[Resolvido!] Notebook infectado e muito lento

GBruno · Julho 30, 2008

Bom, estou com o PC extremamente lento e verifiquei que existem alguns processos estranhos rodando, como o IEXPLORE.EXE rodando mesmo que o Internet Explorer não esteja realmente aberto.

Passei o AVG e o mesmo não aponta nada de errado, mas essa situação não é a normal.

Então, segue abaixo o log do Hijackthis. Por favor, espero contar com a ajuda de vocês.

Logfile of HijackThis v1.99.1

Scan saved at 16:04:59, on 29/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Documents and Settings\Nataly Lopes\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [nurbsize] C:\DOCUME~1\NATALY~1\APPLIC~1\BOLTER~1\debug long pop.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.76\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.76\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

DigRam · Julho 30, 2008

Bom Dia! GBruno

<@> Faça o download do LopS&D.

<@> Salve-o no Disco Local-C!.

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" >> Aperte Enter.

<@> Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\lopR.txt )

<@> Poste,também,HJT atualizado.

Abraços!

GBruno · Julho 30, 2008

Boa tarde DigRam

Obrigado pela ajuda, estava realmente sem saber o que fazer. Bom, seguem abaixo os relatorios do LopS&D e do HijackThis.

Abraços

--------------------\\ Lop S&D 4.2.2-4 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Nataly Lopes ] [ "C:\Lop SD" ] [ Selection : 2 ]

[ qua 30/07/2008 | 14:42:44,23 ] [ PC : NATALY ]

[ MAJ : 25-07-2008 | 17:45 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS ////////////////////////////////

Deletado! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\ford more.exe

Deletado! - C:\DOCUME~1\NATALY~1\Cookies\nataly_lopes@adultfriendfinder[1].txt

Deletado! - C:\DOCUME~1\NATALY~1\Cookies\nataly_lopes@advertising[2].txt

Deletado! - C:\DOCUME~1\NATALY~1\Cookies\nataly_lopes@advertising[3].txt

Deletado! - C:\DOCUME~1\NATALY~1\Cookies\nataly_lopes@advertising[4].txt

Deletado! - C:\DOCUME~1\NATALY~1\Cookies\nataly_lopes@advertising[1].txt

Deletado! - C:\DOCUME~1\NATALY~1\Cookies\nataly_lopes@advertising[5].txt

Deletado! - C:\DOCUME~1\NATALY~1\Cookies\nataly_lopes@www.lop[1].txt

Deletado! - C:\DOCUME~1\NATALY~1\LOCALS~1\Temp\bisB8.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag

Arquivos/Ficheiros Hosts RESTAURADO

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Lista de pastas em APPLIC~1

[01/06/2006|16:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI

[01/06/2006|16:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[01/06/2006|16:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[01/06/2006|16:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[17/05/2008|20:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[08/02/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead

[15/07/2008|23:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[23/06/2007|00:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[13/07/2008|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8

[04/01/2007|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[01/06/2006|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[16/01/2007|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp

[31/03/2008|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GbPlugin

[02/03/2007|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[19/02/2007|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[01/06/2006|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[10/02/2007|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy

[05/03/2008|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Otto

[16/01/2007|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLec.DAT

[19/07/2007|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache

[02/03/2007|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[05/03/2007|00:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[16/01/2007|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15

[30/03/2007|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[02/03/2007|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

[12/06/2007|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller

[10/07/2007|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

[12/06/2007|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[01/06/2006|16:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[01/06/2006|16:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[04/01/2007|21:57] C:\DOCUME~1\NATALY~1\APPLIC~1\Adobe

[05/01/2007|18:23] C:\DOCUME~1\NATALY~1\APPLIC~1\AdobeUM

[23/06/2007|01:12] C:\DOCUME~1\NATALY~1\APPLIC~1\Apple Computer

[16/01/2007|20:07] C:\DOCUME~1\NATALY~1\APPLIC~1\ArcSoft

[01/06/2006|16:41] C:\DOCUME~1\NATALY~1\APPLIC~1\ATI

[13/07/2008|15:36] C:\DOCUME~1\NATALY~1\APPLIC~1\AVGTOOLBAR

[09/05/2007|13:12] C:\DOCUME~1\NATALY~1\APPLIC~1\BitTorrent

[13/07/2008|13:05] C:\DOCUME~1\NATALY~1\APPLIC~1\Bolt error second

[26/05/2008|16:16] C:\DOCUME~1\NATALY~1\APPLIC~1\CmapTools

[19/02/2007|21:42] C:\DOCUME~1\NATALY~1\APPLIC~1\Corel

[04/01/2007|16:37] C:\DOCUME~1\NATALY~1\APPLIC~1\CyberLink

[01/06/2006|16:16] C:\DOCUME~1\NATALY~1\APPLIC~1\desktop.ini

[11/07/2007|13:04] C:\DOCUME~1\NATALY~1\APPLIC~1\fretsonfire

[01/04/2008|18:01] C:\DOCUME~1\NATALY~1\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt

[02/03/2007|18:16] C:\DOCUME~1\NATALY~1\APPLIC~1\Google

[01/06/2006|16:31] C:\DOCUME~1\NATALY~1\APPLIC~1\Identities

[05/01/2007|05:19] C:\DOCUME~1\NATALY~1\APPLIC~1\Macromedia

[03/03/2007|01:28] C:\DOCUME~1\NATALY~1\APPLIC~1\Media Player Classic

[01/06/2006|16:16] C:\DOCUME~1\NATALY~1\APPLIC~1\Microsoft

[26/05/2008|14:07] C:\DOCUME~1\NATALY~1\APPLIC~1\Mozilla

[02/03/2007|17:20] C:\DOCUME~1\NATALY~1\APPLIC~1\MSNInstaller

[16/01/2007|19:41] C:\DOCUME~1\NATALY~1\APPLIC~1\Nikon

[07/01/2007|13:34] C:\DOCUME~1\NATALY~1\APPLIC~1\Nokia

[05/03/2008|10:47] C:\DOCUME~1\NATALY~1\APPLIC~1\Otto

[26/05/2008|14:05] C:\DOCUME~1\NATALY~1\APPLIC~1\SecondLife

[02/03/2007|17:49] C:\DOCUME~1\NATALY~1\APPLIC~1\Skype

[18/06/2008|22:23] C:\DOCUME~1\NATALY~1\APPLIC~1\SSH

[08/04/2007|02:56] C:\DOCUME~1\NATALY~1\APPLIC~1\Sun

[12/05/2007|02:47] C:\DOCUME~1\NATALY~1\APPLIC~1\U3

[12/07/2008|16:18] C:\DOCUME~1\NATALY~1\APPLIC~1\uTorrent

[13/07/2008|10:30] C:\DOCUME~1\NATALY~1\APPLIC~1\WinRAR

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

[28/07/2008 11:30][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[30/07/2008 13:46][--ah-----] C:\WINDOWS\tasks\SA.DAT

[10/08/2004 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Lista de pastas em C:\Program Files

[01/06/2006|16:47] C:\Program Files\Acer Inc

[12/07/2007|19:47] C:\Program Files\Acro Software

[01/06/2006|16:48] C:\Program Files\Adobe

[14/03/2007|22:27] C:\Program Files\Ahead

[23/06/2007|00:57] C:\Program Files\Apple Software Update

[01/06/2006|16:32] C:\Program Files\ATI Technologies

[17/06/2008|12:51] C:\Program Files\AVG

[09/05/2007|13:12] C:\Program Files\BitTorrent

[23/07/2008|14:14] C:\Program Files\Bolt error second

[01/06/2006|16:16] C:\Program Files\Common Files

[01/06/2006|16:21] C:\Program Files\ComPlus Applications

[01/06/2006|16:45] C:\Program Files\CONEXANT

[19/02/2007|21:29] C:\Program Files\Corel

[01/06/2006|16:50] C:\Program Files\CyberLink

[01/06/2006|17:29] C:\Program Files\DIFX

[20/12/2007|20:42] C:\Program Files\Discador itelefonica

[31/03/2008|13:29] C:\Program Files\GbPlugin

[01/06/2006|17:43] C:\Program Files\GemMaster

[12/03/2007|00:22] C:\Program Files\GizmoPlugin

[02/03/2007|17:48] C:\Program Files\Google

[12/07/2007|19:51] C:\Program Files\GPLGS

[26/05/2008|16:14] C:\Program Files\IHMC CmapTools

[01/06/2006|16:32] C:\Program Files\InstallShield Installation Information

[01/06/2006|16:23] C:\Program Files\Internet Explorer

[07/04/2007|22:27] C:\Program Files\Java

[05/01/2007|05:35] C:\Program Files\Launch Manager

[18/04/2007|19:35] C:\Program Files\LimeWire

[01/06/2006|16:21] C:\Program Files\Messenger

[12/05/2007|03:06] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[01/06/2006|16:26] C:\Program Files\microsoft frontpage

[24/06/2008|16:13] C:\Program Files\Microsoft Office

[31/03/2008|10:12] C:\Program Files\Microsoft SQL Server Compact Edition

[08/01/2007|23:23] C:\Program Files\Microsoft Visual Studio

[24/06/2008|16:14] C:\Program Files\Microsoft Works

[24/06/2008|16:13] C:\Program Files\Microsoft.NET

[01/06/2006|16:21] C:\Program Files\Movie Maker

[29/07/2008|09:37] C:\Program Files\Mozilla Firefox

[01/06/2006|16:20] C:\Program Files\MSN

[01/06/2006|16:21] C:\Program Files\MSN Gaming Zone

[01/06/2006|16:23] C:\Program Files\NetMeeting

[01/06/2006|16:55] C:\Program Files\NewTech Infosystems

[16/03/2007|00:51] C:\Program Files\OnGame

[01/06/2006|16:21] C:\Program Files\Online Services

[01/06/2006|16:23] C:\Program Files\Outlook Express

[12/07/2007|21:48] C:\Program Files\Plus!

[19/01/2007|23:09] C:\Program Files\Positivo

[21/07/2008|11:53] C:\Program Files\QuickTime

[01/06/2006|16:41] C:\Program Files\Realtek

[03/03/2007|01:28] C:\Program Files\Recode Media

[21/07/2008|12:11] C:\Program Files\Safari

[02/03/2007|17:47] C:\Program Files\Skype

[18/06/2008|22:22] C:\Program Files\SSH Communications Security

[05/01/2007|05:34] C:\Program Files\Synaptics

[20/12/2007|20:54] C:\Program Files\Terra Discador - VersÆo Compacta

[01/06/2006|16:31] C:\Program Files\Uninstall Information

[12/07/2008|16:18] C:\Program Files\uTorrent

[12/06/2007|10:58] C:\Program Files\Windows Live

[02/03/2007|17:16] C:\Program Files\Windows Live Toolbar

[07/05/2007|21:54] C:\Program Files\Windows Media Connect 2

[01/06/2006|16:21] C:\Program Files\Windows Media Player

[01/06/2006|16:20] C:\Program Files\Windows NT

[01/06/2006|16:21] C:\Program Files\Windows Plus

[01/06/2006|16:23] C:\Program Files\WindowsUpdate

[13/07/2008|10:06] C:\Program Files\WinRAR

[24/02/2008|16:10] C:\Program Files\wt3d.ini

[01/06/2006|16:26] C:\Program Files\xerox

[26/05/2008|16:14] C:\Program Files\Zero G Registry

--------------------\\ Lista de pastas em C:\Program Files\Common Files

[17/05/2008|20:58] C:\Program Files\Common Files\Adobe

[08/02/2007|13:57] C:\Program Files\Common Files\Ahead

[01/06/2006|16:36] C:\Program Files\Common Files\ATI Technologies

[19/02/2007|21:29] C:\Program Files\Common Files\Corel

[08/01/2007|23:24] C:\Program Files\Common Files\DESIGNER

[01/06/2006|16:32] C:\Program Files\Common Files\InstallShield

[07/04/2007|22:27] C:\Program Files\Common Files\Java

[01/06/2006|16:56] C:\Program Files\Common Files\LightScribe

[01/06/2006|16:16] C:\Program Files\Common Files\Microsoft Shared

[01/06/2006|16:23] C:\Program Files\Common Files\MSSoap

[01/06/2006|16:56] C:\Program Files\Common Files\muvee Technologies

[08/02/2007|13:59] C:\Program Files\Common Files\Nero

[16/01/2007|19:37] C:\Program Files\Common Files\Nikon

[01/06/2006|16:16] C:\Program Files\Common Files\ODBC

[01/06/2006|16:23] C:\Program Files\Common Files\Services

[01/06/2006|16:16] C:\Program Files\Common Files\SpeechEngines

[05/03/2007|00:09] C:\Program Files\Common Files\Symantec Shared

[01/06/2006|16:23] C:\Program Files\Common Files\System

[31/03/2008|09:52] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 42 Processus )

... OK !

--------------------\\ Procura pelo S_Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura no Registro

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

Arquivos/Ficheiros Hosts LIMPO

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-30 14:44:54

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Procurando por outras infecções

Não foram encontradas outras infecções.

[F:2725][D:29]-> C:\DOCUME~1\NATALY~1\LOCALS~1\Temp

[F:876][D:0]-> C:\DOCUME~1\NATALY~1\Cookies

[F:18415][D:37]-> C:\DOCUME~1\NATALY~1\LOCALS~1\TEMPOR~1\content.IE5

[F:3][D:0]-> C:\Recycled

--------------------\\ Verificação completa em 14:46:00,09

Logfile of HijackThis v1.99.1

Scan saved at 14:50:32, on 30/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Documents and Settings\Nataly Lopes\Local Settings\Temp\jkos-Nataly Lopes\binaries\ScanningProcess.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\DOCUME~1\NATALY~1\Desktop\HijackThis.exe