[Resolvido!]Nao consigo instalar antivirus

[guisoprano 0]

Nao consigo instalar nenhum antivirus...dá smp um erro.

Dpois d mtos cigarros e horas em frente ao computador decido pedir ajuda.Será q me pode ajudar?

Obrigado pela atenção e com cumprimentos. Mando tb o log do hijackthis.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 5:02:17, on 20-02-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\Webroot\Spy Sweeper\SSU.EXE

C:\Programas\Mozilla Firefox\firefox.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Asus.GUISOPRANO\Definições locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -onlytray

O4 - HKLM\..\Run: [DataLayer] "C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Power_Gear] "C:\Programas\Asus\Power4 Gear\BatteryLife.exe" 1

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O12 - Plugin for .UVR: C:\Programas\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by121fd.bay121.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BE00DDE4-4368-4525-BF04-D1B83FE1D874}: NameServer = 194.65.100.117

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

[jgarcia 1]

Opa guisoprano,

 

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

 

Salve-o em sua área de trabalho e o execute. Aceite o acordo.

 

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

 

Ao final do scan será gerado o arquivo fsb-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

 

Abraços.

[guisoprano 0]

tal como disse ca vai o log...02/20/07 23:59:58 [info]: BlackLight Engine 1.0.55 initialized02/20/07 23:59:58 [info]: OS: 5.1 build 2600 (Service Pack 2)02/20/07 23:59:59 [Note]: 7019 402/20/07 23:59:59 [Note]: 7005 002/21/07 00:00:07 [Note]: 7006 002/21/07 00:00:07 [Note]: 7011 166002/21/07 00:00:07 [Note]: 7026 002/21/07 00:00:07 [Note]: 7026 002/21/07 00:00:07 [Note]: 7024 302/21/07 00:00:07 [info]: Hidden process: C:\WINDOWS\system32\wintems.exe02/21/07 00:00:53 [Note]: FSRAW library version 1.7.102102/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\41 C.O. Aka Club Oriented - Californi02/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\AlbumArtSmall.jpg02/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\AlbumArt_{F3005C92-4195-466F-BA20-29702/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\AlbumArt_{F3005C92-4195-466F-BA20-29702/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Paul Anka - Smells Like Teen Spirit.m02/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Prison Break Soundtrack - Opening The02/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Days Of The Wee02/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Sour Girl.mp302/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Killers - 02 - Enterlude.mp302/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Killers - 08 - Bones.mp302/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Killers - Somebody Told Me.mp302/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Killers - When You Were Young.mp302/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Kinks - You Really Got Me.mp302/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The OC--Joseph Arthur - Honey And The02/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Raconteurs - Steady As She Goes.m02/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Requiem for a Dream (Orchestral Versi02/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Requiem for a Dream Soundtrack - Them02/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Ryan Adams - I want to go home.mp302/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Ryan Adams - Wonderwall (Oasis cover)02/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Iron Maiden - Where Eagles Dare.mp302/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Iron Maiden - Fear Of The Dark.mp302/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Iron Maiden - Mother Russia.mp302/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Joseph Arthur - A Smile That Explodes02/21/07 00:00:56 [Note]: 10002 302/21/07 00:00:56 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Joseph Arthur - In the Sun.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Cat Power - Ice Water.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Cheese, Richard-Smoke Two Joints (cov02/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\desktop.ini02/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Elizabethtown Soundtrack - Ryan Adam02/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Folder.jpg02/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Cat Power - I Don't Blame You.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Graham Colton Band - Killing Me.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Iron Maiden - The Trooper.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Los Abandoned - Electricidad (Electr02/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Muse - Knights Of Cydonia.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Vasoline.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\TV On The Radio - Freeway.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\TV on the Radio - Robots.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\TV On The Radio - Satellite.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\TV on the Radio - Wolf Like Me.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Los Abandoned - Van Nuys Is Very Nice02/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Mason Jennings - Be Here Now.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Mason Jennings - Butterfly.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Graham Colton Band - Morning Light.mp02/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Amos Lee - Amos Lee - 07 - Arms Of A 02/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Cat Power - Sea of Love.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Cat Power - The Greatest.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Plush.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Big Empty.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Creep.mp302/21/07 00:00:57 [Note]: 10002 302/21/07 00:00:57 [Note]: 10002 202/21/07 00:00:57 [Note]: 10002 202/21/07 00:00:58 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Application Data\hidires\hidr.exe02/21/07 00:00:58 [Note]: 10002 202/21/07 00:00:58 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Application Data\hidires\m_hook.sys02/21/07 00:00:58 [Note]: 10002 202/21/07 00:00:58 [Note]: 10002 302/21/07 00:00:58 [Note]: 10002 302/21/07 00:00:58 [Note]: 10002 202/21/07 00:00:58 [Note]: 10002 202/21/07 00:01:02 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\Aac.dll02/21/07 00:01:02 [Note]: 10002 302/21/07 00:01:02 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\aacenc32.dll02/21/07 00:01:02 [Note]: 10002 302/21/07 00:01:02 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\DefConvertor.dll02/21/07 00:01:02 [Note]: 10002 302/21/07 00:01:02 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\mp3Pro.dll02/21/07 00:01:02 [Note]: 10002 302/21/07 00:01:02 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\mp3PRO_dmo.dll02/21/07 00:01:02 [Note]: 10002 302/21/07 00:01:02 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\mp3PRO_hlp.dll02/21/07 00:01:02 [Note]: 10002 302/21/07 00:01:02 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\NeroIPP.dll02/21/07 00:01:02 [Note]: 10002 302/21/07 00:01:02 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\wmfdist.exe02/21/07 00:01:02 [Note]: 10002 302/21/07 00:01:02 [Note]: 10002 202/21/07 00:01:02 [Note]: 10002 202/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\Wt9po.lex02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9br.hlp02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\Wt9br.ths02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9cbe.dll02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9cbeEN.cbd02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\WT9cbePO.cbt02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9ce.icr02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9ce.sav02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9en.hlp02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9en.hwl02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9en.mor02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9geuk.cnt02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9geuk.hlp02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9geus.cnt02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\WT9GEUS.HLP02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\WT9LDEN.dll02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\WT9LDPO.dll02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9ldxx.dll02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9li.dll02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9oz.icr02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9oz.sav02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\Wt9po.icr02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\Wt9po.sav02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\Wt9po.ths02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9sptlEN.exe02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9sptlen.hlp02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\WT9SPWP.dll02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uibr.dll02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uien.dll02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uipo.dll02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uk.adv02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uk.icr02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uk.rul02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uk.sav02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uk.ths02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9us.adv02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9us.icr02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9us.rul02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9us.sav02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9us.ths02/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 202/21/07 00:01:06 [Note]: 10002 202/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 302/21/07 00:01:06 [Note]: 10002 202/21/07 00:01:06 [Note]: 10002 202/21/07 00:03:03 [info]: Hidden file: c:\Programas\Movie Maker\Shared\empty.txt02/21/07 00:03:03 [Note]: 10002 302/21/07 00:03:03 [info]: Hidden file: c:\Programas\Movie Maker\Shared\filters.xml02/21/07 00:03:03 [Note]: 10002 302/21/07 00:03:03 [info]: Hidden file: c:\Programas\Movie Maker\Shared\news.png02/21/07 00:03:03 [Note]: 10002 302/21/07 00:03:03 [info]: Hidden file: c:\Programas\Movie Maker\Shared\paint.png02/21/07 00:03:03 [Note]: 10002 302/21/07 00:03:03 [info]: Hidden file: c:\Programas\Movie Maker\Shared\Profiles\blank.txt02/21/07 00:03:03 [Note]: 10002 302/21/07 00:03:03 [info]: Hidden file: c:\Programas\Movie Maker\Shared\sample1.jpg02/21/07 00:03:03 [Note]: 10002 302/21/07 00:03:03 [info]: Hidden file: c:\Programas\Movie Maker\Shared\sample2.jpg02/21/07 00:03:03 [Note]: 10002 302/21/07 00:03:03 [Note]: 10002 202/21/07 00:03:03 [Note]: 10002 202/21/07 00:03:15 [info]: Hidden file: c:\Programas\Skype\toolbars\Shared\SPhoneParser.dll02/21/07 00:03:15 [Note]: 10002 302/21/07 00:03:15 [Note]: 10002 202/21/07 00:03:15 [Note]: 10002 202/21/07 00:09:43 [Note]: 10002 202/21/07 00:09:43 [Note]: 10002 202/21/07 00:11:43 [info]: Hidden file: C:\WINDOWS\system32\wintems.exe02/21/07 00:11:43 [Note]: 10002 202/21/07 00:14:54 [Note]: 2000 101202/21/07 00:14:54 [Note]: 2000 1012

[jgarcia 1]

Opa guisoprano,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desabilite a função de Restauração Automática do XP.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

Baixe a ferramenta de correção da Symantec.

 

Baixe -> vá em Arquivo -> Salvar como em seu desktop, mas não a execute ainda.

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

2ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\wintems.exe

C:\WINDOWS\system32\hldrrr.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

3ª Etapa

 

Reinicie o computador em Modo Normal.

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Execute a ferramenta de correção. Para isto dê um clique-direito sobre UnHookExec.inf contido em seu desktop e depois em instalar.

 

Navegue e delete as seguintes subchaves, se houver:

 

HKEY_CURRENT_USER\Software\FirstRRRun

HKEY_CURRENT_USER\Software\FIRSTRUXZX

 

Navegue até a seguinte subchave:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

 

No painel à direita, delete os seguintes valores, se houver:

 

"drvsyskit" = "%Userprofiles%\Application Data\hidires\hidr.exe"

"drvsyskit" = "%Userprofiles%\Application Data\hidn\hidn2.exe"

"german.exe" = "%System%\wintems.exe"

"hldrrr" = "%System%\hldrrr.exe"

 

Navegue até a seguinte subchave:

 

HKEY_CURRENT_USER\Software\DateTime4

 

No painel à direita, restaure os seguintes valores originais, se necessário:

 

"port" = "0x5B7E"

"uid" = "[RANDOM]"

"wdrn" = "0x00000001"

 

Navegue até a seguinte subchave:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control

 

Selecione a pasta (Control) -> dê um clique-direito -> Novo -> Chave -> coloque o nome de Safeboot.

 

Criada a pasta Safeboot, a selecione -> dê um clique-direito -> Novo -> Valor da sequência -> dê o nome de AlternateShell.

 

No painel à direita selecione AlternateShell -> dê um clique-direito -> Modificar -> no local destinado ao valor coloque cmd.exe.

 

Saia do Editor do Registro.

 

Vá até a pasta C:\!Killbox e delete o conteúdo.

 

4ª Etapa

 

Reinicie em Modo Normal novamente.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Retorne com novos logs do HijackThis e BlackLight.

 

Aguardo retorno.

 

Um abraço.

[guisoprano 0]

Ola outra vez.Aqui vao os logs q pediu...

 

Hijack log:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:09:39, on 21-02-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Programas\Winamp\winampa.exe

C:\WINDOWS\system32\CTFMON.EXE

C:\Programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programas\Webroot\Spy Sweeper\SSU.EXE

C:\Programas\Mozilla Firefox\firefox.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Asus.GUISOPRANO\Definições locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -onlytray

O4 - HKLM\..\Run: [DataLayer] "C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Power_Gear] "C:\Programas\Asus\Power4 Gear\BatteryLife.exe" 1

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O12 - Plugin for .UVR: C:\Programas\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by121fd.bay121.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BE00DDE4-4368-4525-BF04-D1B83FE1D874}: NameServer = 194.65.100.117

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

 

Blacklight log:

 

02/21/07 22:10:13 [info]: BlackLight Engine 1.0.55 initialized

02/21/07 22:10:13 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/21/07 22:10:14 [Note]: 7019 4

02/21/07 22:10:14 [Note]: 7005 0

02/21/07 22:10:17 [Note]: 7006 0

02/21/07 22:10:17 [Note]: 7011 1692

02/21/07 22:10:18 [Note]: 7026 0

02/21/07 22:10:18 [Note]: 7026 0

02/21/07 22:10:38 [Note]: FSRAW library version 1.7.1021

02/21/07 22:10:40 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\41 C.O. Aka Club Oriented - Californi

02/21/07 22:10:40 [Note]: 10002 3

02/21/07 22:10:40 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\AlbumArtSmall.jpg

02/21/07 22:10:40 [Note]: 10002 3

02/21/07 22:10:40 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\AlbumArt_{F3005C92-4195-466F-BA20-297

02/21/07 22:10:40 [Note]: 10002 3

02/21/07 22:10:40 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\AlbumArt_{F3005C92-4195-466F-BA20-297

02/21/07 22:10:40 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Paul Anka - Smells Like Teen Spirit.m

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Prison Break Soundtrack - Opening The

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Days Of The Wee

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Sour Girl.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\the jesus and mary chain - Just Like

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Killers - 02 - Enterlude.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Killers - 08 - Bones.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Killers - Somebody Told Me.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Killers - When You Were Young.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Kinks - You Really Got Me.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Living End - Jesus and Mary Chain

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The OC--Joseph Arthur - Honey And The

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\The Raconteurs - Steady As She Goes.m

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Requiem for a Dream (Orchestral Versi

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Requiem for a Dream Soundtrack - Them

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Ryan Adams - I want to go home.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Ryan Adams - Wonderwall (Oasis cover)

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Iron Maiden - Where Eagles Dare.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Iron Maiden - Fear Of The Dark.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Iron Maiden - Mother Russia.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Joseph Arthur - A Smile That Explodes

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Joseph Arthur - In the Sun.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Cat Power - Ice Water.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Cheese, Richard-Smoke Two Joints (cov

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\desktop.ini

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Elizabethtown Soundtrack - Ryan Adam

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Folder.jpg

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Cat Power - I Don't Blame You.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Graham Colton Band - Killing Me.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Iron Maiden - The Trooper.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Los Abandoned - Electricidad (Electr

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Muse - Knights Of Cydonia.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Vasoline.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\TV On The Radio - Freeway.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\TV on the Radio - Robots.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\TV On The Radio - Satellite.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\TV on the Radio - Wolf Like Me.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Los Abandoned - Van Nuys Is Very Nice

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Mason Jennings - Be Here Now.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Mason Jennings - Butterfly.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Graham Colton Band - Morning Light.mp

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Amos Lee - Amos Lee - 07 - Arms Of A

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Cat Power - Sea of Love.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Cat Power - The Greatest.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Plush.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Big Empty.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Shared\Stone Temple Pilots - Creep.mp3

02/21/07 22:10:41 [Note]: 10002 3

02/21/07 22:10:41 [Note]: 10002 2

02/21/07 22:10:41 [Note]: 10002 2

02/21/07 22:10:42 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Application Data\hidires\hidr.exe

02/21/07 22:10:42 [Note]: 10002 2

02/21/07 22:10:42 [info]: Hidden file: c:\Documents and Settings\Asus.GUISOPRANO\Application Data\hidires\m_hook.sys

02/21/07 22:10:42 [Note]: 10002 2

02/21/07 22:10:43 [Note]: 10002 3

02/21/07 22:10:43 [Note]: 10002 3

02/21/07 22:10:43 [Note]: 10002 2

02/21/07 22:10:43 [Note]: 10002 2

02/21/07 22:10:46 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\Aac.dll

02/21/07 22:10:46 [Note]: 10002 3

02/21/07 22:10:46 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\aacenc32.dll

02/21/07 22:10:46 [Note]: 10002 3

02/21/07 22:10:46 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\DefConvertor.dll

02/21/07 22:10:46 [Note]: 10002 3

02/21/07 22:10:46 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\mp3Pro.dll

02/21/07 22:10:46 [Note]: 10002 3

02/21/07 22:10:46 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\mp3PRO_dmo.dll

02/21/07 22:10:46 [Note]: 10002 3

02/21/07 22:10:46 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\mp3PRO_hlp.dll

02/21/07 22:10:46 [Note]: 10002 3

02/21/07 22:10:46 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\NeroIPP.dll

02/21/07 22:10:46 [Note]: 10002 3

02/21/07 22:10:46 [info]: Hidden file: c:\Programas\Ahead\Shared\AudioPlugins\wmfdist.exe

02/21/07 22:10:46 [Note]: 10002 3

02/21/07 22:10:46 [Note]: 10002 2

02/21/07 22:10:47 [Note]: 10002 2

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\Wt9po.lex

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9br.hlp

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\Wt9br.ths

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9cbe.dll

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9cbeEN.cbd

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\WT9cbePO.cbt

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9ce.icr

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9ce.sav

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9en.hlp

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9en.hwl

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9en.mor

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9geuk.cnt

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9geuk.hlp

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9geus.cnt

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\WT9GEUS.HLP

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\WT9LDEN.dll

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\WT9LDPO.dll

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9ldxx.dll

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9li.dll

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9oz.icr

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9oz.sav

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\Wt9po.icr

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\Wt9po.sav

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\Wt9po.ths

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9sptlEN.exe

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9sptlen.hlp

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\WT9SPWP.dll

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uibr.dll

02/21/07 22:10:50 [Note]: 10002 3

02/21/07 22:10:50 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uien.dll

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uipo.dll

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uk.adv

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uk.icr

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uk.rul

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uk.sav

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9uk.ths

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9us.adv

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9us.icr

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9us.rul

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9us.sav

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [info]: Hidden file: c:\Programas\Corel\Shared\Writing Tools\9.0\wt9us.ths

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 2

02/21/07 22:10:51 [Note]: 10002 2

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 3

02/21/07 22:10:51 [Note]: 10002 2

02/21/07 22:10:51 [Note]: 10002 2

02/21/07 22:12:45 [info]: Hidden file: c:\Programas\Movie Maker\Shared\empty.txt

02/21/07 22:12:45 [Note]: 10002 3

02/21/07 22:12:45 [info]: Hidden file: c:\Programas\Movie Maker\Shared\filters.xml

02/21/07 22:12:45 [Note]: 10002 3

02/21/07 22:12:45 [info]: Hidden file: c:\Programas\Movie Maker\Shared\news.png

02/21/07 22:12:45 [Note]: 10002 3

02/21/07 22:12:45 [info]: Hidden file: c:\Programas\Movie Maker\Shared\paint.png

02/21/07 22:12:45 [Note]: 10002 3

02/21/07 22:12:45 [info]: Hidden file: c:\Programas\Movie Maker\Shared\Profiles\blank.txt

02/21/07 22:12:45 [Note]: 10002 3

02/21/07 22:12:45 [info]: Hidden file: c:\Programas\Movie Maker\Shared\sample1.jpg

02/21/07 22:12:45 [Note]: 10002 3

02/21/07 22:12:45 [info]: Hidden file: c:\Programas\Movie Maker\Shared\sample2.jpg

02/21/07 22:12:45 [Note]: 10002 3

02/21/07 22:12:45 [Note]: 10002 2

02/21/07 22:12:45 [Note]: 10002 2

02/21/07 22:12:59 [info]: Hidden file: c:\Programas\Skype\toolbars\Shared\SPhoneParser.dll

02/21/07 22:12:59 [Note]: 10002 3

02/21/07 22:12:59 [Note]: 10002 2

02/21/07 22:12:59 [Note]: 10002 2

02/21/07 22:18:57 [Note]: 10002 2

02/21/07 22:18:57 [Note]: 10002 2

02/21/07 22:22:06 [Note]: 2000 1012

02/21/07 22:22:06 [Note]: 2000 1012

[jgarcia 1]

Opa guisoprano,

 

Vamos lá.

 

1ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

c:\Documents and Settings\Asus.GUISOPRANO\Application Data\hidires\hidr.exe

c:\Documents and Settings\Asus.GUISOPRANO\Application Data\hidires\m_hook.sys

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro.

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

 

No painel à direita, delete o seguinte valor, se houver:

 

"drvsyskit" = "%Userprofiles%\Application Data\hidires\m_hook.sys"

 

-> Em sua próxima resposta diga se a entrada acima existia ou não.

 

Saia do Editor do Registro.

 

Localize e delete:

 

c:\Documents and Settings\Asus.GUISOPRANO\Application Data\hidires <- a pasta

 

Vá até a pasta C:\!Killbox e delete o conteúdo.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Retorne com novos logs do HijackThis e BlackLight.

 

Aguardo retorno.

 

Um abraço.

[guisoprano 0]

nao consegui iniciar em modo de segurança e fiz as etapas correspondentes em modo norma.

O "drvsyskit" existia e apaguei. Mas à frente dizia C:\Documents and Settings\Asus.GUISOPRANO\Application Data\hidires\hidr.exe

 

Era pa apagar?

 

Já agora pergunto qual, em sua opiniao, o melhor antivirus?

 

Logfile of HijackThis v1.99.1

Scan saved at 19:17:18, on 22-02-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programas\Webroot\Spy Sweeper\SSU.EXE

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Asus.GUISOPRANO\Definições locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -onlytray

O4 - HKLM\..\Run: [DataLayer] "C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Power_Gear] "C:\Programas\Asus\Power4 Gear\BatteryLife.exe" 1

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O12 - Plugin for .UVR: C:\Programas\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by121fd.bay121.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

 

 

 

02/22/07 19:17:38 [info]: BlackLight Engine 1.0.55 initialized

02/22/07 19:17:38 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/22/07 19:17:40 [Note]: 7019 4

02/22/07 19:17:40 [Note]: 7005 0

02/22/07 19:17:43 [Note]: 7006 0

02/22/07 19:17:43 [Note]: 7011 1716

02/22/07 19:17:43 [Note]: 7026 0

02/22/07 19:17:43 [Note]: 7026 0

02/22/07 19:18:02 [Note]: FSRAW library version 1.7.1021

02/22/07 19:30:12 [Note]: 2000 1012

02/22/07 19:30:12 [Note]: 2000 1012

02/22/07 19:30:24 [Note]: 7007 0

 

 

Aguardo nova resposta. Abraço

[jgarcia 1]

Opa guisoprano,

 

Repita todo o procedimento contido no Post #4 (da 2ª à 4ª etapa).

 

Retorne com novos logs novamente.

 

Abraços.

[guisoprano 0]

Aqui estão eles:

 

Logfile of HijackThis v1.99.1

Scan saved at 20:54:11, on 22-02-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programas\Webroot\Spy Sweeper\SSU.EXE

C:\Documents and Settings\Asus.GUISOPRANO\Definições locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -onlytray

O4 - HKLM\..\Run: [DataLayer] "C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Power_Gear] "C:\Programas\Asus\Power4 Gear\BatteryLife.exe" 1

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O12 - Plugin for .UVR: C:\Programas\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by121fd.bay121.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

 

 

 

02/22/07 20:54:21 [info]: BlackLight Engine 1.0.55 initialized

02/22/07 20:54:21 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/22/07 20:54:21 [Note]: 7019 4

02/22/07 20:54:21 [Note]: 7005 0

02/22/07 20:54:24 [Note]: 7006 0

02/22/07 20:54:24 [Note]: 7011 1672

02/22/07 20:54:24 [Note]: 7026 0

02/22/07 20:54:24 [Note]: 7026 0

02/22/07 20:54:44 [Note]: FSRAW library version 1.7.1021

02/22/07 21:08:47 [Note]: 2000 1012

02/22/07 21:08:47 [Note]: 2000 1012

02/22/07 21:09:20 [Note]: 7007 0

[jgarcia 1]

Opa guisoprano,

 

Execute o HijackThis, clique em Do a system scan only e marque:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

Clique em Fix Checked.

 

Verifique se a máquina já reinicia em Modo Seguro e poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[guisoprano 0]

Continua sem iniciar em modo de segurança.

De qq forma o log:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:51:02, on 22-02-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programas\Webroot\Spy Sweeper\SSU.EXE

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Asus.GUISOPRANO\Definições locais\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -onlytray

O4 - HKLM\..\Run: [DataLayer] "C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Power_Gear] "C:\Programas\Asus\Power4 Gear\BatteryLife.exe" 1

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O12 - Plugin for .UVR: C:\Programas\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by121fd.bay121.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

[jgarcia 1]

Opa guisoprano,

 

Baixe o SilentRunners.

 

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[guisoprano 0]

Nao tou a conseguir fazer o post.primeiro dizia q era grande demais e dpois, quando o dividi em partes, nao aparece nd.O q faço?

[jgarcia 1]

Nao tou a conseguir fazer o post.

primeiro dizia q era grande demais e dpois, quando o dividi em partes, nao aparece nd.

 

O q faço?

Em condição excepcional envie o relatório para o meu e-mail (está no meu perfil).

 

Abraços.

[jgarcia 1]

Opa guisoprano,

 

Baixe o EliBagle em:

EliBagle

 

Execute a ferramenta. O exame pode levar um tempo para terminar. Seja paciente.

 

Quando o exame chegar ao fim será criado um relatório em C:\infoSat.txt. Abra este arquivo através do Bloco de Notas. Clique em Editar -> Selecionar tudo e depois em Editar -> Copiar.

 

Preciso que você cole o conteúdo copiado acima em sua próxima resposta.

 

Abraços.

 

PS.: Tente reiniciar em Modo Seguro.

[guisoprano 0]

ja esta... Sun Feb 25 21:27:28 2007EliBagle v10.18 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Acción Directa):C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado BagleEliminada Carpeta "%WinDir%\exefld"Restaurada Clave: "SafeBoot\Minimal y Network" Sun Feb 25 21:27:52 2007EliBagle v10.18 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Exploración):Explorando Unidad C:\

[guisoprano 0]

Já consigo iniciar em modo de segurança.

[jgarcia 1]

Opa guisoprano,

 

Boa notícia: a sua máquina está LIMPA. :thumbsup:

 

Para finalizar:

 

1. Reabilite, desabilite e reabilite a função de Restauração Automática do XP. Clique aqui para ver como.

 

Abraços.

 

PS.: Gostaria de saber como você foi infectado. Link do MSN? Link do Orkut? Esta informação é muito importante para mim.

[guisoprano 0]

Nao me recordo mas penso q tenha sido um link do orkut...Mto obrigado pela ajuda!!!!Abraço

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.