[Resolvido!] Vírus em System Volume Information

[Donna_ 0]

Sempre leio o fórum, mas não consigo resolver meu problema.

Passei o BitDefender e constou vírus na pasta C:\, D:\ e na E:\System Volume Information. Mesmo o BitDefender deletando ele sempre volta.

 

Outro que aparece sempre é o Instalar.exe

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:19:34, on 24/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Firebird\bin\fbguard.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Firebird\bin\fbserver.exe

C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Outlook Express\msimn.exe

D:\111\programas\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Firebird] C:\Arquivos de programas\Firebird\bin\fbguard.exe -a

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Microgaming\Poker\32RedMPP\MPPoker.exe

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Microgaming\Poker\pokertimeMPP\MPPoker.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Arquivos de programas\Gnuf\Poker\MPPoker.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: IronDuke - {21efa308-eaa1-4c5c-8209-1393cc02af6d} - C:\Documents and Settings\Administrador\Menu Iniciar\Programas\IronDuke\IronDuke.lnk (HKCU)

O9 - Extra button: PokerNordica - {caf8603b-35e9-4f0f-819d-a509543a1e09} - C:\Documents and Settings\Administrador\Menu Iniciar\Programas\PokerNordica\PokerNordica.lnk (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[DigRam 144]

Boa Tarde! Donna_

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

_____________________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[Donna_ 0]

ComboFix 08-03-22.3 - Administrador 2008-03-24 15:15:44.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.169 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))))

.

 

2008-03-17 10:34 . 2008-03-24 09:23 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-03-17 10:01 . 2008-03-17 10:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Arovax

2008-03-17 10:00 . 2008-03-24 09:10 <DIR> d-------- C:\Arquivos de programas\Arovax AntiSpyware

2008-03-13 20:29 . 2008-03-13 20:29 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

2008-03-06 15:56 . 2008-03-06 16:50 <DIR> d-------- C:\Arquivos de programas\SunPoker.com

2008-02-25 22:36 . 2008-03-22 22:37 <DIR> d-------- C:\Arquivos de programas\Jewel Quest 2

2008-02-25 22:35 . 2008-02-25 22:35 <DIR> d-------- C:\Arquivos de programas\ReflexiveArcade

2008-02-25 22:02 . 2008-02-25 22:02 <DIR> d-------- C:\Documents and Settings\Administrador\Saved Games

2008-02-25 22:01 . 2008-02-25 22:37 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-25 22:01 . 2008-02-25 22:01 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\iWin

2008-02-25 21:59 . 2008-02-25 21:59 <DIR> d-------- C:\Arquivos de programas\iWin.com

2008-02-25 21:48 . 2008-02-25 21:48 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\iWinArcade

2008-02-25 21:47 . 2008-02-25 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\iWin Games

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-24 16:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-24 12:10 --------- d-----w C:\Arquivos de programas\eMule

2008-03-22 20:56 --------- d-----w C:\Arquivos de programas\Everest Poker

2008-03-22 20:48 --------- d-----w C:\Arquivos de programas\MansionPoker

2008-03-22 19:32 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Microgaming

2008-03-22 19:32 --------- d-----w C:\Arquivos de programas\PokerStars

2008-03-22 01:52 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2008-03-21 21:32 --------- d-----w C:\Arquivos de programas\PokerNordica

2008-03-20 19:37 --------- d-----w C:\Arquivos de programas\Poker Royale

2008-03-06 11:34 --------- d-----w C:\Arquivos de programas\ParadisePoker

2008-03-02 05:17 --------- d-----w C:\Arquivos de programas\Webteh

2008-02-20 14:55 --------- d-----w C:\Arquivos de programas\Rosso Poker

2008-02-20 02:32 --------- d-----w C:\Arquivos de programas\Red Kings Poker

2008-02-17 14:22 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-02-17 01:33 --------- d-----w C:\Arquivos de programas\William Hill Poker

2008-02-16 02:53 --------- d-----w C:\Arquivos de programas\IronDuke

2008-02-15 15:58 --------- d-----w C:\Arquivos de programas\Full Tilt Poker

2008-02-13 15:14 --------- d-----w C:\Arquivos de programas\Google

2008-02-13 15:12 --------- d-----w C:\Arquivos de programas\Ahead

2008-02-13 15:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-02-09 17:16 --------- d-----w C:\Arquivos de programas\Prime Poker

2008-02-07 22:00 --------- d-----w C:\Arquivos de programas\Firebird

2008-02-07 18:58 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Image Zone Express

2008-02-04 19:06 --------- d-----w C:\Arquivos de programas\PartyGaming

2008-02-04 01:37 --------- d-----w C:\Arquivos de programas\JohnnyBlackPoker

2008-02-01 11:52 --------- d-----w C:\Arquivos de programas\LuckyAcePoker.com

2008-01-31 01:46 --------- d-----w C:\Arquivos de programas\RM Converter

2008-01-30 23:52 --------- d-----w C:\Arquivos de programas\MegaCubo

2008-01-30 23:42 --------- d-----w C:\Arquivos de programas\SopCast

2008-01-30 01:47 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-27 02:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2008-01-26 05:07 --------- d-----w C:\Arquivos de programas\WinAVI Video Converter

2008-01-26 04:37 --------- d-----w C:\Arquivos de programas\dvdSanta

2008-01-26 03:39 --------- d-----w C:\Arquivos de programas\Real Alternative

2008-01-25 21:58 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

2008-01-25 03:53 --------- d-----w C:\Arquivos de programas\Alcohol Soft

2008-01-25 03:50 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-01-09 18:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]

"AlcoholAutomount"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 04:23 221568]

"Arovax AntiSpyware"="C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe" [2007-07-07 06:40 1941504]

"eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2007-05-13 11:57 5308416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-03-23 16:02 176128 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]

"DAEMON Tools-1033"="C:\Arquivos de programas\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"Firebird"="C:\Arquivos de programas\Firebird\bin\fbguard.exe" [2004-12-13 01:05 65536]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 07:50 155648]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2004-03-09 15:27 1294446]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2007-11-29 10:41 337992]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll 2007-11-29 10:41 337992 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Firebird\\bin\\fbserver.exe"=

"C:\\Arquivos de programas\\William Hill Poker\\UA.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Documents and Settings\\Administrador\\Configurações locais\\Temp\\CRY88F8.tmp\\install.exe"=

"C:\\Arquivos de programas\\SunPoker.com\\UA.exe"=

"C:\\Arquivos de programas\\B2BPOKER\\i4poker\\jre\\bin\\javaw.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3050:TCP"= 3050:TCP:Firebird

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 09:22]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 06:39]

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 03:23]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 05:14]

S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Arquivos de programas\Firebird\bin\fbguard.exe [2004-12-13 01:05]

S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Arquivos de programas\Firebird\bin\fbserver.exe [2004-12-13 01:05]

 

*Newly Created Service* - HTTPFILTER

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-24 15:17:58

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Firebird = C:\Arquivos de programas\Firebird\bin\fbguard.exe -a???????????????????????

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-24 15:19:50

ComboFix-quarantined-files.txt 2008-03-24 18:19:48

 

oi DigRam, aqui tem o hijac atualizado.

 

acabei de chegar do banco, fui roubada pela internet, fizeram transferencia da minha conta. :wacko:

 

Logfile of HijackThis v1.99.1

Scan saved at 15:22:40, on 24/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Firebird\bin\fbguard.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Firebird\bin\fbserver.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\zstatus.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

D:\111\programas\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Firebird] C:\Arquivos de programas\Firebird\bin\fbguard.exe -a

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Microgaming\Poker\32RedMPP\MPPoker.exe

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Microgaming\Poker\pokertimeMPP\MPPoker.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Arquivos de programas\Gnuf\Poker\MPPoker.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: IronDuke - {21efa308-eaa1-4c5c-8209-1393cc02af6d} - C:\Documents and Settings\Administrador\Menu Iniciar\Programas\IronDuke\IronDuke.lnk (HKCU)

O9 - Extra button: PokerNordica - {caf8603b-35e9-4f0f-819d-a509543a1e09} - C:\Documents and Settings\Administrador\Menu Iniciar\Programas\PokerNordica\PokerNordica.lnk (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[DigRam 144]

Boa Noite! Donna_

 

acabei de chegar do banco, fui roubada pela internet, fizeram transferencia da minha conta

>@< Se,realmente,foi pela internet,voçê tem trojans no PC.

________________________

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.

>@< Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter.

>@< Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

________________________

 

>@< Poste o relatorio.txt do BankerFix,que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

 

Abraços!

[Donna_ 0]

Boa tarde DigRam!

 

Foi pela internet sim, o banco já constatou q foi fraude.

 

Acessei a conta através de um computador q tinha chegado da formatação, conectei ele na rede onde tem mais 2.. acredito que o problema esteja na rede, já estou afim de mandar formatar os 2 que estão na rede, e novamente o meu, e além de formatar o C:, formatar os outros hds.

 

Segue os relatórios que você solicitou.

 

Obrigada pela ajuda.

 

 

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 25/03/2008 - 13:55

-------------------------------------------------------

Lista de Definição: 2008-02-22-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:20:47, on 25/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Firebird\bin\fbguard.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Firebird\bin\fbserver.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\eMule\emule.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Sist\ProSindW\ProSindW.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\111\programas\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Firebird] C:\Arquivos de programas\Firebird\bin\fbguard.exe -a

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Microgaming\Poker\32RedMPP\MPPoker.exe

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Microgaming\Poker\pokertimeMPP\MPPoker.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Arquivos de programas\Gnuf\Poker\MPPoker.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: IronDuke - {21efa308-eaa1-4c5c-8209-1393cc02af6d} - C:\Documents and Settings\Administrador\Menu Iniciar\Programas\IronDuke\IronDuke.lnk (HKCU)

O9 - Extra button: PokerNordica - {caf8603b-35e9-4f0f-819d-a509543a1e09} - C:\Documents and Settings\Administrador\Menu Iniciar\Programas\PokerNordica\PokerNordica.lnk (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\bin\fbserver.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[DigRam 144]

Boa Tarde! Donna_

 

>@< Desconecte o computador da rede!

__________________________

 

>@< Faça um scan on line em: < Kaspersky >

 

<!> Acesse o site, clique em: < >

 

>@< Na próxima página,clique em: I Accept

>@< Isto,para que se instale o controle ActiveX e depois,atualize o banco de dados.

>@< Na próxima página,clique em: My Computer e faça o scan.

>@< Tenha paciência! Aguarde a atualização da base de dados,e o próprio exame que é demorado.

>@< Terminando,salve e poste o relatório.

 

Abraços!

[Donna_ 0]

Boa noite DigRam.

 

Demorou mesmo, abaixo o relatório

 

Tuesday, March 25, 2008 7:15:08 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 25/03/2008

Kaspersky Anti-Virus database records: 663365

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

C:\

D:\

E:\

G:\

 

Scan Statistics

Total number of scanned objects 83931

Number of viruses found 1

Number of infected objects 3

Number of suspicious objects 0

Duration of the scan process 01:26:55

 

Infected Object Name Virus Name Last Action

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

 

C:\Arquivos de programas\eMule\Temp\010.part Object is locked skipped

 

C:\Arquivos de programas\Firebird\MICRO01.lck Object is locked skipped

 

C:\Arquivos de programas\Firebird\security.fdb Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\Working\database_E074_B1BA_74B1_942E\

dfsr.db Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\Working\database_E074_B1BA_74B1_942E\

fsr.log Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\Working\database_E074_B1BA_74B1_942E\

fsrtmp.log Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\Working\database_E074_B1BA_74B1_942E\

tmp.edb Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\vera_meurer@hotmail.com\real\members.stg Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\vera_meurer@hotmail.com\shadow\members.stg Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\MSHist012008032520080326\index.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF3161.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF32F0.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF4417.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF442B.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF9C93.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF9CA3.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\Administrador\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

 

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

C:\System Volume Information\_restore{08F81DB9-E11E-4499-948C-095C57F756FA}\RP167\change.log Object is locked skipped

 

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

 

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

 

C:\WINDOWS\Sti_Trace.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

 

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\default Object is locked skipped

 

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

 

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

 

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

 

C:\WINDOWS\system32\config\SAM Object is locked skipped

 

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\software Object is locked skipped

 

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\system Object is locked skipped

 

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

 

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

 

C:\WINDOWS\system32\h323log.txt Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

 

C:\WINDOWS\Temp\Perflib_Perfdata_618.dat Object is locked skipped

 

C:\WINDOWS\wiadebug.log Object is locked skipped

 

C:\WINDOWS\wiaservc.log Object is locked skipped

 

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

D:\System Volume Information\_restore{08F81DB9-E11E-4499-948C-095C57F756FA}\RP148\A0018648.exe/data0000.bin/data0007 Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped

 

D:\System Volume Information\_restore{08F81DB9-E11E-4499-948C-095C57F756FA}\RP148\A0018648.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped

 

D:\System Volume Information\_restore{08F81DB9-E11E-4499-948C-095C57F756FA}\RP148\A0018648.exe EmbeddedEXE: infected - 2 skipped

 

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

Scan process completed.

[DigRam 144]

Boa Noite! Donna_

 

>@< Clique com o direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema.

>@< Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

___________________________

 

>@< Vá em Iniciar >> Executar >> Digite: cleanmgr

>@< Aguarde!No Utilitário de limpeza de disco,marque todas as caixas e confirme!

>@< Terminando,vá a Restauração e,desmarque a caixa novamente. >> Aplicar >> Ok.

___________________________

 

>@< Faça o download do a-squared Free 3.0

 

Link Opcional: < >

 

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Caso possa,procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena.

>@< Aonde,daí,serão excluídos ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta.

 

Abraços!

[Donna_ 0]

Boa tarde DigRam!

 

Fiz ontem a tarde mas ai travou o pc e não pude fazer novamente pq tinha que ir pra faculdade.

 

Agora fiz novamente.

 

você já deve ter notado que gosto de poker..rssss

 

Sei que existe um espião em todos os sites, é a maneira que eles utilizam pra proteger de fraudes, mas o que me chamou a atenção foi a respeito do bsplayer, que no meu outro pc tb até o avast detectou algo.

 

 

a-squared Free - Versão 3.1

Última atualização 26/03/2008 14:34:31

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\, D:\, E:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 27/03/2008 02:44:38

 

c:\casino detectado: Trace.Directory.CarnivalCasino

c:\documents and settings\administrador\dados de aplicativos\microsoft\internet explorer\quick launch\titan poker.lnk detectado: Trace.File.Titan Poker

c:\documents and settings\all users\menu iniciar\programas\titan poker\titan poker.lnk detectado: Trace.File.Titan Poker

c:\documents and settings\all users\menu iniciar\programas\titan poker\uninstall titan poker.lnk detectado: Trace.File.Titan Poker

Value: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Titan Poker --> Order detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_music detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_poker_avatar_num detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_sounds detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options-fullscreen detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options-volume detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> ButtonText detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Default Visible detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Exec detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> HotIcon detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Icon detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> MenuText detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> ToolTip detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker --> DisplayName detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker --> UninstallString detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> account detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> advertisercode detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> banner detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> creferer detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> profile detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> referer detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> safemode detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> uninstall detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> uninstall_lang detectado: Trace.Registry.Titan Poker

c:\arquivos de programas\webteh\bsplayer detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\doc detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\lang detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\plugins detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base detectado: Trace.Directory.BSplayer

c:\documents and settings\administrador\menu iniciar\programas\webteh detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\bplay.exe detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\bspfilters.sam detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\bsplay.exe detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\bsplayer.exe detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\bsplayer.exe.manifest detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\bsrendv2.dll detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\changes.txt detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\doc\cmdline.txt detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\doc\ini_files.html detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\plugins\oldskin.dll detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\bsp.h detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\bsp.pas detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\bspplg.h detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\bspplg.pas detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.def detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsp detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsw detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sampleplugin.c detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.c detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.def detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsp detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsw detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample\sample_plugin.dpr detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles\sample_sub.dpr detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base\prevd.bmp detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base\rgn.dat detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base\rgnfs.dat detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base\skin.ini detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base\skinfs.ini detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\bat lite.bsz detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\mediabox v-1.bsz detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\mediabox v-2.bsz detectado: Trace.File.BSplayer

Value: HKEY_CURRENT_USER\Software\BST\bsplayerv1 --> AppPath detectado: Trace.Registry.BSplayer

Value: HKEY_CURRENT_USER\Software\BST\bsplayerv1 --> AppVer detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> DisplayName detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> UninstallString detectado: Trace.Registry.BSplayer

c:\arquivos de programas\partygaming detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\images detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\language detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\language\en_us detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partycasino detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partycasino\language detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partycasino\language\en_us detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partycasino\language\en_us\images detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partycasino\language\en_us\images\games detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partycasino\language\en_us\images\games\cardgames detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partycasino\language\en_us\images\games\cardgames\blackjack detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partycasino\language\en_us\images\games\cardgames\blackjack\blackjack detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partycasino\language\en_us\images\games\cardgames\multiplayerbj detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partycasino\language\en_us\images\games\cardgames\multiplayerbj\multiplayerblackjack detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partypoker detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partypoker\images detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partypoker\language detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partypoker\language\en_us detectado: Trace.Directory.PartyPoker

c:\arquivos de programas\partygaming\partypoker\language\en_us\articles detectado: Trace.Directory.PartyPoker

c:\documents and settings\administrador\menu iniciar\programas\partypoker detectado: Trace.Directory.PartyPoker

c:\poker\titan poker detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\blackjack detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\lobby detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\lobby\buttons detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\lobby\dialogs detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\lobby\login detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\lobby\sidegames detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\lobby\tables detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\lobby\waitinglist detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\buttons detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\history detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\history\cards detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\html detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\html\chat detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\html\chat\emoticons detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds\playersounds detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds\playersounds\baseballer detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds\playersounds\blackdude detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds\playersounds\bond detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds\playersounds\cowboy detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds\playersounds\frenchgirl detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds\playersounds\frenchman detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds\playersounds\mafiaguy detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds\playersounds\olderbusinesswoman detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds\playersounds\oldtourist detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\shared\sounds\playersounds\valleygirl detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\smallview detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\smallview\chat detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\topview detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\topview\anim detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\topview\avatars detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\topview\buttons detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\topview\cards detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\topview\chat detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\topview\chat\chat_bottom detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\topview\chat\chat_side detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\topview\coins detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\topview\dialogs detectado: Trace.Directory.Titan Poker

c:\poker\titan poker\data\table\topview\history detectado: Trace.Directory.Titan Poker

c:\documents and settings\all users\menu iniciar\programas\titan poker detectado: Trace.Directory.Titan Poker

c:\documents and settings\administrador\dados de aplicativos\microsoft\internet explorer\quick launch\partypoker.lnk detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\ara.ini detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\dm.dll detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\images\habeas_webseal.gif detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\language\en_us\lang_pack_en_us.txt detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\libeay32.dll detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\llh.dll detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partycasino\gra.ini detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partycasino\partycasino.dll detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partycasino\sys.ini detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partygaming.exe detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\gra.ini detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\install.log detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\install.sss detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\language\en_us\lang_pack_en_us.txt detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\mouse_move.wav detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\notes.txt detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\partypoker.dll detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\poker.bin detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\ppunistall.bat detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\preloader.html detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\reminder.wav detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\ring.wav detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\runapp.exe detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\sys.ini detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\tabconfig.txt detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\tap.wav detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\partypoker\usertab.txt detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\ssleay32.dll detectado: Trace.File.PartyPoker

c:\arquivos de programas\partygaming\zlib1.dll detectado: Trace.File.PartyPoker

c:\documents and settings\administrador\menu iniciar\programas\partypoker\partypoker.lnk detectado: Trace.File.PartyPoker

c:\poker\titan poker\cactivex.dll detectado: Trace.File.Titan Poker

c:\poker\titan poker\casino.exe detectado: Trace.File.Titan Poker

c:\poker\titan poker\casino.hlp detectado: Trace.File.Titan Poker

c:\poker\titan poker\casino.ico detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\blackjack.dll detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\blackjack.gam detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\cashier.dll detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\cashier.gam detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\common.dll detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\common.gam detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\loader.dll detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\loader.gam detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\poker_common.dll detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\poker_common.gam detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\poker_lobby.dll detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\poker_lobby.gam detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\poker_table.dll detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\shared\bubble_lobby.jpg detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\shared\bubble_lobby-alpha.jpg detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\shared\html\cashier_offline.css detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\shared\html\cashier_offline.js detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\shared\html\cashier_offline_functions.js detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\shared\html\cashier_offline_poker.html detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\shared\html\chat\chat.html detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\shared\html\chat\colors.html detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\shared\html\chat\edit.html detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\shared\html\chat\emoticons.html detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\table\smallview\chat\chat.html detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\table\topview\cards\card.lwo detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\table\topview\cards\joker.bmp detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\table\topview\chat\chat.html detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\table\topview\chat\chat_options_back.jpg detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\table\topview\chat\send.jpg detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\table\topview\coins\coins.bmp detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\table\topview\coins\coins-alpha.bmp detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\table\topview\coins\dealer.jpg detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\table\topview\coins\dealer-alpha.jpg detectado: Trace.File.Titan Poker

c:\poker\titan poker\data\topview.gam detectado: Trace.File.Titan Poker

c:\poker\titan poker\directsounddriver.dll detectado: Trace.File.Titan Poker

c:\poker\titan poker\fileinfo.dat detectado: Trace.File.Titan Poker

c:\poker\titan poker\fileinfo2.dat detectado: Trace.File.Titan Poker

c:\poker\titan poker\fileinfo2r.dat detectado: Trace.File.Titan Poker

c:\poker\titan poker\gdigraphdriver.dll detectado: Trace.File.Titan Poker

c:\poker\titan poker\ptsetup.lang detectado: Trace.File.Titan Poker

c:\poker\titan poker\ptsetup.log detectado: Trace.File.Titan Poker

c:\poker\titan poker\replace.exe detectado: Trace.File.Titan Poker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 1 detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 10 detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 2 detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 4 detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 5 detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 6 detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 7 detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 9 detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> AdsLastKnownState detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> AppPath detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> BlackjackSounds detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> BlackjackVoice detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> DisableCharacters detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> DisableMouseHelp detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> EnableCallOuts detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> EnableCardAnimations detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> EnableCongratulations detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> EnableSounds detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> FourColourDeck detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> HHEnableLog detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> HHLogDays detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> HHLogSize detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> id detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> InitialPort detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> InstallState detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> MuckLosingHand detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> SearchHiding detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> SL detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> TableType detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> useCount detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming --> AutoLoginToOtherGames detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming --> CFDialogShown detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming --> FreshInstall detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\PartyGaming --> OldCFformat detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> ButtonText detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> CLSID detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Default Visible detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Exec detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> HotIcon detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Icon detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> MenuStatusBar detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> MenuText detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Path detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> DisplayIcon detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> DisplayName detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> DisplayVersion detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> InstallDate detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> InstallLocation detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> InstallSource detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> InstallSourceFile detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> Publisher detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> SilentSettings detectado: Trace.Registry.PartyPoker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker --> UninstallString detectado: Trace.Registry.PartyPoker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_10players detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_6players detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_8players detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_beginner detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_dp detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_gametype detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_headsup detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_limit detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_minplayers detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_nondp detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_playmode detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_realmode detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> table_stakes detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> tour_10players detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> tour_12players detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> tour_6players detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> tour_beginner detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> tour_buyin detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> tour_gametype detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> tour_headsup detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> tour_limit detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> tour_scheduled detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> tour_sitngo detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker\QuickSearch --> tour_startin detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> funaccount detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> funnickname detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> funusername detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> global_login_hint detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> lobby_favouritegames detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_autologinfun detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_dealervoices detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_poker_filter_empty detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_poker_filter_finished detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_poker_filter_full detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_poker_filter_inprogress detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_poker_showsidegames detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_poker_smallview detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> options_xlslots detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> poker_login_type detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> poker_nickname detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> ptdevm detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> selected_node detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> selected_node_sortby_first detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> selected_node_sortby_second detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> selected_node_sortorder_first detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> selected_node_sortorder_second detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> tribeca_playernotes detectado: Trace.Registry.Titan Poker

Value: HKEY_CURRENT_USER\Software\Titan Poker --> username detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> CLSID detectado: Trace.Registry.Titan Poker

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> homedir detectado: Trace.Registry.Titan Poker

C:\Documents and Settings\Administrador\Cookies\administrador@2o7[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@adservingml[1].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@adtech[1].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@advertising[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@comprafacil.com[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@comprafacil[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@edge.ru4[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@fl01.ct2.comclick[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@hotbar[1].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@linkto.com[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@mediamgr.ugo[1].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@server.iad.liveperson[1].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@server.iad.liveperson[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@server.iad.liveperson[3].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@server.iad.liveperson[4].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@serving-sys[1].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Administrador\Cookies\administrador@specificclick[2].txt detectado: Trace.TrackingCookie

 

Analisado

 

Arquivos: 122821

Objetos: 172718

Cookies: 787

Processos: 10

 

Encontrado

 

Arquivos: 0

Objetos: 323

Cookies: 18

Processos: 0

Chaves do registro: 0

 

Fim da análise: 27/03/2008 05:04:30

Duração da análise: 2:19:52

[DigRam 144]

Boa Tarde! Donna_

 

Sei que existe um espião em todos os sites, é a maneira que eles utilizam pra proteger de fraudes, mas o que me chamou a atenção foi a respeito do bsplayer, que no meu outro pc tb até o avast detectou algo.

>@< É devido ao programa adicional ( adware ),que é instalado junto ao BSPlayer. ( WhenU/Save )

__________________________

 

>@< Com este aqui,não há problemas,pois está isento de adwares.

 

<!> Caso queira,pode baixar: < Link >

 

>@< Não esqueça de tirá-lo do zip!

__________________________

 

>@< Faça outro scan em Kaspersky,e poste o relatório.

>@< Ps: Todos os outros computadores e o servidor,terão que ser desinfectados,antes de conectá-lo à rede.

 

Abraços!

[Donna_ 0]

oi DigRam!

 

como sabia que você me pediria isso, fiz isso em seguida.. como eu disse, estou sempre lendo o forum..

 

o problema é q deletou meus pokers :cry: :wacko:

 

 

Thursday, March 27, 2008 1:26:38 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 27/03/2008

Kaspersky Anti-Virus database records: 666904

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

C:\

D:\

E:\

G:\

Z:\

 

Scan Statistics

Total number of scanned objects 76225

Number of viruses found 0

Number of infected objects 0

Number of suspicious objects 0

Duration of the scan process 01:51:49

 

Infected Object Name Virus Name Last Action

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

 

C:\Arquivos de programas\eMule\Temp\010.part Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\Working\database_E074_B1BA_74B1_942E\

dfsr.db Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\Working\database_E074_B1BA_74B1_942E\

fsr.log Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\Working\database_E074_B1BA_74B1_942E\

fsrtmp.log Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\vera_meurer@hotmail.com\SharingMetadata\Working\database_E074_B1BA_74B1_942E\

tmp.edb Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\vera_meurer@hotmail.com\real\members.stg Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\vera_meurer@hotmail.com\shadow\members.stg Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\MSHist012008032720080328\index.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF6C3E.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF6C4F.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DFA0CA.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DFDBC8.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DFDBD6.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DFEC36.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\~DFEC51.tmp Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\Administrador\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\Administrador\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\All Users\Dados de aplicativos\Arovax\Antispyware\report.html Object is locked skipped

 

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Dr Watson\drwtsn32.log Object is locked skipped

 

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

 

C:\Sist\ProSindW\PROSINDW.GDB Object is locked skipped

 

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

C:\System Volume Information\_restore{08F81DB9-E11E-4499-948C-095C57F756FA}\RP1\change.log Object is locked skipped

 

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

 

C:\WINDOWS\java\javalog.txt Object is locked skipped

 

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

 

C:\WINDOWS\Sti_Trace.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

 

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\default Object is locked skipped

 

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

 

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

 

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

 

C:\WINDOWS\system32\config\SAM Object is locked skipped

 

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\software Object is locked skipped

 

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\system Object is locked skipped

 

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

 

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

 

C:\WINDOWS\system32\h323log.txt Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

 

C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat Object is locked skipped

 

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

 

C:\WINDOWS\wiadebug.log Object is locked skipped

 

C:\WINDOWS\wiaservc.log Object is locked skipped

 

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

Scan process completed.

[DigRam 144]

Boa Noite! Donna_

 

como sabia que você me pediria isso, fiz isso em seguida.. como eu disse, estou sempre lendo o forum..

o problema é q deletou meus pokers

>@< Voçê está se referindo,ao a-squared?

>@< Já que os arquivos,quarantinados,poderiam ser,ou não,deletados.Neste caso,os seus pokers seriam restaurados.

___________________________

 

>@< Este computador,está desinfectado!

>@< Mas,se inseri-lo,novamente,à rede...

>@< Porque voçê não utiliza um Firewall,neste PC,para as suas transações bancárias?

 

Abraços!

[Donna_ 0]

Boa Noite DigRam!

 

obrigada pela ajuda.. :thumbsup:

 

já baixei o Firewall, agora só falta configurar..

 

o outro pc é mais simples, pois naum tem tantos arquivos como este, nem tantos programas.

 

eu tinha o fireval do windows, mas pelo visto naum adianta muito..

 

mais uma vez obrigada.. vou continuar lendo o forum sempre.. :)

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.