[Arquivado] Analisar log

[netos 0]

meu pc ta infectado por umas janelas do CID e MERCADO LIVRE

 

MEU PC TA LENTO MEU LOG

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:45:22, on 7/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

c:\windows\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [bat Wave Base Dale] C:\Documents and Settings\All Users\Dados de aplicativos\Link Axis Bat Wave\option plan.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [dog error] C:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1\inter jugs mix.exe

O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [JustVoip] "C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - HKCU\..\Run: [12Voip] "C:\Arquivos de programas\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195835448046

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} - http://axcab.wrs.mcboo.com/website.cab

O16 - DPF: {7AD348C0-76CD-4FC0-B514-1CDD2F767212} (GTDControl Control) - http://www.camangi.com/GTD/GTD.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/games/applets/g...mjolauncher.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/g...bugs/axhost.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.atrativa.com.br/games/swf/feedi...outLauncher.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/p...opcaploader.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O24 - Desktop Component 0: (no name) - http://www.chmod.com.br/vb/clientscript/vb...global.js?v=367

 

--

End of file - 8872 bytes

[DigRam 144]

Boa Noite! netos

 

>@< Faça o download do FindLop.

>@< Descompacte o programa e envie os arquivos,para uma pasta própria: < C:\FindLop.exe >

>@< Mas,não execute-o ainda!

>@< Faça o download do Lop Uninstaller.

>@< Caso o AntiVírus,acuse a ferramenta como Malware,ignore o aviso e permita a sua execução.

>@< Caso o navegador dificulte o download,coloque: < http://lop.com >,como Site Preferencial.

 

Tutorial

 

>@< Abra o Internet Explorer.

>@< Clique em Ferramentas >> Opções da Internet>> Clique na guia Segurança.

>@< Clique em Sites Confiáveis >> Sites, no campo Adicionar este site à zona,coloque:

 

< http://lop.com >

 

>@< Clique em Adicionar.

>@< Desmarque a opção: Exigir Verificação do Servidor.( https )

>@< Clique Ok,em todas as janelas,e tente realizar o download.

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares.

>@< Execute o desinstalador!

>@< Digite os números e,confirme!

>@< Abra,novamente,o Internet Explorer.

>@< Clique em Ferramentas >> Opções da Internet >> Clique na guia Segurança.

>@< Clique em Sites Confiáveis >> Sites.

>@< Clique em: < http://lop.com >

>@< Clique em Remover.

>@< Clique em Ok,para todas as janelas.

__________________________________

 

>@< Execute,agora,o findlop.bat

>@< Será gerado um relatório ( findlop.txt ) no Disco Local-C.

>@< Poste,na sua resposta,um nôvo Log do HijackThis.

>@< Poste,também,o relatório [ findlop.txt ] que está em C:\xxx..

 

Abraços!

[netos 0]

findlop.txt

 

[TRACE] Enumerating jobs and queues

[TRACE] Activating job 'AF2500AD918AB959.job'

[TRACE] Printing all job properties

 

ApplicationName: 'c:\docume~1\las~1\dadosd~1\boobpi~1\Stupidclockintra.exe'

Parameters: ''

WorkingDirectory: ''

Comment: ''

Creator: 'Laís'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 03/01/2008 21:00:00

NextRun: 04/08/2008 9:00:00

StartError: 0x80070534

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 06/04/2000

EndDate: 00/00/0000

StartTime: 00:00

MinutesDuration: 1440

MinutesInterval: 60

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

hijackthis.log

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:28:37, on 8/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

c:\windows\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Puxa Rápido\PuxaRapido.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [bat Wave Base Dale] C:\Documents and Settings\All Users\Dados de aplicativos\Link Axis Bat Wave\option plan.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [dog error] C:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1\inter jugs mix.exe

O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [JustVoip] "C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - HKCU\..\Run: [12Voip] "C:\Arquivos de programas\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195835448046

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} - http://axcab.wrs.mcboo.com/website.cab

O16 - DPF: {7AD348C0-76CD-4FC0-B514-1CDD2F767212} (GTDControl Control) - http://www.camangi.com/GTD/GTD.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/games/applets/g...mjolauncher.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/g...bugs/axhost.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.atrativa.com.br/games/swf/feedi...outLauncher.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/p...opcaploader.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O24 - Desktop Component 0: (no name) - http://www.chmod.com.br/vb/clientscript/vb...global.js?v=367

 

--

End of file - 9398 bytes

[DigRam 144]

Boa Noite! netos

 

>@< DESINSTALE: < ActivationManager >

>@< Após desinstalar,reinicie o computador.

________________________

 

>@< Abra o HijackThis e,com todos os programas fechados,dê Fix nestas entradas:

 

O4 - HKLM\..\Run: [bat Wave Base Dale] C:\Documents and Settings\All Users\Dados de aplicativos\Link Axis Bat Wave\option plan.exe

O4 - HKCU\..\Run: [dog error] C:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1\inter jugs mix.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/p...opcaploader.cab

>@< Delete as pastas,em destaque.

 

C:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1 << A pasta!

 

C:\Documents and Settings\All Users\Dados de aplicativos\Link Axis Bat Wave << A pasta!

 

>@< Delete os arquivos,em destaque.

 

C:\Docume~1\las~1\Dadosd~1\boobpi~1\Stupidclockintra.exe

 

C:\WINDOWS\Tasks\AF2500AD918AB959.job

________________________

 

>@< Faça o download do LopS&D.

>@< Salve-o no Disco Local-C.

>@< Instale o programa e clique em: LopSD.cmd

>@< Na janela que abrir,aperte o "p" >> Aperte Enter.

>@< Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!

>@< Terminando,salve e poste o relatório. ( C:\lopR.txt )

>@< Poste,também,HJT atualizado.

 

Abraços!

[netos 0]

LOP S&D

 

 

-----------------------[ Lop S&D 4.1.0-9 XP/Vista ]---------------------

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : MASTER ] [ "C:\Lop SD" ]

[ qua 09/04/2008 | 9:58:56,26 ] [ PC : HOME ]

[ MAJ : 08-04-2008 | 23:37 ]

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS ////////////////////////////////

 

Arquivos/Ficheiros Hosts RESTAURADO

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

-------------[ Lista de pastas em Application Data ]------------

 

[09/04/2008|08:52] C:\DOCUME~1\ALLUSE~1\DADOSD~1\.

[09/04/2008|08:52] C:\DOCUME~1\ALLUSE~1\DADOSD~1\..

[03/03/2008|17:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[27/02/2008|19:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

[04/01/2008|16:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ashampoo

[27/03/2008|14:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avg7

[20/11/2007|09:59] C:\DOCUME~1\ALLUSE~1\DADOSD~1\desktop.ini

[05/12/2007|22:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GameHouse

[07/04/2008|13:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[25/03/2008|15:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[19/02/2008|20:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HipSoft

[19/01/2008|22:50] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[02/04/2008|15:56] C:\DOCUME~1\ALLUSE~1\DADOSD~1\hpzinstall.log

[15/02/2008|11:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Link Axis Bat Wave

[17/03/2008|10:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[23/11/2007|19:51] C:\DOCUME~1\ALLUSE~1\DADOSD~1\MumboJumbo

[13/02/2008|17:43] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NCH Swift Sound

[05/12/2007|22:40] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NeptunesAdve

[05/12/2007|08:34] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[13/01/2008|22:59] C:\DOCUME~1\ALLUSE~1\DADOSD~1\pixelStorm

[13/02/2008|19:40] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PlayFirst

[14/03/2008|11:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

[12/12/2007|10:59] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sandlot Games

[17/03/2008|09:28] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Superlogica

[25/03/2008|17:41] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[02/12/2007|17:50] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[25/03/2008|11:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WinZip

[02/04/2008|11:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

[01/12/2007|10:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Zylom

 

 

[20/11/2007|09:59] C:\DOCUME~1\DEFAUL~1\DADOSD~1\.

[20/11/2007|09:59] C:\DOCUME~1\DEFAUL~1\DADOSD~1\..

[20/11/2007|09:59] C:\DOCUME~1\DEFAUL~1\DADOSD~1\desktop.ini

[20/11/2007|12:08] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[27/03/2008|14:02] C:\DOCUME~1\LOCALS~1\DADOSD~1\.

[27/03/2008|14:02] C:\DOCUME~1\LOCALS~1\DADOSD~1\..

[27/03/2008|14:02] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[07/04/2008|16:00] C:\DOCUME~1\MASTER\DADOSD~1\.

[07/04/2008|16:00] C:\DOCUME~1\MASTER\DADOSD~1\..

[17/03/2008|15:46] C:\DOCUME~1\MASTER\DADOSD~1\12Voip

[25/03/2008|14:33] C:\DOCUME~1\MASTER\DADOSD~1\Adobe

[08/04/2008|14:23] C:\DOCUME~1\MASTER\DADOSD~1\ADPHONE

[03/03/2008|14:38] C:\DOCUME~1\MASTER\DADOSD~1\Ahead

[03/03/2008|10:10] C:\DOCUME~1\MASTER\DADOSD~1\boob pile ace

[01/04/2008|11:20] C:\DOCUME~1\MASTER\DADOSD~1\Cashfiesta

[20/11/2007|09:59] C:\DOCUME~1\MASTER\DADOSD~1\desktop.ini

[31/03/2008|08:47] C:\DOCUME~1\MASTER\DADOSD~1\Desktopicon

[14/03/2008|17:06] C:\DOCUME~1\MASTER\DADOSD~1\Gizmo5

[04/03/2008|12:57] C:\DOCUME~1\MASTER\DADOSD~1\Google

[06/03/2008|17:23] C:\DOCUME~1\MASTER\DADOSD~1\HP

[20/11/2007|12:39] C:\DOCUME~1\MASTER\DADOSD~1\Identities

[06/03/2008|17:28] C:\DOCUME~1\MASTER\DADOSD~1\Image Zone Express

[14/03/2008|15:22] C:\DOCUME~1\MASTER\DADOSD~1\JustVoip

[03/04/2008|08:39] C:\DOCUME~1\MASTER\DADOSD~1\LimeWire

[14/03/2008|12:50] C:\DOCUME~1\MASTER\DADOSD~1\Macromedia

[14/03/2008|11:08] C:\DOCUME~1\MASTER\DADOSD~1\Media Player Classic

[27/03/2008|14:02] C:\DOCUME~1\MASTER\DADOSD~1\Microsoft

[02/04/2008|08:44] C:\DOCUME~1\MASTER\DADOSD~1\Mozilla

[06/03/2008|13:45] C:\DOCUME~1\MASTER\DADOSD~1\Orbit

[14/03/2008|11:08] C:\DOCUME~1\MASTER\DADOSD~1\Real

[02/04/2008|08:44] C:\DOCUME~1\MASTER\DADOSD~1\Talkback

[19/01/2008|22:08] C:\DOCUME~1\MASTER\DADOSD~1\teamspeak2

[04/03/2008|10:39] C:\DOCUME~1\MASTER\DADOSD~1\Thinstall

[17/03/2008|13:41] C:\DOCUME~1\MASTER\DADOSD~1\VoipRaider

[31/03/2008|17:13] C:\DOCUME~1\MASTER\DADOSD~1\Yahoo!

 

[20/11/2007|12:37] C:\DOCUME~1\NETWOR~1\DADOSD~1\.

[20/11/2007|12:37] C:\DOCUME~1\NETWOR~1\DADOSD~1\..

[27/03/2008|14:02] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

----------------[ Tarefas Agendadas na pasta C:\WINDOWS\Tasks ]---------------

 

[09/04/2008 09:00][--ah-----] C:\WINDOWS\tasks\AF2500AD918AB959.job

[09/04/2008 09:45][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 15:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

---------------[ Lista de pastas em C:\Arquivos de programas ]--------------

 

[09/04/2008|08:42] C:\Arquivos de programas\.

[09/04/2008|08:42] C:\Arquivos de programas\..

[03/03/2008|17:13] C:\Arquivos de programas\Adobe

[27/02/2008|19:23] C:\Arquivos de programas\Ahead

[01/04/2008|16:58] C:\Arquivos de programas\Arquivos comuns

[15/02/2008|11:04] C:\Arquivos de programas\boob pile ace

[28/03/2008|10:43] C:\Arquivos de programas\Combined Community Codec Pack

[20/11/2007|12:05] C:\Arquivos de programas\ComPlus Applications

[25/03/2008|14:08] C:\Arquivos de programas\ElcomSoft

[12/03/2008|08:27] C:\Arquivos de programas\FunWebProducts

[07/04/2008|13:01] C:\Arquivos de programas\GbPlugin

[02/04/2008|15:55] C:\Arquivos de programas\Hewlett-Packard

[16/01/2008|22:02] C:\Arquivos de programas\Horizon

[02/04/2008|15:55] C:\Arquivos de programas\HP

[02/04/2008|16:14] C:\Arquivos de programas\InstallShield Installation Information

[02/04/2008|17:06] C:\Arquivos de programas\Internet Explorer

[31/03/2008|14:15] C:\Arquivos de programas\Java

[31/03/2008|14:16] C:\Arquivos de programas\LimeWire

[02/01/2008|00:16] C:\Arquivos de programas\Messenger

[20/11/2007|12:09] C:\Arquivos de programas\microsoft frontpage

[20/11/2007|14:24] C:\Arquivos de programas\Microsoft Office

[20/11/2007|14:24] C:\Arquivos de programas\Microsoft Works

[20/11/2007|14:26] C:\Arquivos de programas\Microsoft.NET

[20/11/2007|12:06] C:\Arquivos de programas\Movie Maker

[20/11/2007|12:04] C:\Arquivos de programas\MSN Gaming Zone

[02/01/2008|00:04] C:\Arquivos de programas\MSXML 4.0

[27/02/2008|19:29] C:\Arquivos de programas\Nero

[20/11/2007|12:06] C:\Arquivos de programas\NetMeeting

[02/01/2008|00:14] C:\Arquivos de programas\Outlook Express

[08/04/2008|13:03] C:\Arquivos de programas\Puxa R pido

[14/03/2008|11:07] C:\Arquivos de programas\Real Alternative

[22/12/2007|18:59] C:\Arquivos de programas\Scpad

[07/03/2008|09:08] C:\Arquivos de programas\SEFAZ

[22/11/2007|02:09] C:\Arquivos de programas\Servi‡os on-line

[01/01/2008|19:43] C:\Arquivos de programas\Spuntrix1 v2.0

[16/01/2008|16:39] C:\Arquivos de programas\Tint

[07/04/2008|10:03] C:\Arquivos de programas\Trend Micro

[29/01/2008|22:53] C:\Arquivos de programas\Typle2.0v

[20/11/2007|12:38] C:\Arquivos de programas\Uninstall Information

[02/04/2008|08:42] C:\Arquivos de programas\Unlocker

[02/04/2008|15:51] C:\Arquivos de programas\Windows Live

[02/04/2008|16:10] C:\Arquivos de programas\Windows Media Player

[02/04/2008|16:09] C:\Arquivos de programas\Windows NT

[20/11/2007|12:07] C:\Arquivos de programas\WindowsUpdate

[04/03/2008|10:29] C:\Arquivos de programas\WinZip

[20/11/2007|12:09] C:\Arquivos de programas\xerox

 

------[ Lista de pastas em C:\Arquivos de programas\Arquivos comuns ]------

 

[01/04/2008|16:58] C:\Arquivos de programas\Arquivos comuns\.

[01/04/2008|16:58] C:\Arquivos de programas\Arquivos comuns\..

[03/03/2008|17:16] C:\Arquivos de programas\Arquivos comuns\Adobe

[27/02/2008|19:17] C:\Arquivos de programas\Arquivos comuns\Ahead

[20/11/2007|14:24] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[19/01/2008|22:44] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[02/04/2008|15:49] C:\Arquivos de programas\Arquivos comuns\HP

[12/02/2008|21:39] C:\Arquivos de programas\Arquivos comuns\InstallShield

[31/03/2008|14:05] C:\Arquivos de programas\Arquivos comuns\Java

[18/01/2008|18:13] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[20/11/2007|12:06] C:\Arquivos de programas\Arquivos comuns\MSSoap

[27/02/2008|19:20] C:\Arquivos de programas\Arquivos comuns\Nero

[20/11/2007|10:00] C:\Arquivos de programas\Arquivos comuns\ODBC

[02/01/2008|14:05] C:\Arquivos de programas\Arquivos comuns\Real

[20/11/2007|12:06] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[20/11/2007|10:00] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[01/04/2008|16:58] C:\Arquivos de programas\Arquivos comuns\SWF Studio

[02/01/2008|00:14] C:\Arquivos de programas\Arquivos comuns\System

[18/01/2008|18:13] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

 

----------------------[ Procura pelo S_Lop ]---------------------

 

Não foram encontradas pastas com o Lop!

 

-----------------[ Procura por Arquivos/Ficheiros e pastas do Lop ]-----------------

 

C:\DOCUME~1\ALLUSE~1\DADOSD~1\Link Axis Bat Wave

C:\DOCUME~1\ALLUSE~1\DADOSD~1\Link Axis Bat Wave\option plan.exe

C:\WINDOWS\Tasks\AF2500AD918AB959.job

 

----------------------[ Procura no Registro ]----------------------

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------[ Verificando o Arquivos/Ficheiros Hosts ]---------------------

 

Arquivos/Ficheiros Hosts LIMPO

 

 

----------------[ Procurando Arquivos/Ficheiros ocultos com o Catchme ]-----------------

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-09 09:59:31

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------[ Procurando por outras infecções ]---------------------

 

Não foram encontradas outras infecções.

 

/!\ [Fich:116][Doss:14] C:\DOCUME~1\MASTER\CONFIG~1\Temp

/!\ [Fich:239][Doss:0] C:\DOCUME~1\MASTER\Cookies

/!\ [Fich:8321][Doss:12] C:\DOCUME~1\MASTER\CONFIG~1\TEMPOR~1\content.IE5

 

--------------------[ Verificação completa em 10:00:53,68 ]----------------------

 

 

 

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:03:14, on 9/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

c:\windows\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Puxa Rápido\PuxaRapido.exe

c:\windows\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [JustVoip] "C:\Arquivos de programas\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - HKCU\..\Run: [12Voip] "C:\Arquivos de programas\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [dog error] C:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1\inter jugs mix.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195835448046

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} - http://axcab.wrs.mcboo.com/website.cab

O16 - DPF: {7AD348C0-76CD-4FC0-B514-1CDD2F767212} (GTDControl Control) - http://www.camangi.com/GTD/GTD.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/games/applets/g...mjolauncher.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/g...bugs/axhost.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.atrativa.com.br/games/swf/feedi...outLauncher.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O24 - Desktop Component 0: (no name) - http://www.chmod.com.br/vb/clientscript/vb...global.js?v=367

 

--

End of file - 8764 bytes

 

 

 

 

 

Abraçao e obrigado pela ajuda!!!

[DigRam 144]

Boa Tarde! netos

 

>@< DESINSTALE: < P2P Networking >

>@< Reinicie,após desinstalar!

__________________________

 

>@< Abra o HijackThis,e clique em: Do a system scan only

>@< Marque as entradas,logo abaixo.

>@< E,com todas as janelas fechadas,clique em Fix checked.

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKCU\..\Run: [dog error] C:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1\inter jugs mix.exe

>@< Faça o download do Avenger.

>@< Descompacte-o,e crie uma pasta para o programa. ( Avenger.exe )

>@< Coloque esta pasta,no Desktop!

>@< Selecione e copie,tudo o que estiver abaixo da palavra code.

>@< Ou,caso queira,utilize os atalhos: ( control + a ) >> ( control + c )

 

Files to delete:C:\DOCUME~1\ALLUSE~1\DADOSD~1\Link Axis Bat Wave\option plan.exeC:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1\inter jugs mix.exeC:\DOCUME~1\LAS~1\DADOSD~1\BOOBPI~1\Stupidclockintra.exeC:\WINDOWS\Tasks\AF2500AD918AB959.jobFolders to delete:C:\DOCUME~1\ALLUSE~1\DADOSD~1\Link Axis Bat WaveC:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1C:\WINDOWS\system32\P2P Networking

>@< Execute o Avenger.exe

>@< Clique com o direito do mouse,na janela Input script here.

>@< Clique em Paste ou ( control + v ).

>@< Clique em Execute.

>@< Escolha "Yes",duas vezes, quando solicitado.

>@< Terminando o script,o computador será reiniciado.

>@< É possivel que o PC, seja reiniciado mais de uma vez!

_________________________

 

>@< Poste o relatório,que estará em: C:\avenger.txt + HJT,atualizado.

 

Abraços!

[netos 0]

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

File "C:\DOCUME~1\ALLUSE~1\DADOSD~1\Link Axis Bat Wave\option plan.exe" deleted successfully.

File "C:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1\inter jugs mix.exe" deleted successfully.

 

Error: could not open file "C:\DOCUME~1\LAS~1\DADOSD~1\BOOBPI~1\Stupidclockintra.exe"

Deletion of file "C:\DOCUME~1\LAS~1\DADOSD~1\BOOBPI~1\Stupidclockintra.exe" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

 

File "C:\WINDOWS\Tasks\AF2500AD918AB959.job" deleted successfully.

Folder "C:\DOCUME~1\ALLUSE~1\DADOSD~1\Link Axis Bat Wave" deleted successfully.

Folder "C:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1" deleted successfully.

 

Error: folder "C:\WINDOWS\system32\P2P Networking" not found!

Deletion of folder "C:\WINDOWS\system32\P2P Networking" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

 

 

hijackthis

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:00:38, on 10/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

c:\windows\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [dog error] C:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1\inter jugs mix.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195835448046

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} - http://axcab.wrs.mcboo.com/website.cab

O16 - DPF: {7AD348C0-76CD-4FC0-B514-1CDD2F767212} (GTDControl Control) - http://www.camangi.com/GTD/GTD.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/games/applets/g...mjolauncher.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/g...bugs/axhost.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.atrativa.com.br/games/swf/feedi...outLauncher.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O24 - Desktop Component 0: (no name) - http://www.chmod.com.br/vb/clientscript/vb...global.js?v=367

 

--

End of file - 7658 bytes

[DigRam 144]

Bom Dia! netos

 

>@< Abra o HijackThis e,com todos os programas fechados,dê Fix nestas entradas:

 

O4 - HKCU\..\Run: [dog error] C:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1\inter jugs mix.exe

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/games/applets/g...mjolauncher.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.atrativa.com.br/games/applets/g...bugs/axhost.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.atrativa.com.br/games/swf/feedi...outLauncher.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.atrativa.com.br/DinerDash.1.0.0.58.cab

>@< Faça uma busca à pasta,em destaque,e caso à encontre,pode deletar.

 

C:\DOCUME~1\MASTER\DADOSD~1\BOOBPI~1 << A pasta!

______________________________

 

>@< Após as ações,poste um novo log do HijackThis.

 

Abraços!

[netos 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:17:02, on 10/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

c:\windows\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195835448046

O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} - http://axcab.wrs.mcboo.com/website.cab

O16 - DPF: {7AD348C0-76CD-4FC0-B514-1CDD2F767212} (GTDControl Control) - http://www.camangi.com/GTD/GTD.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O24 - Desktop Component 0: (no name) - http://www.chmod.com.br/vb/clientscript/vb...global.js?v=367

 

--

End of file - 6700 bytes

 

 

 

Nao encontrei a pasta , tem problema?

abraço!!!

[DigRam 144]

Boa Tarde! netos

 

Nao encontrei a pasta , tem problema?

>@< Não!Futuramente tente encontrá-la,desocultando pastas e arquivos.

___________________________

 

>@< Faça o download do CCleaner 2.05.555.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Analisar >> Executar Limpeza.

>@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados.

___________________________

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< O log está limpo!

>@< CiD,ainda,lhe incomoda?

 

Abraços!

[netos 0]

Obrigado amigo pela força e pelo seu tempo disponibilizado!!!

Felicidades, abraço!

 

P.S.: o cid nao me encomoda mais!!!!!

[netos 0]

Amigo agora meu teclado nao ta aparecendo o acento.

 

O que posso fazer para voltar acetuar normalmente????

[DigRam 144]

Amigo agora meu teclado nao ta aparecendo o acento.

 

O que posso fazer para voltar acetuar normalmente????

_____________________

 

Opa! netos

Bom Dia!

 

>@< Substitua o teclado e,se não resolver,poste esse problema em: < Hardware Geral >

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.