[Resolvido!] Pop up CID

Bárbara_Medeiros · Junho 16, 2008

Boa tarde!

Sempre que navego na internet abre uma pop up nomeada CID, contendo publicidade, e página do mercado livre!

Segue o log:

Logfile of HijackThis v1.99.1

Scan saved at 16:27:09, on 16/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqdirec.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\User\Meus documentos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Dados de aplicativos\Memo save stupid creative\Burn Okay.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

O4 - HKCU\..\Run: [site Draw] C:\DOCUME~1\User\DADOSD~1\MATHIN~1\Boobbike.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.17\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - https://webmail.ue.ibge.gov.br/iNotes.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196764773616

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://www.atrativa.com.br/games/applets/g...mjolauncher.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.atrativa.com.br/games/applets/p...opcaploader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{473F862D-B722-4165-BFB1-841F76DAB362}: NameServer = 192.168.10.251

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Espero que me ajudem a removê-lo!

Grata!

DigRam · Junho 17, 2008

Bom Dia! Bárbara_Medeiros

>@< Faça o download do LopS&D.

>@< Salve-o no Disco Local-C.

>@< Instale o programa e clique em: LopSD.cmd

>@< Na janela que abrir,aperte o "p" >> Aperte Enter.

>@< Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!

>@< Terminando,salve e poste o relatório. ( C:\lopR.txt )

>@< Poste,também,HJT atualizado.

Abraços!

Bárbara_Medeiros · Junho 17, 2008

Bom dia!

Fiz como pedido segue os logs:

-----------------------[ Lop S&D 4.2.1-6 XP/Vista

]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : User ] [ "C:\Lop SD" ] [ Selection : 2 ]

[ ter 17/06/2008 | 7:32:45,24 ] [ PC : USER ]

[ MAJ : 16-06-2008 | 23:01 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

////////////////////////////////

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Memo save stupid

creative\Burn Okay.exe

Deletado! - C:\DOCUME~1\User\DADOSD~1\mathin~1\Boobbike.exe

Deletado! - C:\DOCUME~1\User\DADOSD~1\mathin~1\Gram mapi joy.exe

Deletado! - C:\DOCUME~1\User\DADOSD~1\mathin~1\real flap byte

default.exe

Deletado! - C:\DOCUME~1\User\DADOSD~1\mathin~1\wwhlnscw.exe

Deletado! - C:\Arquivos de programas\Circle Developement\Uninstall.exe

Deletado! - C:\WINDOWS\Tasks\AB7B6D4C91E51F04.job

Deletado! - C:\DOCUME~1\User\CONFIG~1\Temp\bisACE.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Memo save stupid creative

Deletado! - C:\DOCUME~1\User\DADOSD~1\mathin~1

Deletado! - C:\Arquivos de programas\mathin~1

Deletado! - C:\Arquivos de programas\Circle Developement

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

\\\\\

-------------[ Lista de pastas em Application Data ]------------

[12/04/2007|13:53] C:\DOCUME~1\ADMINI~1\DADOSD~1\desktop.ini

[15/04/2008|17:19] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

[21/03/2008|12:03] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[25/08/2007|22:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

[12/04/2008|13:43] C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

[12/04/2007|13:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\desktop.ini

[24/02/2008|10:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[28/03/2008|20:45] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[19/05/2008|19:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\hpzinstall.log

[24/08/2007|00:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[25/04/2007|21:40] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[29/01/2008|18:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\MumboJumbo

[18/11/2007|09:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PopCap

[18/01/2008|13:57] C:\DOCUME~1\ALLUSE~1\DADOSD~1\QuickTime

[05/05/2007|19:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search &

Destroy

[07/02/2008|08:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

[17/07/2007|19:48] C:\DOCUME~1\ALLUSE~1\DADOSD~1\update.pro

[01/01/2008|14:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Zylom

[12/04/2007|13:53] C:\DOCUME~1\DEFAUL~1\DADOSD~1\desktop.ini

[12/04/2007|17:23] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

[12/04/2007|17:31] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

[12/04/2007|17:30] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

[23/05/2007|14:29] C:\DOCUME~1\User\DADOSD~1\$_hpcst$.hpc

[02/04/2008|14:56] C:\DOCUME~1\User\DADOSD~1\Adobe

[26/04/2007|19:59] C:\DOCUME~1\User\DADOSD~1\AdobeAUM

[16/06/2008|19:22] C:\DOCUME~1\User\DADOSD~1\AdobeUM

[03/04/2008|16:50] C:\DOCUME~1\User\DADOSD~1\Ahead

[12/04/2007|13:53] C:\DOCUME~1\User\DADOSD~1\desktop.ini

[19/07/2007|21:04] C:\DOCUME~1\User\DADOSD~1\Google

[11/08/2007|18:05] C:\DOCUME~1\User\DADOSD~1\Help

[12/04/2007|17:32] C:\DOCUME~1\User\DADOSD~1\Identities

[01/07/2007|13:31] C:\DOCUME~1\User\DADOSD~1\InstallShield

[27/04/2007|23:35] C:\DOCUME~1\User\DADOSD~1\Leadertech

[19/04/2007|21:27] C:\DOCUME~1\User\DADOSD~1\Macromedia

[14/05/2008|13:45] C:\DOCUME~1\User\DADOSD~1\Microsoft

[18/04/2007|14:14] C:\DOCUME~1\User\DADOSD~1\Mozilla

[18/01/2008|14:02] C:\DOCUME~1\User\DADOSD~1\OLYMPUS

[29/04/2007|10:13] C:\DOCUME~1\User\DADOSD~1\Screenshot Sender

[15/10/2007|14:31] C:\DOCUME~1\User\DADOSD~1\SonicWALL

[12/04/2007|19:29] C:\DOCUME~1\User\DADOSD~1\Stardock

[12/04/2007|20:05] C:\DOCUME~1\User\DADOSD~1\Styler

[17/07/2007|20:54] C:\DOCUME~1\User\DADOSD~1\Sun

[07/02/2008|08:22] C:\DOCUME~1\User\DADOSD~1\Webshots

----------------[ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

]---------------

[17/06/2008 07:05][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 12:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Lista de pastas em C:\Arquivos de programas

]--------------

[11/08/2007|18:05] C:\Arquivos de programas\ACDSee32

[21/03/2008|11:58] C:\Arquivos de programas\Adobe

[03/04/2008|16:30] C:\Arquivos de programas\Ahead

[14/05/2008|13:35] C:\Arquivos de programas\Arquivos comuns

[18/04/2007|20:40] C:\Arquivos de programas\BenQ Mobile

[17/04/2008|12:26] C:\Arquivos de programas\CCleaner

[12/04/2007|17:18] C:\Arquivos de programas\ComPlus Applications

[03/05/2008|19:28] C:\Arquivos de programas\CreateInstall

[11/02/2008|16:27] C:\Arquivos de programas\ESET

[24/02/2008|13:43] C:\Arquivos de programas\GbPlugin

[14/05/2008|13:36] C:\Arquivos de programas\HP

[19/05/2008|20:31] C:\Arquivos de programas\InstallShield Installation

Information

[14/05/2008|13:26] C:\Arquivos de programas\Internet Explorer

[22/03/2008|06:01] C:\Arquivos de programas\Java

[19/08/2007|14:31] C:\Arquivos de programas\JavaCaR

[19/05/2008|20:22] C:\Arquivos de programas\Maxis

[12/04/2007|17:17] C:\Arquivos de programas\Messenger

[12/06/2008|21:32] C:\Arquivos de programas\Messenger Plus! Live

[12/04/2007|17:24] C:\Arquivos de programas\microsoft frontpage

[12/04/2007|17:45] C:\Arquivos de programas\Microsoft Office

[12/04/2007|17:44] C:\Arquivos de programas\Microsoft Visual Studio

[12/04/2007|17:44] C:\Arquivos de programas\Microsoft Works

[12/04/2007|17:45] C:\Arquivos de programas\Microsoft.NET

[30/05/2008|10:18] C:\Arquivos de programas\Mobile Partner

[12/04/2007|17:20] C:\Arquivos de programas\Movie Maker

[01/06/2008|15:30] C:\Arquivos de programas\Mozilla Firefox

[25/12/2007|19:36] C:\Arquivos de programas\MP3 Player Utilities 4.17

[12/04/2007|17:17] C:\Arquivos de programas\MSN Gaming Zone

[12/06/2008|21:32] C:\Arquivos de programas\MSN Messenger

[12/04/2007|17:20] C:\Arquivos de programas\NetMeeting

[05/05/2007|16:49] C:\Arquivos de programas\Outlook Express

[18/01/2008|13:57] C:\Arquivos de programas\QuickTime

[07/02/2008|08:36] C:\Arquivos de programas\RALINK

[02/08/2007|14:15] C:\Arquivos de programas\RealVNC

[12/04/2007|17:21] C:\Arquivos de programas\Servi‡os on-line

[06/05/2007|07:29] C:\Arquivos de programas\Spybot - Search & Destroy

[05/05/2007|16:46] C:\Arquivos de programas\Styler

[15/04/2008|16:11] C:\Arquivos de programas\Trend Micro

[12/04/2007|17:32] C:\Arquivos de programas\Uninstall Information

[05/05/2007|16:46] C:\Arquivos de programas\VisualTooltip

[12/06/2008|21:32] C:\Arquivos de programas\Windows Live

[25/08/2007|22:30] C:\Arquivos de programas\Windows Media Player

[12/04/2007|17:17] C:\Arquivos de programas\Windows NT

[12/04/2007|17:21] C:\Arquivos de programas\WindowsUpdate

[07/02/2008|15:40] C:\Arquivos de programas\WinRAR

[17/01/2008|23:41] C:\Arquivos de programas\WinZip

[12/04/2007|17:24] C:\Arquivos de programas\xerox

------[ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

]------

[18/04/2007|20:09] C:\Arquivos de programas\Arquivos comuns\Adobe

[03/04/2008|16:29] C:\Arquivos de programas\Arquivos comuns\Ahead

[12/04/2007|17:45] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[14/05/2008|13:35] C:\Arquivos de programas\Arquivos

comuns\Hewlett-Packard

[14/05/2008|13:29] C:\Arquivos de programas\Arquivos comuns\HP

[15/05/2007|11:30] C:\Arquivos de programas\Arquivos

comuns\InstallShield

[17/07/2007|20:00] C:\Arquivos de programas\Arquivos comuns\Java

[12/09/2007|21:10] C:\Arquivos de programas\Arquivos comuns\Microsoft

Shared

[15/08/2007|13:05] C:\Arquivos de programas\Arquivos comuns\Motorola

Shared

[12/04/2007|17:20] C:\Arquivos de programas\Arquivos comuns\MSSoap

[12/04/2007|13:54] C:\Arquivos de programas\Arquivos comuns\ODBC

[12/04/2007|17:20] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[12/04/2007|13:54] C:\Arquivos de programas\Arquivos

comuns\SpeechEngines

[12/04/2007|17:19] C:\Arquivos de programas\Arquivos comuns\System

---------------------------[ Process ]--------------------------

... 34

... OK !

----------------------[ Procura pelo S_Lop ]---------------------

Não foram encontradas pastas com o Lop!

-----------------[ Procura por Arquivos/Ficheiros e pastas do Lop

]-----------------

Não foram encontradas pastas com o Lop!

----------------------[ Procura no Registro ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------[ Verificando o Arquivos/Ficheiros Hosts

]---------------------

Arquivos/Ficheiros Hosts LIMPO

----------------[ Procurando Arquivos/Ficheiros ocultos com o Catchme

]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by

Gmer, http://www.gmer.net

Rootkit scan 2008-06-17 07:35:45

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------[ Procurando por outras infecções

]---------------------

Não foram encontradas outras infecções.

[F:50][D:9]-> C:\DOCUME~1\User\CONFIG~1\Temp

[F:108][D:0]-> C:\DOCUME~1\User\Cookies

[F:6074][D:9]-> C:\DOCUME~1\User\CONFIG~1\TEMPOR~1\content.IE5

--------------------[ Verificação completa em 7:37:15,36

]----------------------

Logfile of HijackThis v1.99.1

Scan saved at 07:39:27, on 17/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe