[Resolvido!]Pop-Ups irritantes( Wixawin, Celldorado, etc.)

Edmero · Abril 17, 2008

Olá, eu sou novo neste fórum, e tenho problema com pop-ups, aparecem a cada 5 minutos.

Aqui vai o log do Hijack:

Logfile of HijackThis v1.99.1

Scan saved at 20:31:43, on 17-04-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\ESET\ESET Smart Security\ekrn.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Programas\Stop-the-Pop-Up Lite\stopthepop.exe

C:\Programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\Programas\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\Windows Sidebar\sidebar.exe

C:\Programas\eMule\emule.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programas\Windows Sidebar\sidebar.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

D:\Programas\IEPro\MiniDM.exe

C:\Documents and Settings\Alcides Lopes\Os meus documentos\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: (no name) - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - (no file)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Programas\IEPro\iepro.dll

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sBDrvDet] C:\Programas\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [OrderReminder] C:\Programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [egui] "C:\Programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Windows Services] C:\Windows\FrWall.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [MzCpuAccelerator] C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe

O4 - HKCU\..\Run: [Fraps] D:\PROGRAMAS\FRAPS\FRAPS.EXE

O4 - HKCU\..\Run: [sidebar] C:\Programas\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [TrueTransparency] "D:\Programas\True Transparency\TrueTransparency.exe"

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programas\eMule\emule.exe -AutoStart

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programas\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programas\IEPro\iepro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

DigRam · Abril 18, 2008

Bom Dia! Edmero

<!> DESINSTALE: < Stop-the-Pop-Up >

<!> Após desinstalar,reinicie o computador!

-------------------------

>@< Faça o download do LopS&D.

>@< Salve-o no Disco Local-C.

>@< Instale o programa e clique em: LopSD.cmd

>@< Na janela que abrir,aperte o "p" >> Aperte Enter.

>@< Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!

>@< Terminando,salve e poste o relatório. ( C:\lopR.txt )

>@< Poste,também,HJT atualizado.

Abraços!

Edmero · Abril 18, 2008

Bom Dia! Aqui vai o relatório do LopS&D:

-----------------------[ Lop S&D 4.1.1-3 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Alcides Lopes ] [ "C:\Lop SD" ]

[ 18-04-2008 | 19:10:12,92 ] [ PC : ALCIDES-4E370DC ]

[ MAJ : 17-04-2008 | 19:51 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS ////////////////////////////////

Arquivos/Ficheiros Hosts RESTAURADO

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Lista de pastas em Application Data ]------------

[19-12-2007|20:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\.

[19-12-2007|20:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\..

[19-12-2007|20:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini

[19-12-2007|21:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[19-12-2007|20:58] C:\DOCUME~1\ADMINI~1.ALC\APPLIC~1\.

[19-12-2007|20:58] C:\DOCUME~1\ADMINI~1.ALC\APPLIC~1\..

[19-12-2007|20:58] C:\DOCUME~1\ADMINI~1.ALC\APPLIC~1\desktop.ini

[19-12-2007|21:09] C:\DOCUME~1\ADMINI~1.ALC\APPLIC~1\Microsoft

[14-04-2008|12:41] C:\DOCUME~1\ALCIDE~1\APPLIC~1\.

[14-04-2008|12:41] C:\DOCUME~1\ALCIDE~1\APPLIC~1\..

[04-02-2008|12:54] C:\DOCUME~1\ALCIDE~1\APPLIC~1\ACD Systems

[17-03-2008|14:27] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Adobe

[13-01-2008|12:35] C:\DOCUME~1\ALCIDE~1\APPLIC~1\AdobeUM

[05-01-2008|23:28] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Ahead

[12-02-2008|12:48] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Apple Computer

[07-02-2008|22:20] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Avant Profiles

[14-04-2008|19:24] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Creative

[19-12-2007|20:58] C:\DOCUME~1\ALCIDE~1\APPLIC~1\desktop.ini

[05-04-2008|14:06] C:\DOCUME~1\ALCIDE~1\APPLIC~1\ESET

[19-03-2008|21:43] C:\DOCUME~1\ALCIDE~1\APPLIC~1\flightgear.org

[14-02-2008|21:38] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Google

[01-04-2008|22:23] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Help

[19-12-2007|21:16] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Identities

[12-04-2008|23:16] C:\DOCUME~1\ALCIDE~1\APPLIC~1\IEPro

[22-01-2008|13:54] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Leadertech

[26-03-2008|01:01] C:\DOCUME~1\ALCIDE~1\APPLIC~1\LimeWire

[09-02-2008|00:21] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Macromedia

[10-04-2008|20:00] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Microsoft

[09-04-2008|21:55] C:\DOCUME~1\ALCIDE~1\APPLIC~1\MiniDm

[09-04-2008|21:39] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Mozilla

[22-03-2008|17:20] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Nero

[13-04-2008|00:31] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Real

[06-01-2008|14:35] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Sun

[19-12-2007|21:37] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Symantec

[07-02-2008|22:56] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Talkback

[20-02-2008|21:02] C:\DOCUME~1\ALCIDE~1\APPLIC~1\Template

[18-02-2008|22:18] C:\DOCUME~1\ALCIDE~1\APPLIC~1\UOL

[08-01-2008|22:46] C:\DOCUME~1\ALCIDE~1\APPLIC~1\WinRAR

[15-04-2008|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.

[15-04-2008|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..

[22-02-2008|22:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[23-02-2008|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Backup

[15-04-2008|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CenerTCPMessenger

[14-04-2008|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[27-02-2008|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink

[05-04-2008|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET

[12-03-2008|00:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet

[16-03-2008|19:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[20-12-2007|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[10-04-2008|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[09-02-2008|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

[22-03-2008|17:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

[31-12-2007|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel

[29-03-2008|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[31-12-2007|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[17-03-2008|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[18-02-2008|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UOL

[19-12-2007|23:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[10-04-2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

[11-03-2008|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

[13-02-2008|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[19-12-2007|20:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.

[19-12-2007|20:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..

[14-04-2008|12:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[19-12-2007|21:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[19-12-2007|21:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[19-12-2007|21:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\..

[20-12-2007|12:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[19-12-2007|21:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\.

[19-12-2007|21:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\..

[19-12-2007|21:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

Relatório do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:16:59, on 18-04-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\ESET\ESET Smart Security\ekrn.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\Programas\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programas\WinZip\WZQKPICK.EXE

C:\Programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

D:\Programas\IEPro\MiniDM.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Alcides Lopes\Definições locais\Temp\wz5870\HijackThis.exe