[Arquivado] erro no arquivo temp2.exe

[odiugojunior 0]

Peço ajuda ae ao pessoal pra me ajudar a resolver esse problema, td vez q ligo o pc ele da esse erro que o arquivo temp2.exe deu erro...tbm nao consigo resolver um outro problema q td vez q clico com o botão direito do mouse num arquivo o win trava e eu preciso reiniciar o arquivo exeplorer.exe...segue o LOG do hijackthis, obrigado!

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:14:10, on 2/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\windows\system32\rlvknlg.exe

c:\arquiv~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Arquivos de programas\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\temp1.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\system32\mpeg4dec0.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [WinZip] "C:\WINDOWS\system32\wzip32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot

O4 - HKLM\..\Run: [VSOCheckTask] "c:\ARQUIV~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\ARQUIV~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\ARQUIV~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Arquivos de programas\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\ARQUIV~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[Shine 0]

Opa!

 

Faça o seguinte:

 

1. Baixe o BankerFix

 

 

Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

 

Dê dois cliques no bankerfix.exe, aperte Enter.

 

Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK.

 

PS: Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

 

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, copie o arquivo C:\LinhaDefensiva\relatorio.txt e cole-o na sua resposta.

 

2. Faça também um novo log do HijackThis para colocar na sua resposta.

 

Depois de fazer sua resposta você pode apagar a pasta:

C:\LinhaDefensiva

 

PS: Lembre-se de colar o resultado do BankerFix e execute a ferramenta uma vez apenas para não apagar o resultado anterior.

 

Aguardo sua resposta para prosseguirmos.

Abraços!

[odiugojunior 0]

Olá, obrigado pela sua ajuda. Segue abaixo o relatório dobankerfix e do hijackthis....

 

 

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 6/11/2007 - 12:27

-------------------------------------------------------

Lista de Definição: 2007-11-06-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\svchost.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\wzip32.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\mpeg4dec0.dll

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

 

 

 

...

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:31:15, on 6/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\windows\system32\rlvknlg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\temp1.exe

C:\Arquivos de programas\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\DOCUME~1\Odilon\CONFIG~1\Temp\Rar$EX00.516\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Odilon\CONFIG~1\Temp\2007116122653_mcinfo.exe /insfin

O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Odilon\CONFIG~1\Temp\2007116122653_mcappins.exe /v=3 /cleanup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Arquivos de programas\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[Shine 0]

Olá!

 

Ainda há infecções, então vamos fazer um scan online para verificar se há arquivos maliciosos ocultos, assim poderemos fazer os procedimentos removendo todos.

 

1. Cliquei com o botão direito sobre o ícone do Meu computador na sua área de trabalho e escolha "Propriedades"

 

- Vai na aba "Restauração do Sistema" e marque o "Desativar Restauração do Sistema" e clique em "OK", depois desmarque a opção "Desativar Restauração do Sistema" e clique em "OK" para finalizar

 

2. Depois faça um scan online com:

http://www.kaspersky.com/virusscanner

 

Copie o resultado e cole-o na sua resposta para prosseguirmos.

 

Abraços!

[odiugojunior 0]

Olá, aqui o resultado...

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, November 07, 2007 4:48:09 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 7/11/2007

Kaspersky Anti-Virus database records: 452842

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

 

Scan Statistics:

Total number of scanned objects: 57127

Number of viruses found: 8

Number of infected objects: 12

Number of suspicious objects: 0

Duration of the scan process: 02:06:40

 

Infected Object Name / Virus Name / Last Action

C:\copy.exe Infected: Worm.Win32.Perlovga.a skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Histórico\History.IE5\MSHist012007110720071108\index.dat Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Temp\hsperfdata_Odilon\2916 Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Temp\hsperfdata_Odilon\3548 Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Temp\zzz.tmp Infected: Trojan-Spy.Win32.Banker.bof skipped

C:\Documents and Settings\Odilon\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Odilon\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\cert8.db Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\history.dat Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\key3.db Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\parent.lock Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Odilon\ntuser.dat Object is locked skipped

C:\Documents and Settings\Odilon\ntuser.dat.LOG Object is locked skipped

C:\host.exe Infected: Trojan-Dropper.Win32.Small.apl skipped

C:\Incomplete\4NGHFMERG5RDI6YW3IU73YOSWSXPIBHF\D.M.4.R5.Dual.Audio.By.CdmsFAST.avi Object is locked skipped

C:\Incomplete\FHO35KN37SUZANJ5EXWVAUVVRKZAMBB4\Resident.Evil.3.R5.Dublado.avi Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP25\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\NDNuninstall6_38.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\WINDOWS\NDNuninstall7_48.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\rk.bin Infected: not-a-virus:AdWare.Win32.RK.n skipped

C:\WINDOWS\system32\rlvknlg.exe Infected: not-a-virus:AdWare.Win32.RK.n skipped

C:\WINDOWS\system32\temp1.exe Infected: Worm.Win32.Perlovga.c skipped

C:\WINDOWS\system32\temp2.exe Infected: Backdoor.Win32.Small.lo skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\xcopy.exe Infected: Worm.Win32.Perlovga.a skipped

D:\copy.exe Infected: Worm.Win32.Perlovga.a skipped

D:\host.exe Infected: Trojan-Dropper.Win32.Small.apl skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP25\change.log Object is locked skipped

 

Scan process completed.

[odiugojunior 0]

Olá, eu baixei o anti virus AVG que eliminou os vírus encontrados (8) e o erro do arquivo temp2.exe tbm desapareceu...oq ainda persiste é o problema de q cada vez que clico com o botão direito num arquivo o win trava e tenho q 'matar' o arquivo explorer.exe para continuar normalmente. Será que esse erro é ainda vírus ou erro de instalação do win?

[Shine 0]

Após o uso do AVG, será necessário fazer novamente o scan online com Kaspersky:

http://www.kaspersky.com/virusscanner

 

Copie o resultado e cole-o na sua resposta para prosseguirmos.

 

Vamos analisar até achar o que está provocando esse erro, ok?

 

Abraços! ;)

[odiugojunior 0]

Olá, segue o resultado do anti vírus.

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, November 14, 2007 4:50:06 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 14/11/2007

Kaspersky Anti-Virus database records: 459062

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

 

Scan Statistics:

Total number of scanned objects: 53399

Number of viruses found: 7

Number of infected objects: 9

Number of suspicious objects: 0

Duration of the scan process: 01:21:06

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Report70_File_Monitoring_eventcritlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Report70_File_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Report72_Web_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Histórico\History.IE5\MSHist012007111320071114\index.dat Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Histórico\History.IE5\MSHist012007111420071115\index.dat Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Temp\Perflib_Perfdata_7b8.dat Object is locked skipped

C:\Documents and Settings\Odilon\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Odilon\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\cert8.db Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\key3.db Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\parent.lock Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Odilon\Dados de aplicativos\Mozilla\Firefox\Profiles\bdwi43k7.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Odilon\ntuser.dat Object is locked skipped

C:\Documents and Settings\Odilon\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP26\A0013466.exe Infected: Worm.Win32.Perlovga.c skipped

C:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP26\A0013467.exe Infected: Backdoor.Win32.Small.lo skipped

C:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP30\A0017574.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP30\A0017575.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP32\A0017580.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP32\A0017581.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP32\A0018559.exe Infected: not-a-virus:AdWare.Win32.RK.n skipped

C:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP33\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP26\A0013468.exe Infected: Worm.Win32.Perlovga.a skipped

D:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP26\A0013469.exe Infected: Trojan-Dropper.Win32.Small.apl skipped

D:\System Volume Information\_restore{9C73682E-FA07-49C8-85B2-A8613AF2577B}\RP33\change.log Object is locked skipped

 

Scan process completed.

[Shine 0]

Oi, odiugojunior.

 

Perdoa-me a demora para responder, eu tive problemas sérios no pc. =/

 

Quero dizer que o scan online mostrou arquivos maliciosos em "Restore" e isso pode ser eliminado da seguinte forma:

 

- Cliquei com o botão direito sobre o ícone do Meu computador na sua área de trabalho e escolha "Propriedades"

 

- Vai na aba "Restauração do Sistema" e marque o "Desativar Restauração do Sistema" e clique em "OK", depois desmarque a opção "Desativar Restauração do Sistema" e clique em "OK" para finalizar.

 

...problema de q cada vez que clico com o botão direito num arquivo o win trava e tenho q 'matar' o arquivo explorer.exe para continuar normalmente. Será que esse erro é ainda vírus ou erro de instalação do win?

Esse erro ainda continua?

 

Abraços!

[Shine 0]

TÓPICO ARQUIVADO

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada

para um moderador da área juntamente com o link para este tópico e explique

o motivo da reabertura.