[Arquivado] abrindo relatório de erros

[fonck 0]

Logfile of HijackThis v1.99.1

Scan saved at 18:58:55, on 19/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe

C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{498FAAE0-56C8-418F-8BF0-61E0BA1B3568}: NameServer = 171.0.4.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

Aguardo Retorno

[fonck 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

Aguardo Retorno

Logfile of HijackThis v1.99.1

Scan saved at 00:50:46, on 20/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe

C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Downloads\Software\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{498FAAE0-56C8-418F-8BF0-61E0BA1B3568}: NameServer = 171.0.4.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

ComboFix 08-04-18.3 - FONSECA FILHO 2008-04-20 0:24:21.1 - NTFSx86

Executando de: C:\Downloads\Software\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))

.

 

2008-04-18 17:50 . 2001-10-28 14:06 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex

2008-04-18 17:49 . 2001-10-28 14:06 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-04-18 17:48 . 2004-08-04 00:45 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll

2008-04-18 17:46 . 2001-10-28 14:06 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe

2008-04-18 17:46 . 2008-04-18 17:46 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-04-18 17:46 . 2008-04-18 17:46 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-04-18 17:46 . 2008-04-18 17:46 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-04-18 17:46 . 2008-04-18 17:46 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

2008-04-18 17:46 . 2008-04-18 17:46 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-04-18 17:46 . 2008-04-18 17:46 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-04-18 17:13 . 2008-04-18 17:13 <DIR> d-------- C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Ahead

2008-04-18 17:11 . 2008-04-18 17:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-04-18 15:38 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll

2008-04-17 22:44 . 2008-04-17 22:44 <DIR> d-------- C:\Arquivos de programas\Digital Camera

2008-04-17 22:44 . 2007-02-26 21:28 55,808 --a------ C:\WINDOWS\system32\drivers\nvtcam.sys

2008-04-17 22:44 . 2004-04-12 14:32 41,760 --a------ C:\WINDOWS\system\VFWWDM.DRV

2008-04-17 22:44 . 2007-02-26 21:28 24,192 --a------ C:\WINDOWS\system32\drivers\NVTCAMD2.SYS

2008-04-17 11:24 . 2008-04-18 17:08 25,798 --a------ C:\WINDOWS\setupapi.old

2008-04-16 19:15 . 2008-04-16 19:15 <DIR> d-------- C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Yahoo!

2008-04-15 20:22 . 2008-04-15 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo!

2008-04-12 23:33 . 2008-04-12 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-04-12 23:33 . 2008-04-12 23:33 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-04-09 23:23 . 2008-04-09 23:23 <DIR> d-------- C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Bitdefender

2008-04-09 23:23 . 2008-04-20 00:33 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-04-09 23:22 . 2008-04-09 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\BitDefender

2008-04-09 23:22 . 2008-04-09 23:22 <DIR> d-------- C:\Arquivos de programas\Softwin

2008-04-09 23:22 . 2008-04-09 23:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Softwin

2008-04-09 23:19 . 2008-04-20 00:24 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG

2008-04-09 22:21 . 2008-04-09 22:21 <DIR> d-------- C:\!KillBox

2008-04-03 21:42 . 2008-04-18 20:00 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-04-03 21:42 . 2008-04-03 21:42 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-04-02 23:27 . 2008-04-19 23:15 <DIR> d-------- C:\Arquivos de programas\Mu-X Installer

2008-04-02 23:23 . 2008-04-11 23:18 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-04-02 14:26 . 2008-04-02 14:26 <DIR> d-------- C:\Arquivos de programas\NeroInstall.bak

2008-04-02 14:26 . 2008-04-18 17:54 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG

2008-04-02 14:22 . 2008-04-02 14:22 <DIR> d-------- C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Nero

2008-04-02 14:19 . 2008-04-18 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-04-02 14:19 . 2008-04-18 17:11 <DIR> d-------- C:\Arquivos de programas\Nero

2008-04-02 14:19 . 2008-04-18 15:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-04-02 14:13 . 2008-04-03 10:08 <DIR> d-------- C:\Arquivos de programas\AskTBar

2008-03-31 20:34 . 2008-03-31 20:34 <DIR> d-------- C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Media Player Classic

2008-03-31 20:33 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm

2008-03-31 20:33 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-03-31 20:33 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-03-31 20:33 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-03-31 20:33 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-03-31 20:32 . 2008-03-31 20:32 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-03-31 20:32 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-03-31 20:32 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-03-31 20:32 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll

2008-03-31 20:32 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-03-31 20:32 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-03-31 20:32 . 2008-03-04 12:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-03-31 20:32 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-03-31 16:32 . 2008-03-31 20:32 <DIR> d-------- C:\Arquivos de programas\Real

2008-03-31 16:32 . 2008-03-31 20:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2008-03-29 20:32 . 2008-03-29 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-03-29 20:31 . 2008-04-05 21:43 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-03-29 19:52 . 1998-06-23 21:00 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

2008-03-29 19:52 . 2005-04-11 08:53 28,672 --a------ C:\WINDOWS\system32\mcoinstall.exe

2008-03-29 19:52 . 2005-04-05 13:28 22,016 --a------ C:\WINDOWS\system32\MSWINSCK.oca

2008-03-29 19:52 . 1998-06-17 21:00 2,465 --a------ C:\WINDOWS\system32\MSWINSCK.DEP

2008-03-29 19:23 . 2008-03-31 13:56 1,380 --a------ C:\WINDOWS\mozver.dat

2008-03-29 18:48 . 2008-03-29 18:48 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-03-29 16:05 . 2008-03-29 16:05 <DIR> d---s---- C:\Documents and Settings\FONSECA FILHO\UserData

2008-03-29 15:44 . 2008-04-19 19:22 <DIR> d-------- C:\Downloads

2008-03-29 14:47 . 2008-04-19 19:31 <DIR> d-------- C:\Documents and Settings\FONSECA FILHO\Tracing

2008-03-29 14:40 . 2008-03-29 14:40 268 --ah----- C:\sqmdata00.sqm

2008-03-29 14:40 . 2008-03-29 14:40 244 --ah----- C:\sqmnoopt00.sqm

2008-03-29 14:39 . 2008-03-29 14:39 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-03-29 14:10 . 2008-04-20 00:32 <DIR> d-------- C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Free Download Manager

2008-03-29 14:09 . 2008-03-29 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

2008-03-29 14:09 . 2008-03-29 14:10 <DIR> d-------- C:\Arquivos de programas\Free Download Manager

2008-03-29 13:43 . 2008-03-29 13:43 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-29 12:28 . 2004-08-04 00:45 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-03-29 12:24 . 2008-03-29 12:28 <DIR> d-------- C:\WINDOWS\VistaMizer

2008-03-29 12:20 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-03-29 12:20 . 2008-03-29 12:20 421 --a------ C:\WINDOWS\ODBC.INI

2008-03-29 12:18 . 2008-03-29 12:18 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-03-29 12:18 . 2008-03-29 12:18 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-03-29 12:17 . 2008-03-29 12:18 <DIR> d--h----- C:\WINDOWS\ShellNew

2008-03-29 11:40 . 2008-03-29 11:40 <DIR> d-------- C:\Arquivos de programas\RALINK

2008-03-29 11:40 . 2006-01-19 22:10 363,008 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2008-03-29 11:40 . 2005-05-17 15:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe

2008-03-29 11:40 . 2006-01-19 09:20 295,016 --a------ C:\WINDOWS\system32\Install6x.dll

2008-03-29 11:40 . 2005-10-20 15:00 243,328 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS

2008-03-29 11:40 . 2008-03-29 11:40 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-03-29 11:40 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2008-03-29 11:40 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2008-03-29 11:40 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2008-03-29 11:40 . 2005-06-16 00:30 162 --a------ C:\WINDOWS\filespec6x

2008-03-29 11:29 . 2008-03-29 11:29 <DIR> d-------- C:\Arquivos de programas\HP

2008-03-29 11:29 . 2005-04-08 19:44 45,056 --a------ C:\WINDOWS\system32\hpzll3xu.dll

2008-03-29 11:28 . 2008-03-29 11:28 <DIR> d-------- C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\HP

2008-03-29 11:27 . 2008-03-29 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-03-29 11:27 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll

2008-03-29 11:27 . 2005-04-27 15:37 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll

2008-03-29 11:26 . 2007-03-08 01:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

2008-03-29 11:26 . 2007-03-08 01:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys

2008-03-29 11:26 . 2007-03-08 01:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2008-03-29 11:25 . 2008-03-29 11:25 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-03-29 11:25 . 2007-03-17 13:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll

2008-03-29 11:25 . 2007-03-17 13:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll

2008-03-29 11:25 . 2007-03-08 01:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll

2008-03-29 11:25 . 2007-03-08 01:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll

2008-03-29 11:25 . 2007-03-17 13:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll

2008-03-29 11:25 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-03-29 11:17 . 2008-03-29 11:17 <DIR> d-------- C:\Arquivos de programas\Realtek Sound Manager

2008-03-29 11:17 . 2008-03-29 11:17 <DIR> d-------- C:\Arquivos de programas\Realtek AC97

2008-03-29 11:17 . 2008-03-29 11:17 <DIR> d-------- C:\Arquivos de programas\AvRack

2008-03-29 11:17 . 2005-06-02 05:31 294,912 -ra------ C:\WINDOWS\alcupd.exe

2008-03-29 11:17 . 2005-06-02 05:43 200,704 -ra------ C:\WINDOWS\alcrmv.exe

2008-03-29 11:17 . 2005-07-15 05:48 40,960 -ra------ C:\WINDOWS\system32\ChCfg.exe

2008-03-29 11:17 . 2004-07-01 04:02 584 -ra------ C:\WINDOWS\system32\drivers\alcxinit.dat

2008-03-29 11:17 . 2001-07-05 13:19 164 -ra------ C:\WINDOWS\avrack.ini

2008-03-29 11:16 . 2008-03-29 11:16 <DIR> d-------- C:\Arquivos de programas\VIA

2008-03-29 11:16 . 2008-03-29 11:40 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2008-03-29 11:16 . 2004-09-17 06:37 61,440 -ra------ C:\WINDOWS\system32\vuins32.dll

2008-03-29 11:16 . 2005-06-20 07:53 60,928 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys

2008-03-29 11:16 . 2004-12-16 02:36 42,496 -ra------ C:\WINDOWS\system32\drivers\fetnd5bv.sys

2008-03-29 11:15 . 2005-03-23 16:56 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-03-29 11:10 . 2008-03-29 11:11 <DIR> d-------- C:\WINDOWS\system32\Tools

2008-03-29 11:10 . 2008-03-29 11:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-03-29 11:07 . 2008-03-29 11:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-29 11:02 . 2005-07-22 03:56 18,763,776 -ra------ C:\WINDOWS\system32\ALSNDMGR.CPL

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-29 13:46 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-03-29 13:44 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-03-29 13:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2004-07-22 13:51 3,432,656 ----a-w C:\Arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 1,156,363 ----a-w C:\Arquivos de programas\BDANT.cab

2004-07-20 01:53 976,020 ----a-w C:\Arquivos de programas\BDAXP.cab

2004-07-09 17:17 13,265,040 ----a-w C:\Arquivos de programas\dxnt.cab

2004-07-09 12:13 703,080 ----a-w C:\Arquivos de programas\BDA.cab

2004-07-09 12:13 15,493,481 ----a-w C:\Arquivos de programas\DirectX.cab

2004-07-09 07:08 472,576 ----a-w C:\Arquivos de programas\dxsetup.exe

2004-07-09 07:08 2,242,560 ----a-w C:\Arquivos de programas\dsetup32.dll

2004-07-09 06:03 62,976 ----a-w C:\Arquivos de programas\DSETUP.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [2008-02-25 21:17 2465839]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"BDMCon"="C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]

"BDAgent"="C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"SoundMan"="SOUNDMAN.EXE" [2005-07-22 04:00 81920 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Ralink Wireless Utility.lnk - C:\Arquivos de programas\RALINK\Common\RaUI.exe [2008-03-29 11:40:46 589824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=sockspy.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\system32\\mcoinstall.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55e7b286-fd99-11dc-b3c1-0016ec30917c}]

\Shell\Auto\command - winsys3.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winsys3.exe

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-20 00:32:46

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-04-20 0:43:33

ComboFix-quarantined-files.txt 2008-04-20 03:43:16

 

Pre-Run: 70,249,193,472 bytes disponíveis

Post-Run: 70,672,064,512 bytes disponíveis

 

201

[Silas Martins 0]

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

02 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

Clique em Fix checked

gere um novo log do Hijack,

Aguardo o retorno

[fonck 0]

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

02 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

Logfile of HijackThis v1.99.1

Scan saved at 12:03:32, on 20/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe

C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Downloads\Software\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{498FAAE0-56C8-418F-8BF0-61E0BA1B3568}: NameServer = 171.0.4.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Ar

acho q tirei, mas a janela de erro ainda abre no pc, a do navegador explorer parou, e o spybot fica mandando pedir pra permitir o R3 - URL . . .

[Silas Martins 0]

Log Limpo

 

Peço a você que descreva que processo é esse que o spybot insiste em querer inserir no registro.

[Silas Martins 0]

Baixe o WornFix

Salve-o na área de trabalho, descompacte-o e execute o fix.exe worn e clique em remover.

[fonck 0]

Baixe o WornFix

Salve-o na área de trabalho, descompacte-o e execute o fix.exe worn e clique em remover.

Logfile of HijackThis v1.99.1

Scan saved at 21:46:52, on 20/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe

C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\explorer.exe

C:\Downloads\Software\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{498FAAE0-56C8-418F-8BF0-61E0BA1B3568}: NameServer = 171.0.4.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\Bi

[Silas Martins 0]

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

Clique em Fix checked

Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo Retorno

[fonck 0]

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

Clique em Fix checked

Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo Retorno

Logfile of HijackThis v1.99.1

Scan saved at 14:17:27, on 21/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe

C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Downloads\Software\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{498FAAE0-56C8-418F-8BF0-61E0BA1B3568}: NameServer = 171.0.4.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Silas Martins 0]

Log Limpo

Peço que faça um scan online no www.kasperskylab.com

[fonck 0]

Log Limpo

Peço que faça um scan online no www.kasperskylab.com

Sunday, April 20, 2008 7:15:23 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 20/04/2008

Kaspersky Anti-Virus database records: 717511

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

E:\

Scan Statistics

Total number of scanned objects 43306

Number of viruses found 2

Number of infected objects 5

Number of suspicious objects 0

Duration of the scan process 00:44:52

 

Infected Object Name Virus Name Last Action

C:\Arquivos de programas\AskTBar\bar\1.bin\A5POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Microsoft\Messenger\MsnMsgr.txt Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Histórico\History.IE5\MSHist012008042020080421\index.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temp\Free Download Manager\tic9.tmp Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temp\~DF8216.tmp Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temp\~DF8222.tmp Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temp\~DF8398.tmp Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temp\~DF83A4.tmp Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\cert8.db Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\history.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\key3.db Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\parent.lock Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\search.sqlite Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Downloads\Software\Nero-8.3.2.1_ptb_trial(1).exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Downloads\Software\Nero-8.3.2.1_ptb_trial(1).exe 7-Zip: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{058D4B92-661F-4525-9FC7-1CB2DD244A4A}\RP3\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\bdss.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\tmp000062fd\tmp00000000 Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\AULAS,VIRUS-SILAS\relat. de erro.pub Object is locked skipped

Scan process completed.

[fonck 0]

Log Limpo

Peço que faça um scan online no www.kasperskylab.com

Sunday, April 20, 2008 7:15:23 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 20/04/2008

Kaspersky Anti-Virus database records: 717511

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

E:\

Scan Statistics

Total number of scanned objects 43306

Number of viruses found 2

Number of infected objects 5

Number of suspicious objects 0

Duration of the scan process 00:44:52

 

Infected Object Name Virus Name Last Action

C:\Arquivos de programas\AskTBar\bar\1.bin\A5POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Microsoft\Messenger\MsnMsgr.txt Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Histórico\History.IE5\MSHist012008042020080421\index.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temp\Free Download Manager\tic9.tmp Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temp\~DF8216.tmp Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temp\~DF8222.tmp Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temp\~DF8398.tmp Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temp\~DF83A4.tmp Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\cert8.db Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\history.dat Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\key3.db Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\parent.lock Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\search.sqlite Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\Dados de aplicativos\Mozilla\Firefox\Profiles\01v1bwks.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\FONSECA FILHO\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Downloads\Software\Nero-8.3.2.1_ptb_trial(1).exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Downloads\Software\Nero-8.3.2.1_ptb_trial(1).exe 7-Zip: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{058D4B92-661F-4525-9FC7-1CB2DD244A4A}\RP3\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\bdss.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\tmp000062fd\tmp00000000 Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\AULAS,VIRUS-SILAS\relat. de erro.pub Object is locked skipped

Scan process completed.

Product BitDefender Free Edition v10

// Product 10.2

//

// Created on: 21/04/2008 21:25:46

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

Folders : 1905

Files : 14177

Memory processes scanned : 37

Archives : 4

Runtime packers : 1168

Identified viruses : 0

Infected files : 0

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 0

I/O errors : 8

Scan time : 00:10:57

Scan speed (files/sec) : 21

 

Spyware Statistics

 

Registry keys scanned : 282

Registry keys infected : 0

Cookies scanned : 27

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 1169455

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 7

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[ ] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[X] Programs

[ ] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[ ] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Dados de aplicativos\Bitdefender\Desktop\Profiles\Logs\full_scan\1208823946.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.