS90FB7100-F236-44C8-9F61-DE5B81CC4991.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS922D9BA0-415D-4BC7-BFF7-E828687DE1CE.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS935496A3-DBB9-4445-9404-8E72EBED4187.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS9D05FC19-AE93-49F9-B059-2E939CB194E4.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCS9FFEFBF4-0007-4425-9DED-49BAF84AEE28.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSA0009706-BDD4-4FA0-945E-3B3ADD50831F.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSA1B64C79-1669-44EF-8D7C-5F3C1BE7735F.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSA4D11A63-827D-4E53-AA05-9CDE8571C8C2.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSA5E2D6D4-6D35-42E5-9048-663BDBE74422.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSA9539A33-E2EF-4028-84E1-E09C53E4CE04.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSA9F2B52A-8948-418D-A40A-8867FE2A3C44.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSAB34DD2E-FAA1-40D2-A916-150693AE2FBE.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSAE1E2A0B-F81A-4B0B-AF8C-2AAD8CB7AFB9.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSAE5DADAF-8EAB-4CB4-A991-788D7629D2CF.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSAE90DB7F-1853-4928-997B-D4614797D6FB.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSAFAC271D-61E3-4742-9AAF-326AE4FB914C.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSB0255D12-F859-4A88-AA0D-85135D89D2AA.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSB1AECDBC-96E0-4CAB-A518-1C0E9548F9D4.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSB23767A0-B498-41D7-A8C2-7771F82C0764.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSB4317133-3F93-4B84-801F-A430A82FD0AC.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSBA543260-9211-404C-B404-965179C01BAF.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSBB78D6CE-6BD9-4D9B-A5AE-294F41FA8729.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSBBB86956-0FC3-477D-81B4-C235C5FEF357.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSBBDB3525-3349-4C75-892C-14AF72471266.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSC0FBCA13-0CB2-44EF-B39A-5E899C11D034.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSC4ED79F8-8576-42CA-8F2E-AB0CBD290A2A.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSC56462F4-FEEB-4FF1-AACB-BCB1A93A9D2C.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSCD4929A9-F075-424A-96ED-5B09918EE750.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSD2DF6B02-FD6E-4885-9063-4CED010DDBDD.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSD6154DBE-FE1E-4E0B-9739-A5669731A330.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSD97F2EB1-05FD-4DF8-A434-CE5A93142A13.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSDAA1B838-2D11-421C-B1FB-81C2738FE00F.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSDF03C0D1-FE4D-4E8E-AE3A-3898FBE742E1.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSE27AE76C-E5D9-44E7-B782-E3A44988F214.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSE3CCDB95-165B-4581-869C-BD3BCBF175CE.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSE440D5F9-0D07-4971-86DF-15D71DF543A5.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSEA4FFBCB-77D2-440C-9923-14327A7E004C.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSECC4B959-1A36-4CFB-A916-CAFB93F47F18.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSEEA08EA5-C694-4228-8C56-02BA08D325FC.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSF236A778-5D4A-42A0-AB2A-DEB937ACF85D.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSF27F5076-C586-497E-81C7-C0169499DC9B.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSF47003E3-DE1B-4EE7-A907-F9F9902F80CB.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSF4A9ED08-4385-45E1-A8CB-202A4BE78066.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSF6445FA3-4DD4-4F35-B544-220AC7F65BA8.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSF71E3191-E47D-4876-8C67-8C9E93D5105A.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSF900AAE5-BA07-4A18-85DD-1FA338660027.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSFA48DAE6-3E7B-4004-ABC1-AB3F359BB725.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSFB8BA5BA-AA46-4EF8-9FA9-A619E6E6A2B6.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSFB972268-A34F-47AC-AF68-FB882EDD67CA.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSFCA25309-848F-4D3A-9E34-FE458C83A66F.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot\Spy Sweeper\Temp\SSCSFE2A4F25-20AB-4118-A3C4-7290986A9540.tmp Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Histórico\History.IE5\MSHist012006091220060913\index.dat Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Temp\Perflib_Perfdata_650.dat Object is locked skipped

    C:\Documents and Settings\Particular\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Particular\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\m\data.oct Infected: Trojan-Proxy.Win32.Mitglieder.ei skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\call256.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\callmember256.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\chat256.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\chat512.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\chatmsg256.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\chatmsg512.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\contactgroup256.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\index2.dat Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\profile256.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\transfer256.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\transfer512.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\user1024.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\user16384.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\user256.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Skype\sv_titibas\voicemail256.dbb Object is locked skipped

    C:\Documents and Settings\Particular\Dados de aplicativos\Webroot\Spy Sweeper\Logs\060912142336.ses Object is locked skipped

    C:\Documents and Settings\Particular\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Particular\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\Particular\UserData\index.dat Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

    C:\WINDOWS\system32\drivers\sptd4829.sys Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    D:\Programas\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

    D:\Programas\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked skipped

    D:\Programas\Webroot\Spy Sweeper\Masters.base Object is locked skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bom, passei o spy sweeper e ele removeu alguns spywares, no entanto existiam 2 virus que o symantec online check achou e ainda estou procurando a solução para ambos já que insistem em permanecer no computador, link do resultado do symantec: virusesuo4.jpg

    Caso haja ferramentas de remocao especificas pra estes, faço por gentileza os links.

    Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    SVegetto, envie os arquivos abaixo para uma análise completa dos Avs.

    - Vá até o site abaixo:

    http://www.virustotal.com/en/indexf.html

    - Em "Select file", clique em "Arquivo" para localizá-los (um de cada vez) e em seguida em "Send".

    moo.dll

    data.oct

    Aguarde até sair o resultado, copie a(s) lista(s) do(s) resultado(s) separadamente e cole-o(s) na sequência...

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • STATUS: FINISHED

    Complete scanning result of "data.oct", received in VirusTotal at 09.13.2006, 23:13:53 (CET).

    Antivirus Version Update Result

    AntiVir 7.2.0.16 09.13.2006 TR/Bagle.DP

    Authentium 4.93.8 09.13.2006 W32/Downloader.AGKP

    Avast 4.7.844.0 09.13.2006 no virus found

    AVG 386 09.13.2006 no virus found

    BitDefender 7.2 09.13.2006 no virus found

    CAT-QuickHeal 8.00 09.13.2006 (Suspicious) - DNAScan

    ClamAV devel-20060426 09.13.2006 no virus found

    eTrust-InoculateIT 23.72.123 09.13.2006 no virus found

    eTrust-Vet 30.3.3076 09.13.2006 no virus found

    DrWeb 4.33 09.13.2006 no virus found

    Ewido 4.0 09.13.2006 no virus found

    Fortinet 2.82.0.0 09.13.2006 no virus found

    F-Prot 3.16f 09.13.2006 no virus found

    F-Prot4 4.2.1.29 09.13.2006 no virus found

    Ikarus 0.2.65.0 09.13.2006 Backdoor.Win32.Rbot.awg

    Kaspersky 4.0.2.24 09.13.2006 Trojan-Proxy.Win32.Mitglieder.ei

    McAfee 4851 09.13.2006 no virus found

    Microsoft 1.1560 09.13.2006 no virus found

    NOD32v2 1.1754 09.13.2006 no virus found

    Norman 5.80.02 09.13.2006 no virus found

    Panda 9.0.0.4 09.13.2006 Suspicious file

    Sophos 4.09.0 09.13.2006 no virus found

    Symantec 8.0 09.13.2006 no virus found

    TheHacker 5.9.8.210 09.13.2006 no virus found

    UNA 1.83 09.13.2006 no virus found

    VBA32 3.11.1 09.13.2006 no virus found

    VirusBuster 4.3.7:9 09.13.2006 no virus found

    Aditional Information

    File size: 153600 bytes

    MD5: 43d4c7031f46f3a0b8ad88994973bf88

    SHA1: 5ca604cd261fb01f50415a6751b45ffc819d288b

    packers: Aspack

    o moo.dll n esta mais na pasta eu deletei ele com o killbox e ele n voltou, já o data.oct voltou. De todo modo segue ai a relação

    No entanto... reiniciei o pc e vi um novo arquivo flec006.exe e já fiz o mesmo com ele, segue o log:

    STATUS: FINISHEDComplete scanning result of "flec006.exe", received in VirusTotal at 09.14.2006, 01:06:49 (CET).

    Antivirus Version Update Result

    AntiVir 7.2.0.16 09.13.2006 HEUR/Crypted

    Authentium 4.93.8 09.13.2006 no virus found

    Avast 4.7.844.0 09.13.2006 no virus found

    AVG 386 09.13.2006 no virus found

    BitDefender 7.2 09.13.2006 no virus found

    CAT-QuickHeal 8.00 09.13.2006 (Suspicious) - DNAScan

    ClamAV devel-20060426 09.13.2006 no virus found

    DrWeb 4.33 09.13.2006 Trojan.BeagleProxy

    eTrust-InoculateIT 23.72.124 09.14.2006 Win32/Lumebag.J!Trojan

    eTrust-Vet 30.3.3076 09.13.2006 Win32/Lumebag.J

    Ewido 4.0 09.13.2006 no virus found

    Fortinet 2.82.0.0 09.13.2006 no virus found

    F-Prot 3.16f 09.13.2006 no virus found

    F-Prot4 4.2.1.29 09.13.2006 no virus found

    Ikarus 0.2.65.0 09.13.2006 Backdoor.Win32.Rbot.awg

    Kaspersky 4.0.2.24 09.14.2006 no virus found

    McAfee 4851 09.13.2006 no virus found

    Microsoft 1.1560 09.14.2006 no virus found

    NOD32v2 1.1755 09.13.2006 no virus found

    Norman 5.90.23 09.13.2006 no virus found

    Panda 9.0.0.4 09.13.2006 Suspicious file

    Sophos 4.09.0 09.14.2006 no virus found

    Symantec 8.0 09.14.2006 no virus found

    TheHacker 5.9.8.210 09.13.2006 no virus found

    UNA 1.83 09.13.2006 no virus found

    VBA32 3.11.1 09.13.2006 no virus found

    VirusBuster 4.3.7:9 09.13.2006 no virus found

    Aditional Information

    File size: 165892 bytes

    MD5: bf8ad2a9b5ee24ea83a251740a12e4b0

    SHA1: f49b07d32da95ea9e092b511d29b8fd4cf1b1166

    packers: Aspack

    E finalmente Novo log do hijackthis:

    Logfile of HijackThis v1.99.1

    Scan saved at 19:53:03, on 13/9/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    D:\Programas\DAEMON Tools\daemon.exe

    C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    D:\programas\PowerISO\PWRISOVM.EXE

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    D:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\Documents and Settings\Particular\Dados de aplicativos\m\flec006.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    D:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\WINDOWS\system32\taskmgr.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    D:\Programas\Webroot\Spy Sweeper\SSU.EXE

    C:\Documents and Settings\Particular\Meus documentos\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O4 - HKLM\..\Run: [smapp] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\programas\PowerISO\PWRISOVM.EXE

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [spySweeper] "D:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.lycos.de/app/uploader/FileUploader.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    SVegetto, o que tem dentro desta pasta? Ela pode ser apagada? Se sim, faça os procedimentos abaixo:

    C:\Documents and Settings\Particular\Dados de aplicativos\m\

    - Baixe o SPYBOT para reforçar a segurança fazendo a instalação, atualização, imunização (rode-o e clique em imunizar) e, logo abaixo (na mesma tela do programa), a proteção do Navegador.

    - Faça o Windows exibir todos os arquivos em: Opções de Pasta // Selecione a aba Modo de exibição // Agora, selecione Mostrar pastas e arquivos ocultos // Desmarque a caixa Ocultar arquivos protegidos do sistema operacional (recomendado) // Confirme: OK

    @- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    @- Localize e delete a pasta abaixo em negrito:

    C:\Documents and Settings\Particular\Dados de aplicativos\m\

    --|--

    @- Clique em Iniciar // Executar // digite: Regedit // OK

    Localize a chave abaixo:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    No painel da direita, se encontrar o valor abaixo, delete:

    "mule_st_key" =

    Agora, localize a chave abaixo (MuleAppData1) e delete-a:

    HKEY_CURRENT_USER\Software\MuleAppData1

    - confirme e saia do regedit...

    --|--

    @- Clique em Iniciar // Executar // Digite: Cleanmgr.exe

    (Disco C:) // Em Limpeza de disco, deixe todas as opções marcadas e Clique em OK.

    - Reincie em modo normal e veja se os problemas foram solucionados.

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bom corujo, É impossivel instalar o Spybot ou qualquer outra ferramenta de remocao de spywares ou antivirus, parece que Alguma coisa sempre impede da instalacao terminar, e quando termina logo em segue os exe sao deletados, algo maligno ta fazendo isso eu creio.

    No registro HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, n achei o valor "mule_st_key" =

    E o registro HKEY_CURRENT_USER\Software\MuleAppData1

    não existe aqui, mas existe o MuleAppData sem o 1

    Não sei se da na mesma mas por precaução n fiz nada.

    N consigo deletar a pasta M manualmente nem com o killbox consigo deletar o Flec006.exe e ele não aparece nos processos do hijackthis também pra eu dar um fixchecked, no entanto sempre da aquele erro de que o processo ainda esta rodando quando vou tentar deletar, não sei o que posso fazer x_x

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    SVegetto,

    @- Faça o download dos programas relacionados abaixo, mas não execute nenhum ainda.

    - Copie as instruções para o bloco de notas ou imprima!

    - Execute a Ferramenta Silent - Aguarde..., e reserve o log.

    - Feche todas as janelas abertas e execute o Hijack. Clique em Open the Misc Tools section. Em Generate StartupList log, marque as duas opções e clique no botão: "Generate StartupList log". Aguarde...

    @- Post os log do StartupList log, do Silent e cole-os na sequência.

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ok segue Log do silent e do hijackthis:

    Silent:

    "Silent Runners.vbs", revision 48, http://www.silentrunners.org/

    Operating System: Windows XP SP2

    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:

    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "MsnMsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]

    "Skype" = ""C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "Smapp" = ""C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe"" ["Analog Devices, Inc."]

    "DAEMON Tools" = ""D:\Programas\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

    "SunJavaUpdateSched" = ""C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]

    "NvCplDaemon" = ""RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

    "nwiz" = ""nwiz.exe" /install" ["NVIDIA Corporation"]

    "NvMediaCenter" = ""RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

    "PWRISOVM.EXE" = "D:\programas\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]

    "TkBellExe" = ""C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

    "KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [MS]

    "SpySweeper" = ""D:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray" ["Webroot Software, Inc."]

    HKLM\Software\Microsoft\Active Setup\Installed Components\

    >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"

    \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

    \InProcServer32\(Default) = "D:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "SSVHelper Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

    {C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = "G-Buster Browser Defense"

    -> {HKLM...CLSID} = "GbIehObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

    -> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

    \InProcServer32\(Default) = "deskpan.dll" [file not found]

    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

    -> {HKLM...CLSID} = "Microsoft Office Outlook"

    \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

    -> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"

    \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

    -> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

    \InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

    -> {HKLM...CLSID} = "GbPluginObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

    -> {HKLM...CLSID} = "Shell Search Band"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\Programas\WinRAR\rarext.dll" [null data]

    "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

    -> {HKLM...CLSID} = "DesktopContext Class"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

    -> {HKLM...CLSID} = "NVIDIA CPL Extension"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

    -> {HKLM...CLSID} = "Desktop Explorer"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

    -> {HKLM...CLSID} = "nView Desktop Context Menu"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

    -> {HKLM...CLSID} = "Portable Media Devices"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

    "{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices"

    -> {HKLM...CLSID} = "Portable Devices"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]

    "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu"

    -> {HKLM...CLSID} = "Portable Devices Menu"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]

    "{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"

    -> {HKLM...CLSID} = "Haali Column Provider"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]

    "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "My Phones"

    -> {HKLM...CLSID} = "My Phones"

    \InProcServer32\(Default) = "D:\Programas\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]

    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

    \InProcServer32\(Default) = "D:\programas\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

    -> {HKLM...CLSID} = "avast"

    \InProcServer32\(Default) = "D:\programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

    \InProcServer32\(Default) = "D:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    INFECTION WARNING! "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

    -> {HKLM...CLSID} = "GbPluginObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    -> {HKLM...CLSID} = "WPDShServiceObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

    INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

    HKLM\Software\Classes\PROTOCOLS\Filter\

    INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

    {0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"

    -> {HKLM...CLSID} = "Haali Column Provider"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

    -> {HKLM...CLSID} = "PDF Shell Extension"

    \InProcServer32\(Default) = "D:\Programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

    -> {HKLM...CLSID} = "avast"

    \InProcServer32\(Default) = "D:\programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\Programas\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\Programas\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

    -> {HKLM...CLSID} = "avast"

    \InProcServer32\(Default) = "D:\programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

    -> {HKLM...CLSID} = "PowerISO"

    \InProcServer32\(Default) = "D:\programas\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

    \InProcServer32\(Default) = "D:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "D:\Programas\WinRAR\rarext.dll" [null data]

    Active Desktop and Wallpaper:

    -----------------------------

    Active Desktop is disabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\

    "Wallpaper" = "C:\Documents and Settings\Particular\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

    Startup items in "Particular" & "All Users" startup folders:

    ------------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

    "Adobe Reader Speed Launch" -> shortcut to: "D:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

    Winsock2 Service Provider DLLs:

    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:

    ------------------------------------

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

    "MenuText" = "Sun Java Console"

    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"

    -> {HKCU...CLSID} = "Java Plug-in"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

    -> {HKLM...CLSID} = "Java Plug-in 1.5.0_07"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."]

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\

    "ButtonText" = "Pesquisar"

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\

    "ButtonText" = "Messenger"

    "MenuText" = "Windows Messenger"

    "Exec" = "C:\Arquivos de programas\Messenger\msmsgs.exe" [MS]

    Miscellaneous IE Hijack Points

    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):

    (unwritable string)

    Missing lines (compared with English-language version):

    [Version]: 2 lines

    [RestoreHomePage]: 1 line

    [RestoreHomePage.reg]: 1 line

    [RestoreBrowserSettings.reg]: 12 lines

    [DeleteTemplates.reg]: 5 lines

    [DeleteAutosearch.reg]: 1 line

    [strings]: 1 line

    [RestoreBrowserSettings]: 2 lines

    [strings]: 3 lines

    Running Services (Display Name, Service Name, Path {Service DLL}):

    ------------------------------------------------------------------

    LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]

    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

    Serviço Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Arquivos de programas\MSN Messenger\usnsvc.dll" [MS]}

    SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

    Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""D:\Programas\Webroot\Spy Sweeper\SpySweeper.exe"" ["Webroot Software, Inc."]

    Print Monitors:

    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\

    Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]

    ----------

    + This report excludes default entries except where indicated.

    + To see *everywhere* the script checks and *everything* it finds,

    launch it from a command prompt or a shortcut with the -all parameter.

    + To search all directories of local fixed drives for DESKTOP.INI

    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

    use the -supp parameter or answer "No" at the first message box.

    ---------- (total run time: 41 seconds, including 16 seconds for message boxes)

    Startup Log do Hijackthis:

    StartupList report, 14/9/2006, 18:28:12

    StartupList version: 1.52.2

    Started from : C:\Documents and Settings\Particular\Meus documentos\hijackthis\HijackThis.EXE

    Detected: Windows XP SP2 (WinNT 5.01.2600)

    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    * Using default options

    * Including empty and uninteresting sections

    * Showing rarely important sections

    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    D:\Programas\DAEMON Tools\daemon.exe

    C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    D:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    D:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Documents and Settings\Particular\Meus documentos\hijackthis\HijackThis.exe

    D:\Programas\Webroot\Spy Sweeper\SSU.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:

    [C:\Documents and Settings\Particular\Menu Iniciar\Programas\Inicializar]

    *No files*

    Shell folders AltStartup:

    *Folder not found*

    User shell folders Startup:

    *Folder not found*

    User shell folders AltStartup:

    *Folder not found*

    Shell folders Common Startup:

    [C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar]

    Adobe Reader Speed Launch.lnk = D:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    Shell folders Common AltStartup:

    *Folder not found*

    User shell folders Common Startup:

    *Folder not found*

    User shell folders Alternate Common Startup:

    *Folder not found*

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Smapp = "C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe"

    DAEMON Tools = "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033

    SunJavaUpdateSched = "C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe"

    NvCplDaemon = "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

    nwiz = "nwiz.exe" /install

    NvMediaCenter = "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    PWRISOVM.EXE = D:\programas\PowerISO\PWRISOVM.EXE

    TkBellExe = "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    KernelFaultCheck = %systemroot%\system32\dumprep 0 -k

    SpySweeper = "D:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

    --------------------------------------------------

    Autorun entries from Registry:

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MsnMsgr = "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    Skype = "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    --------------------------------------------------

    Autorun entries from Registry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:

    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]

    *No values found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:

    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    File association entry for .EXE:

    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .COM:

    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .BAT:

    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .PIF:

    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .SCR:

    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    --------------------------------------------------

    File association entry for .HTA:

    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

    --------------------------------------------------

    File association entry for .TXT:

    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    --------------------------------------------------

    Enumerating Active Setup stub paths:

    HKLM\Software\Microsoft\Active Setup\Installed Components

    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *

    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *

    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *

    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *

    StubPath = %SystemRoot%\system32\ie4uinit.exe

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:

    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*

    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

    HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*

    SCRNSAVE.EXE=*INI section not found*

    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe

    SCRNSAVE.EXE=*Registry value not found*

    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*

    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present

    C:\WINDOWS\Explorer\Explorer.exe: not present

    C:\WINDOWS\System\Explorer.exe: not present

    C:\WINDOWS\System32\Explorer.exe: not present

    C:\WINDOWS\Command\Explorer.exe: not present

    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)

    .pif: HIDDEN! (arrow overlay: yes)

    .exe: not hidden

    .com: not hidden

    .bat: not hidden

    .hta: not hidden

    .scr: not hidden

    .shs: HIDDEN!

    .shb: HIDDEN!

    .vbs: not hidden

    .vbe: not hidden

    .wsh: not hidden

    .scf: HIDDEN! (arrow overlay: NO!)

    .url: HIDDEN! (arrow overlay: yes)

    .js: not hidden

    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS

    - .reg open command is normal (regedit.exe %1)

    - Company name OK: 'Microsoft Corporation'

    - Original filename OK: 'REGEDIT.EXE'

    - File description: 'Editor do Registro'

    Registry check passed

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - D:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    (no name) - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

    G-Buster Browser Defense - C:\WINDOWS\Downloaded Program Files\gbieh.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540000}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    *No jobs found*

    --------------------------------------------------

    Enumerating Download Program Files:

    [CKAVWebScan Object]

    InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll

    CODEBASE = http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    [symantec AntiVirus scanner]

    InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll

    CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    [Office Update Installation Engine]

    InProcServer32 = C:\WINDOWS\opuc.dll

    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

    [symantec RuFSI Utility Class]

    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll

    CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    [Java Plug-in]

    InProcServer32 = C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

    [Lycos File Upload Component]

    InProcServer32 = C:\WINDOWS\Downloaded Program Files\FileUploader.dll

    CODEBASE = http://f006.mail.lycos.de/app/uploader/FileUploader.cab

    [Java Plug-in]

    InProcServer32 = C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

    [Java Plug-in 1.5.0_07]

    InProcServer32 = C:\Arquivos de programas\Java\jre1.5.0_07\bin\npjpi150_07.dll

    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

    [shockwave Flash Object]

    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx

    CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

    [GbpDistObj Class]

    InProcServer32 = C:\WINDOWS\Downloaded Program Files\gbpdist.dll

    CODEBASE = https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    [GbPluginObj Class]

    InProcServer32 = C:\WINDOWS\Downloaded Program Files\gbieh.dll

    CODEBASE = https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll

    NameSpace #2: C:\WINDOWS\System32\winrnr.dll

    NameSpace #3: C:\WINDOWS\System32\mswsock.dll

    Protocol #1: C:\WINDOWS\system32\mswsock.dll

    Protocol #2: C:\WINDOWS\system32\mswsock.dll

    Protocol #3: C:\WINDOWS\system32\mswsock.dll

    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

    Protocol #6: C:\WINDOWS\system32\mswsock.dll

    Protocol #7: C:\WINDOWS\system32\mswsock.dll

    Protocol #8: C:\WINDOWS\system32\mswsock.dll

    Protocol #9: C:\WINDOWS\system32\mswsock.dll

    Protocol #10: C:\WINDOWS\system32\mswsock.dll

    Protocol #11: C:\WINDOWS\system32\mswsock.dll

    Protocol #12: C:\WINDOWS\system32\mswsock.dll

    Protocol #13: C:\WINDOWS\system32\mswsock.dll

    Protocol #14: C:\WINDOWS\system32\mswsock.dll

    Protocol #15: C:\WINDOWS\system32\mswsock.dll

    Protocol #16: C:\WINDOWS\system32\mswsock.dll

    Protocol #17: C:\WINDOWS\system32\mswsock.dll

    --------------------------------------------------

    Enumerating Windows NT/2000/XP services

    Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

    aeaudio: system32\drivers\aeaudio.sys (manual start)

    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

    AFD: \SystemRoot\System32\drivers\afd.sys (system)

    Alerta: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

    Serviço 'Gateway de camada de aplicativo': %SystemRoot%\System32\alg.exe (manual start)

    AliIde: system32\DRIVERS\aliide.sys (system)

    Gerenciamento de aplicativo: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

    avast! iAVS4 Control Service: "D:\programas\Alwil Software\Avast4\aswUpdSv.exe" (disabled)

    Driver de mídia assíncrona RAS: system32\DRIVERS\asyncmac.sys (manual start)

    Controlador de disco rígido padrão IDE/ESDI: system32\DRIVERS\atapi.sys (system)

    Protocolo de cliente ATM ARP: system32\DRIVERS\atmarpc.sys (manual start)

    Áudio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

    Driver de fragmento de código de áudio: system32\DRIVERS\audstub.sys (manual start)

    avast! Antivirus: "D:\programas\Alwil Software\Avast4\ashServ.exe" (disabled)

    avast! Mail Scanner: "D:\programas\Alwil Software\Avast4\ashMaiSv.exe" /service (disabled)

    avast! Web Scanner: "D:\programas\Alwil Software\Avast4\ashWebSv.exe" /service (disabled)

    Serviço de transferência inteligente de plano de fundo: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

    Localizador de computadores: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

    ICatch (VI) PC Camera: System32\Drivers\SPCA561.SYS (manual start)

    Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)

    Driver de CD-ROM: system32\DRIVERS\cdrom.sys (system)

    Serviço de indexação: %SystemRoot%\system32\cisvc.exe (manual start)

    Área de armazenamento: %SystemRoot%\system32\clipsrv.exe (disabled)

    Aplicativo de sistema COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

    CO_Mon: \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys (manual start)

    Serviços de criptografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

    Inicializador de Processo de Servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

    Cliente DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

    Driver de disco: system32\DRIVERS\disk.sys (system)

    Serviço administrativo do gerenciador de disco lógico: %SystemRoot%\System32\dmadmin.exe /com (manual start)

    dmboot: System32\drivers\dmboot.sys (disabled)

    Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

    dmload: System32\drivers\dmload.sys (system)

    Gerenciador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

    Cliente DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

    dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start)

    EagleNT: \??\C:\WINDOWS\system32\drivers\EagleNT.sys (manual start)

    Symantec Eraser Control driver: \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\eeCtrl.sys (system)

    Erro ao informar o serviço: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

    Log de eventos: %SystemRoot%\system32\services.exe (autostart)

    Sistema de eventos COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

    Compatibilidade com 'Troca rápida de usuário': %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

    Driver de controlador de disquete: system32\DRIVERS\fdc.sys (manual start)

    Driver de disquete: system32\DRIVERS\flpydisk.sys (manual start)

    FltMgr: system32\DRIVERS\fltMgr.sys (system)

    Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

    Classificador genérico de pacotes: system32\DRIVERS\msgpc.sys (manual start)

    Hamachi Network Interface: system32\DRIVERS\hamachi.sys (manual start)

    Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

    Acesso a dispositivo de interface humana: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

    Driver de classe HID da Microsoft: system32\DRIVERS\hidusb.sys (manual start)

    HTTP: System32\Drivers\HTTP.sys (manual start)

    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

    Teclado i8042 e driver de porta de mouse PS/2: system32\DRIVERS\i8042prt.sys (system)

    Driver de filtro de criação de CDs: system32\DRIVERS\imapi.sys (system)

    IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)

    Driver de IPv6 do Firewall do Windows: system32\DRIVERS\Ip6Fw.sys (disabled)

    Driver de filtro de tráfego IP: system32\DRIVERS\ipfltdrv.sys (manual start)

    Driver de encapsulamento IP em IP: system32\DRIVERS\ipinip.sys (manual start)

    Conversor de endereços de rede IP: system32\DRIVERS\ipnat.sys (manual start)

    Driver IPSEC: system32\DRIVERS\ipsec.sys (system)

    Serviço enumerador IR: system32\DRIVERS\irenum.sys (manual start)

    PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

    Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)

    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

    Servidor: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

    Estação de trabalho: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

    LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)

    Auxiliar NetBIOS TCP/IP: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

    m5289: system32\drivers\m5289.sys (system)

    Mensageiro: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

    Compartilhamento remoto da área de trabalho do NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

    Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)

    Redirecionador do cliente WebDav: system32\DRIVERS\mrxdav.sys (manual start)

    MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

    Coordenador de transações distribuídas: C:\WINDOWS\system32\msdtc.exe (manual start)

    Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

    Proxy de serviço de fluxo contínuo Microsoft: system32\drivers\MSKSSRV.sys (manual start)

    Proxy do relógio de fluxo contínuo Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

    Proxy de gerenciador de qualidade de fluxo contínuo Microsoft: system32\drivers\MSPQM.sys (manual start)

    Driver de BIOS de Gerenciamento de Sistema Microsoft: system32\DRIVERS\mssmbios.sys (manual start)

    Conversor em T entre locais de fluxo contínuo Microsoft: system32\drivers\MSTEE.sys (manual start)

    Empty: \??\C:\Documents and Settings\Particular\Dados de aplicativos\hidires\m_hook.sys (manual start)

    NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)

    Conexão de TV e vídeo da Microsoft: system32\DRIVERS\NdisIP.sys (manual start)

    Driver TAPI NDIS de acesso remoto: system32\DRIVERS\ndistapi.sys (manual start)

    Protocolo de modo de usuário E/S em dispositivos NDIS: system32\DRIVERS\ndisuio.sys (disabled)

    Driver de rede remota NDIS de acesso remoto: system32\DRIVERS\ndiswan.sys (manual start)

    Interface NetBIOS: system32\DRIVERS\netbios.sys (system)

    NetBios em Tcpip: system32\DRIVERS\netbt.sys (system)

    DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

    DSDM de DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

    Logon de rede: %SystemRoot%\system32\lsass.exe (manual start)

    Conexões de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

    Reconhecimento de local da rede (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

    npkcrypt: \??\D:\Jogos\Ragnarok Online\Ethereal-RO\npkcrypt.sys (manual start)

    Fornecedor de suporte de segurança NT LM: %SystemRoot%\system32\lsass.exe (manual start)

    Armazenamento removível: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

    nv: system32\DRIVERS\nv4_mini.sys (manual start)

    NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)

    Driver de filtro de tráfego IPX: system32\DRIVERS\nwlnkflt.sys (manual start)

    Driver encaminhador de tráfego IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)

    Office Source Engine: "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE" (manual start)

    Parallel port driver: system32\DRIVERS\parport.sys (manual start)

    PCI Bus Driver: system32\DRIVERS\pci.sys (system)

    Plug and Play: %SystemRoot%\system32\services.exe (autostart)

    Serviços IPSEC: %SystemRoot%\system32\lsass.exe (autostart)

    Miniporta de rede remota (PPTP): system32\DRIVERS\raspptp.sys (manual start)

    Driver de processador: system32\DRIVERS\processr.sys (system)

    Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart)

    Agendador de pacotes QoS: system32\DRIVERS\psched.sys (manual start)

    Driver de link paralelo direto: system32\DRIVERS\ptilink.sys (manual start)

    PxHelp20: System32\Drivers\PxHelp20.sys (system)

    Driver de conexão automática de acesso remoto: system32\DRIVERS\rasacd.sys (system)

    Gerenciador de conexão de acesso remoto automático: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

    Miniporta de rede remota (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

    Gerenciador de conexão de acesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

    Driver PPPOE de acesso remoto: system32\DRIVERS\raspppoe.sys (manual start)

    Paralelo direto: system32\DRIVERS\raspti.sys (manual start)

    Rdbss: system32\DRIVERS\rdbss.sys (system)

    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

    Driver redirecionador de dispositivos doTerminal Server: system32\DRIVERS\rdpdr.sys (manual start)

    Gerenciador de sessão de ajuda de área de trabalho remota: C:\WINDOWS\system32\sessmgr.exe (manual start)

    Driver de filtro de reprodução de áudio digital de CD: system32\DRIVERS\redbook.sys (system)

    Roteamento e acesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

    Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

    Alocador Remote Procedure Call (RPC): %SystemRoot%\system32\locator.exe (manual start)

    Chamada de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

    QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

    Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)

    Gerenciador de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)

    Cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)

    Agendador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

    Secdrv: system32\DRIVERS\secdrv.sys (manual start)

    Logon secundário: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

    Notificação de eventos de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

    Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)

    Serial port driver: system32\DRIVERS\serial.sys (system)

    StarForce Protection Environment Driver (version 1.x): System32\drivers\sfdrv01.sys (system)

    StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system)

    StarForce Protection Synchronization Driver (version 2.x): System32\drivers\sfsync02.sys (system)

    Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

    Detecção do hardware do shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

    BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)

    smwdm: system32\drivers\smwdm.sys (manual start)

    SoundMAX Agent Service: C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe (autostart)

    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

    Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)

    sptd: System32\Drivers\sptd.sys (system)

    Driver de filtro de restauração do sistema: \SystemRoot\system32\DRIVERS\sr.sys (disabled)

    Serviço de restauração do sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

    Srv: system32\DRIVERS\srv.sys (manual start)

    Serviço de descoberta SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

    Spy Sweeper File System Filer Driver: 0509: SYSTEM32\Drivers\SSFS0509.SYS (system)

    Spy Sweeper Hookrack MiniDriver: SYSTEM32\Drivers\SSHRMD.SYS (system)

    Spy Sweeper Interdiction Driver: SYSTEM32\Drivers\SSIDRV.SYS (system)

    Webroot Spy Sweeper Keylogger Shield Keyboard Filter: System32\Drivers\sskbfd.sys (manual start)

    Assistente de aquisição de imagens do Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

    BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)

    Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

    MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{DA2F95F5-A28A-466C-A8FE-9C8321255819} (manual start)

    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

    Logs e alertas de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)

    Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

    Driver de protocolo TCP/IP: system32\DRIVERS\tcpip.sys (system)

    Driver de dispositivo de terminal: system32\DRIVERS\termdd.sys (system)

    Serviços de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

    Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

    Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)

    Cliente de rastreamento de link distribuído: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

    ULi Based Ethernet NT Driver: system32\DRIVERS\ULILAN.SYS (manual start)

    ULi AGP Bus Filter Driver: system32\DRIVERS\agpkx.sys (system)

    Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

    Host de dispositivo Plug and Play universal: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

    Sistema de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (manual start)

    USB Data Cable: system32\DRIVERS\usb2vcom.sys (manual start)

    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

    USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)

    Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)

    Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)

    USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)

    USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

    Serviço Messenger Sharing USN Journal Reader: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)

    VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

    Cópia de volume em memória: %SystemRoot%\System32\vssvc.exe (manual start)

    Horário do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

    Driver ARP IP de acesso remoto: system32\DRIVERS\wanarp.sys (manual start)

    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

    Cliente da Web: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

    Webroot Spy Sweeper Engine: "D:\Programas\Webroot\Spy Sweeper\SpySweeper.exe" (autostart)

    Testador de instrumentação de gerenciam. do Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

    Serviço de Número de Série de Mídia Portátil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

    Extensões de driver de instrum. gerenc. do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

    Adaptador de desempenho WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

    Windows Media Player Network Sharing Service: C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (manual start)

    Central de Segurança: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

    World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)

    Atualizações Automáticas: %systemroot%\system32\svchost.exe -k netsvcs (disabled)

    Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)

    Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)

    Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)

    Configuração zero sem fio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

    Serviço de Configuração de Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:

    *No scripts set to run*

    Windows NT checkdisk command:

    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':

    PendingFileRenameOperations: *Registry value not found*

    ------------------

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    SVegetto, como o seu problema é de difícil remoção (rootkit), pode ser que demore um pouco. Então, lhe peço que tenha bastante paciência e que siga corretamente o que será proposto aqui. Não instale mais nenhum programa de proteção além dos que serão especificados aqui e, que também, não tente remover nada sozinho. Ok?

    @- Baixe, mas não execute ainda.

    - Copie as instruções para o bloco de notas ou imprima!

    Observação: Como o Blacklight busca arquivos escondidos. Não rode-o com algum programa, ativo, que "esconda" pastas e arquivos.

    @- Em modo normal, execute a Ferramenta Blacklight (blbeta.exe) e aceite o acordo: Next >... Como queremos apenas o log, não remova nenhum arquivo que o programa encontrar, pois algum poderá ser legítimo. Clique em Scan e aguarde...

    - Na finalização do scan, o botão Show all processes aparecerá, clique em Close.

    - Reserve o log: fsb-xxxxx.log (xxxxx, são números), que estará no mesmo diretório.

    --|--

    @- Execute o RegSrch.vbs e cole na caixa: m_hook

    Obs: Caso o Av não deixe rodá-la, desabilite-o.

    - Copie o resultado do scan da vbs e retorne junto com as respostas das perguntas acima.

    @- Post os log do Hijack, Blacklight (fsb-xxxxx.log), scan da vbs e cole-os na sequência.

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Log do Hijackthis:

    Logfile of HijackThis v1.99.1

    Scan saved at 11:11:19, on 15/9/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    D:\Programas\DAEMON Tools\daemon.exe

    C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\system32\hldrrr.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    D:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Documents and Settings\Particular\Meus documentos\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O4 - HKLM\..\Run: [smapp] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\programas\PowerISO\PWRISOVM.EXE

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [spySweeper] "D:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.lycos.de/app/uploader/FileUploader.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

    Log do Blacklight:

    09/15/06 10:52:49 [info]: BlackLight Engine 1.0.46 initialized

    09/15/06 10:52:49 [info]: OS: 5.1 build 2600 (Service Pack 2)

    09/15/06 10:52:49 [Note]: 7019 4

    09/15/06 10:52:49 [Note]: 7005 0

    09/15/06 10:59:45 [Note]: 7006 0

    09/15/06 10:59:45 [Note]: 7011 1668

    09/15/06 10:59:45 [Note]: 7026 0

    09/15/06 10:59:46 [Note]: 7026 0

    09/15/06 10:59:46 [Note]: 7024 3

    09/15/06 10:59:46 [info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe

    09/15/06 10:59:46 [Note]: 7024 3

    09/15/06 10:59:46 [info]: Hidden process: C:\Documents and Settings\Particular\Dados de aplicativos\m\flec006.exe

    09/15/06 10:59:46 [Note]: FSRAW library version 1.7.1019

    09/15/06 10:59:46 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Empty.txt

    09/15/06 10:59:46 [Note]: 10002 3

    09/15/06 10:59:46 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Filters.xml

    09/15/06 10:59:46 [Note]: 10002 3

    09/15/06 10:59:46 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\news.png

    09/15/06 10:59:46 [Note]: 10002 3

    09/15/06 10:59:46 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\paint.png

    09/15/06 10:59:46 [Note]: 10002 3

    09/15/06 10:59:46 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Profiles\Blank.txt

    09/15/06 10:59:46 [Note]: 10002 3

    09/15/06 10:59:46 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Sample1.jpg

    09/15/06 10:59:46 [Note]: 10002 3

    09/15/06 10:59:46 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Sample2.jpg

    09/15/06 10:59:46 [Note]: 10002 3

    09/15/06 10:59:46 [Note]: 10002 2

    09/15/06 10:59:46 [Note]: 10002 2

    09/15/06 11:00:23 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\hidires\hidr.exe

    09/15/06 11:00:23 [Note]: 10002 2

    09/15/06 11:00:23 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\hidires\m_hook.sys

    09/15/06 11:00:23 [Note]: 10002 2

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999 ke

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyicon v2.1 seri

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyicon v2.01 key

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v2.71.zip

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v2.81.zip

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark hearts and

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handyrec profession

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark mobiledb-e

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hard disk speedtool

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hard disk speedtool

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark mobiledb v

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hard disk speedtool

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyeo v3.08 patch

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark.hearts.and

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999 by

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark.superutili

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hammertap auction i

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyicon v2.82 key

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark mobiledb v

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999.3

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999.2

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark mobiledb-e

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999.3

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999 se

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999 tr

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999.2

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999.2

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999.2

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999.2

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999.2.

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999.3

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999.3.

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.999.zi

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v2.8.zip

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v2.81 by

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v2.81 cra

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween trick or

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween trick or

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.5 seri

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.666 ke

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halo 2 - behind the

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halo cd keys.zip

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halo combat evolved

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halo combat evolved

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halo combat evolved

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halo no intro crack

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halo pc serial numb

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halo serial.zip

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halo zero 1.8.3 cra

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halo combat evolved

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halptv 1.0.2.1 buil

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halworks v2.2 by od

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\ham office v3.3.2 b

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\ham university v200

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\ham utilities 1.2.z

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hamlog32 v1.50d.zip

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hammer & sickle dem

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hammerhead pool to

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hammerhead rhythm s

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hammersnipe powerto

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hammertap auction i

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.666.zi

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handbase profession

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handigolf v2.0 pda

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark.mobiledb.v

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handstory basic for

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy animated emot

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy entertainment

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy backup 3.9 ic

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy explorer for

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handymailer 3.1 cra

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handytools for web

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hang stan 1.10ra cr

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hanzi explorer 8.8

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happy calender v1.4

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happy fish 1 crack

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happy scroller 1.0

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hamoudi.zip

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hamsterball gold 2.

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hamsterball v1.1r p

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hamsterball v1.1r.z

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handbase profession

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handheld audio spec

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handheld basic ++ v

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handheldbasic hb++

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handheldbasic hb++

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handheldmed book re

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handicapper 3.0.3 b

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handicapper 3.03.zi

    09/15/06 11:00:24 [Note]: 10002 3

    09/15/06 11:00:24 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handigolf v2.0 pda

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handigolf v2.0 pda.

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handleheld-basic++

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handleheld-basic++

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmap 3.5.2 crack

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmap 4.7.1 crack

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmap for pocketp

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmap for pocketp

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmap v2.3.zip

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark mobiledb v

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyicon v2.56 key

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark monopoly s

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyicon v2.01 key

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark super soli

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.666 tr

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy animated icon

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy day v3.0 seri

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handydb manager (po

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark monopoly v

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy day v3.0.zip

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyicon v2.01.zip

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\halloween v1.666 tr

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark mobiledb v

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark monopoly a

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark.mobiledb.v

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handmark.superclock

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handovideo converte

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handovideo converte

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handpainter-pro v1.

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handstory basic 2.3

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handwallet 4.07 cra

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handwallet 4.09 cra

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handwallet for noki

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handwerker fix v2.0

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy address book

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy address book

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy address book

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy address book

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy backup 3.9 ou

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy book for sony

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy databank for

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy dates for son

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy day 2005 for

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy day 2005 for

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy entertainment

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy entertainment

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy free clock 1.

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy mp3 recorder

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy mp3 splitter

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy outlook tools

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy password 3.4

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy recovery 2.0

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy recovery v2.0

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy recovery v2.0

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy recovery v2.0

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handy safe 4 crack.

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handycafe 2.1.28 se

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handycafe v1.1.16 u

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handycafe v1.1.16 u

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handyfile find and

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handyfile find and

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handyfind 1.9 crack

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handyhtml html edit

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handyman v2.0.1 ser

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handyman v2.0.1.zip

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handysim v4.2 crack

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handysnap 1.2 crack

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handything 3.12 cra

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\handyzip (pocket pc

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hanewin tftp server

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hanewin tftp server

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hanewin tftp server

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hanewin tftp server

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hang glider 1.1 cra

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hang sim pro v2.5 s

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hang sim pro v2.5.z

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hang sim v3.0 seria

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hangstan trivia 1.0

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hangstan trivia cra

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hangstan trivia v1.

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hanwj chinese input

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hanwj chinese input

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hapak pro v1.3x - v

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happy all to real c

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happy farm 1.23 cra

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happy farm v3.0 key

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happy ico explorer

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happy icon 4.10.zip

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happy icon v4.10 by

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happy log v1.50 by

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyeo se v3.06 se

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyeo se v3.07.zi

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyeo standard ed

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyeo standard ed

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyeo standard ed

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyeo v3.08 stand

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyeo v3.08 stand

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hard disk speedtool

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyicon v2.51 ser

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hard disk speedtool

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyicon v1.50.zip

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\happyland adventure

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\haptek people putty

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\haptek player 4.10.

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hara-kiri v2.01 ser

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hara-kiri v2.01.zip

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hard copy 2006 crac

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hard disk led v1.1

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hard disk led v1.11

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hard disk speedtool

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [info]: Hidden file: c:\Documents and Settings\Particular\Dados de aplicativos\m\shared\hard disk speedtool

    09/15/06 11:00:25 [Note]: 10002 3

    09/15/06 11:00:25 [Note]: 10002 2

    09/15/06 11:00:25 [Note]: 10002 2

    09/15/06 11:00:30 [Note]: 10002 3

    09/15/06 11:00:30 [Note]: 10002 3

    09/15/06 11:00:30 [Note]: 10002 2

    09/15/06 11:00:30 [Note]: 10002 2

    09/15/06 11:00:54 [info]: Hidden file: C:\WINDOWS\system32\hldrrr.exe

    09/15/06 11:00:54 [Note]: 10002 2

    09/15/06 11:00:55 [info]: Hidden file: c:\WINDOWS\ime\shared\imepaden.hlp

    09/15/06 11:00:55 [Note]: 10002 3

    09/15/06 11:00:55 [info]: Hidden file: c:\WINDOWS\ime\shared\imepadsm.dll

    09/15/06 11:00:55 [Note]: 10002 3

    09/15/06 11:00:55 [info]: Hidden file: c:\WINDOWS\ime\shared\imepadsv.exe

    09/15/06 11:00:55 [Note]: 10002 3

    09/15/06 11:00:55 [info]: Hidden file: c:\WINDOWS\ime\shared\imlang.dll

    09/15/06 11:00:55 [Note]: 10002 3

    09/15/06 11:00:55 [info]: Hidden file: c:\WINDOWS\ime\shared\res\PADRS404.DLL

    09/15/06 11:00:55 [Note]: 10002 3

    09/15/06 11:00:55 [info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs411.dll

    09/15/06 11:00:55 [Note]: 10002 3

    09/15/06 11:00:55 [info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs412.dll

    09/15/06 11:00:55 [Note]: 10002 3

    09/15/06 11:00:55 [info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs804.dll

    09/15/06 11:00:55 [Note]: 10002 3

    09/15/06 11:00:55 [Note]: 10002 2

    09/15/06 11:00:55 [Note]: 10002 2

    09/15/06 11:05:37 [Note]: 7007 0

    Log do Regsrch:

    REGEDIT4

    ; RegSrch.vbs © Bill James

    ; Registry search results for string "m_hook" 15/9/2006 11:09:00

    ; NOTE: This file will be deleted when you close WordPad.

    ; You must manually save this file to a new location if you want to refer to it again later.

    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_M_HOOK]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\m_hook]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\m_hook\Security]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK\0000]

    "Service"="m_hook"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK\0000\Control]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK\0000\Control]

    "ActiveService"="m_hook"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK\0000\LogConf]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\m_hook]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\m_hook\Security]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\m_hook\Enum]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\m_hook\Enum]

    "0"="Root\\LEGACY_M_HOOK\\0000"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_M_HOOK]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_M_HOOK\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_M_HOOK\0000]

    "Service"="m_hook"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_M_HOOK\0000\LogConf]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\m_hook]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\m_hook\Security]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK\0000]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK\0000]

    "Service"="m_hook"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK\0000\Control]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK\0000\Control]

    "ActiveService"="m_hook"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK\0000\LogConf]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\m_hook]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\m_hook\Security]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\m_hook\Enum]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\m_hook\Enum]

    "0"="Root\\LEGACY_M_HOOK\\0000"

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    SVegetto,

    - Baixe o: CCleaner;

    - Baixe o: Fix-Hook.reg (reserve no desktop)

    Instale e execute o CCleaner >

    Em Opções > Avançado > A opção: Deletar somente arquivos temporários criados a mais de 48 horas, deve ficar desmarcada.

    Em Limpador >

    Windows > Internet Explorer, marque: 1a. até a 4a. opções

    Sistema > Marque todas... > Feche-o

    --|--

    @- Execute o Fix-Hook.reg. Dê dois cliques e confirme.

    @- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    - Feche todas as janelas/programas > Rode o CCleaner > Clique em Executar Cleaner > ...lmpeza completa... Feche-o

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

    C:\WINDOWS\system32\hldrrr.exe

    C:\Documents and Settings\Particular\Dados de aplicativos\m\flec006.exe

    C:\Documents and Settings\Particular\Dados de aplicativos\m\data.oct

    c:\Documents and Settings\Particular\Dados de aplicativos\hidires\hidr.exe

    c:\Documents and Settings\Particular\Dados de aplicativos\hidires\m_hook.sys

    c:\windows\system32\wintems.exe

    ...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X... e responda Não à pergunta.

    --|--

    @- Reinicie o computador novamente em Modo Seguro

    @- Execute novamente o Fix-Hook.reg. Dê dois cliques e confirme.

    - Caso a pasta abaixo em negrito não tenha nenhum arquivo seu guardado: Delete-a. Mas, atenção, não execute nenhum arquivo dentro dela. Acredito que o conteúdo desta pasta seja apenas cópias da própria infecção.

    C:\Documents and Settings\Particular\Dados de aplicativos\m\

    - Localize e delete a pasta abaixo em negrito:

    C:\Documents and Settings\Particular\Dados de aplicativos\hidires\

    - Execute o Spy Sweeper e faça um scan completo, limpeza com backup... > reserve log.

    @- Reinicie em modo normal.

    - Execute a Ferramenta Blacklight, somente scan e reserve log...

    @- Post os log do Hijack, Blacklight e cole-os na sequência.

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Acho que agora só falta dar fixchecked no flec006 e no hidr.exe certo

    as pastas deles já n existem mais só que mostra no log o_O

    Logfile of HijackThis v1.99.1

    Scan saved at 11:29:03, on 16/9/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    D:\Programas\DAEMON Tools\daemon.exe

    C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    D:\programas\PowerISO\PWRISOVM.EXE

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    D:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    D:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

    D:\Programas\Webroot\Spy Sweeper\SSU.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\Documents and Settings\Particular\Meus documentos\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O4 - HKLM\..\Run: [smapp] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\programas\PowerISO\PWRISOVM.EXE

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [spySweeper] "D:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

    O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Particular\Dados de aplicativos\hidires\hidr.exe

    O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Particular\Dados de aplicativos\m\flec006.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.lycos.de/app/uploader/FileUploader.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

    Log do Blacklight:(ta certo só isso mesmo?)

    09/16/06 11:29:19 [info]: BlackLight Engine 1.0.46 initialized

    09/16/06 11:29:19 [info]: OS: 5.1 build 2600 (Service Pack 2)

    09/16/06 11:29:19 [Note]: 7019 4

    09/16/06 11:29:19 [Note]: 7005 0

    09/16/06 11:29:20 [Note]: 7006 0

    09/16/06 11:29:20 [Note]: 7011 1784

    09/16/06 11:29:20 [Note]: 7026 0

    09/16/06 11:29:21 [Note]: 7026 0

    09/16/06 11:29:25 [Note]: FSRAW library version 1.7.1019

    09/16/06 11:30:16 [Note]: 2000 1006

    09/16/06 11:30:47 [Note]: 7007 0

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    <div align="center">SVegetto,

    O seu log está LIMPO! Mais algum problema relacionado com os malwares?

    Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

    O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

    O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

    O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Particular\Dados de aplicativos\hidires\hidr.exe

    O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Particular\Dados de aplicativos\m\flec006.exe

    Em modo normal mesmo, execute o hijack e marque as entradas acima. Clique em Fix Checked...
    Acho que agora só falta dar fixchecked no flec006 e no hidr.exe certo

    as pastas deles já n existem mais só que mostra no log o_O

    Isso mesmo. Enquanto o malware ainda está ativo, as entradas no registro também são ocultadas.
    ta certo só isso mesmo?
    Sim! Já eram... :) </div>

    <div align="center">Obrigado pelo retorno e um forte abraço!</div>

    <div align="center">buho8xs.gif</div>

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • O pc já esta normalzinho sem nenhum problema.

    É esse deu um trabalinho, mas agora ta limpo =)

    Muito Obrigado Mr.Coruj@ e Caso encerrado, Problema Resorvido

    Valeu mesmo =)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    CASO RESOLVIDO!

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×