[Resolvido!] Remover IEXPLORE.EXE

[Leandro_0o 0]

Olá, esta é minha primeira postagem, se estou fazendo algo errado me desculpem!

Bem, quando desligo meu computador... aparece aquela mensagem Finalizar IEXPLORE.exe.

 

Queria saber se alguem poderia me ajudar a excluir isso!

 

Aqui esta o Log fornecido pelo HIJACKTHIS:

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?...amp;InstallVA=1

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.254.70.65

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_12\bin\npjpi142_12.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_12\bin\npjpi142_12.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{ABEE6580-6102-4607-B7A3-BB0ABA48F000}: NameServer = 200.165.132.147 200.165.132.155

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

Espero ajuda!

Obrigado!

[Prog 183]

Movido

Microsoft Windows :seta: Segurança & Malwares

[Leandro_0o 0]

Alguem?

[PedroN 1]

Seu log do hijackthis estar incompleto, por favor poste um novo log do hijackthis

[Leandro_0o 0]

Logfile of HijackThis v1.99.1

Scan saved at 18:16:42, on 25/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?...amp;InstallVA=1

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [free copy] C:\DOCUME~1\Leandro\DADOSD~1\SIGNSI~1\Second trust.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_12\bin\npjpi142_12.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_12\bin\npjpi142_12.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{ABEE6580-6102-4607-B7A3-BB0ABA48F000}: NameServer = 200.165.132.147 200.165.132.155

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

Esse foi o unico log fornecido pelo HijackThis

[PedroN 1]

• Faça o download do LopS&D.

• Salve-o no Disco Local-C!.

• Instale o programa e clique em: LopSD.cmd

• Na janela que abrir,aperte o "p" >> Aperte Enter.

• Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!

• Terminando,salve e poste o relatório. ( C:\lopR.txt )

• Poste,também,HJT atualizado.

[Leandro_0o 0]

O link do LopS&D esta quebrado, se aslguem puder upar ele novamente, ficaria grato!

 

------------------

Opa! Aqui está...

 

<!> Tente: < Badongo >

 

<!> O ficheiro está zipado! Descompacte-o,ao utilizá-lo.

 

Abraços!

 

 

Editado por DigRam.

[Leandro_0o 0]

--------------------\\ Lop S&D 4.2.3-0 XP/Vista

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Leandro ] [ "C:\Lop SD" ] [ Selection : 2 ]

[ ter 26/08/2008 | 22:49:38 ] [ PC : LEANDRO (Proc:x86) ]

[ MAJ : 17-08-2008 | 01:58 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\WINDOWS\Tasks\A718F8BF93CF6A1B.job

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\comp two long internet\2 audio.exe

Deletado! - C:\DOCUME~1\Leandro\DADOSD~1\signsi~1\beepinternetless.exe

Deletado! - C:\DOCUME~1\Leandro\DADOSD~1\signsi~1\iydjyqoz.exe

Deletado! - C:\DOCUME~1\Leandro\DADOSD~1\signsi~1\Second trust.exe

Deletado! - C:\DOCUME~1\Leandro\DADOSD~1\signsi~1\zbsmttfr.exe

Deletado! - C:\DOCUME~1\Leandro\Cookies\leandro@www.lop[1].txt

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\comp two long internet

Deletado! - C:\DOCUME~1\Leandro\DADOSD~1\signsi~1

Deletado! - C:\Arquivos de programas\signsi~1

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[30/01/2002|18:06] C:\DOCUME~1\ADMINI~1\DADOSD~1\desktop.ini

[30/07/2008|22:28] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

 

[15/08/2008|00:35] C:\DOCUME~1\ADMINI~1.LEA\DADOSD~1\Microsoft

 

[26/07/2008|14:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[26/07/2008|13:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

[29/07/2008|18:24] C:\DOCUME~1\ALLUSE~1\DADOSD~1\avg8

[30/07/2008|22:28] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Chat Republic Games

[30/01/2002|18:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\desktop.ini

[29/07/2008|18:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[26/07/2008|14:13] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[26/07/2008|16:45] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[31/07/2008|12:04] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[26/07/2008|13:51] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[17/08/2008|09:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[08/08/2008|21:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ubisoft

[26/07/2008|14:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

 

[30/01/2002|18:06] C:\DOCUME~1\DEFAUL~1\DADOSD~1\desktop.ini

[30/01/2002|20:13] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[28/07/2008|21:03] C:\DOCUME~1\Leandro\DADOSD~1\Adobe

[27/07/2008|12:49] C:\DOCUME~1\Leandro\DADOSD~1\Ahead

[30/07/2008|22:28] C:\DOCUME~1\Leandro\DADOSD~1\AVGTOOLBAR

[17/08/2008|09:18] C:\DOCUME~1\Leandro\DADOSD~1\BitTorrent

[30/01/2002|18:06] C:\DOCUME~1\Leandro\DADOSD~1\desktop.ini

[18/08/2008|23:09] C:\DOCUME~1\Leandro\DADOSD~1\DNA

[19/08/2008|14:18] C:\DOCUME~1\Leandro\DADOSD~1\Help

[30/01/2002|20:19] C:\DOCUME~1\Leandro\DADOSD~1\Identities

[28/07/2008|21:03] C:\DOCUME~1\Leandro\DADOSD~1\Macromedia

[26/07/2008|14:56] C:\DOCUME~1\Leandro\DADOSD~1\Media Player Classic

[29/07/2008|18:24] C:\DOCUME~1\Leandro\DADOSD~1\Microsoft

[26/07/2008|13:58] C:\DOCUME~1\Leandro\DADOSD~1\Mozilla

[23/08/2008|14:08] C:\DOCUME~1\Leandro\DADOSD~1\Real

[26/07/2008|13:01] C:\DOCUME~1\Leandro\DADOSD~1\Sun

[08/08/2008|21:32] C:\DOCUME~1\Leandro\DADOSD~1\Ubisoft

 

[29/07/2008|18:24] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[29/07/2008|18:24] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[26/08/2008 14:48][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 15:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[26/07/2008|14:37] C:\Arquivos de programas\Adobe

[30/01/2002|20:55] C:\Arquivos de programas\Alwil Software

[29/07/2008|23:34] C:\Arquivos de programas\AnalogX

[23/08/2008|16:31] C:\Arquivos de programas\Arquivos comuns

[29/07/2008|18:24] C:\Arquivos de programas\AVG

[11/08/2008|20:51] C:\Arquivos de programas\Barsa CD

[26/07/2008|23:28] C:\Arquivos de programas\BitTorrent

[08/08/2008|22:41] C:\Arquivos de programas\Buka

[16/08/2008|00:19] C:\Arquivos de programas\CCleaner

[07/08/2008|20:54] C:\Arquivos de programas\ColorCast

[30/01/2002|20:10] C:\Arquivos de programas\ComPlus Applications

[30/07/2008|22:28] C:\Arquivos de programas\CoolSMS

[26/07/2008|13:53] C:\Arquivos de programas\DAP

[04/08/2008|23:34] C:\Arquivos de programas\DEVILMAYCRY4

[26/07/2008|23:28] C:\Arquivos de programas\DNA

[26/07/2008|14:24] C:\Arquivos de programas\D-Tools

[30/07/2008|22:28] C:\Arquivos de programas\DVD Shrink

[17/08/2008|10:40] C:\Arquivos de programas\EA GAMES

[19/08/2008|17:12] C:\Arquivos de programas\Easy CD-DA Extractor 6

[26/08/2008|19:22] C:\Arquivos de programas\eMule

[13/08/2008|22:08] C:\Arquivos de programas\GameVicio

[16/08/2008|15:35] C:\Arquivos de programas\GP4

[24/08/2008|09:43] C:\Arquivos de programas\HmelyoffLabs

[30/07/2008|22:36] C:\Arquivos de programas\id Software

[31/07/2008|20:20] C:\Arquivos de programas\install.log

[11/08/2008|20:50] C:\Arquivos de programas\InstallShield Installation Information

[30/01/2002|20:12] C:\Arquivos de programas\Internet Explorer

[26/07/2008|13:01] C:\Arquivos de programas\Java

[30/07/2008|23:23] C:\Arquivos de programas\Konami

[15/08/2008|00:36] C:\Arquivos de programas\Lavalys(2)

[30/01/2002|20:10] C:\Arquivos de programas\Messenger

[26/07/2008|14:33] C:\Arquivos de programas\Messenger Plus! Live

[30/01/2002|20:13] C:\Arquivos de programas\microsoft frontpage

[26/07/2008|13:11] C:\Arquivos de programas\Microsoft Office

[26/07/2008|13:11] C:\Arquivos de programas\Microsoft Visual Studio

[26/07/2008|13:11] C:\Arquivos de programas\Microsoft Works

[26/07/2008|13:12] C:\Arquivos de programas\Microsoft.NET

[15/08/2008|00:36] C:\Arquivos de programas\Motorola(2)

[30/01/2002|20:11] C:\Arquivos de programas\Movie Maker

[26/08/2008|22:41] C:\Arquivos de programas\Mozilla Firefox

[30/01/2002|20:10] C:\Arquivos de programas\MSN Gaming Zone

[26/07/2008|13:51] C:\Arquivos de programas\Nero

[30/01/2002|20:11] C:\Arquivos de programas\NetMeeting

[20/08/2008|10:08] C:\Arquivos de programas\OGC-Begins

[30/01/2002|20:11] C:\Arquivos de programas\Outlook Express

[07/08/2008|21:22] C:\Arquivos de programas\PhotoFiltre

[07/08/2008|21:21] C:\Arquivos de programas\PhotoFiltre Studio

[23/08/2008|14:02] C:\Arquivos de programas\Real

[30/01/2002|20:50] C:\Arquivos de programas\Realtek

[09/08/2008|15:31] C:\Arquivos de programas\RivaTuner v2.09

[30/01/2002|20:12] C:\Arquivos de programas\Servi‡os on-line

[26/08/2008|20:49] C:\Arquivos de programas\sXe Injected

[11/08/2008|22:00] C:\Arquivos de programas\Ubisoft

[30/01/2002|20:19] C:\Arquivos de programas\Uninstall Information

[26/08/2008|14:15] C:\Arquivos de programas\Valve

[26/07/2008|12:55] C:\Arquivos de programas\Windows Live

[05/08/2008|18:27] C:\Arquivos de programas\Windows Media Connect 2

[05/08/2008|18:27] C:\Arquivos de programas\Windows Media Player

[30/01/2002|20:10] C:\Arquivos de programas\Windows NT

[30/01/2002|20:12] C:\Arquivos de programas\WindowsUpdate

[26/07/2008|12:59] C:\Arquivos de programas\WinRAR

[19/08/2008|17:42] C:\Arquivos de programas\WinUHA

[30/01/2002|20:13] C:\Arquivos de programas\xerox

[26/07/2008|12:51] C:\Arquivos de programas\XP Codec Pack

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[26/07/2008|14:38] C:\Arquivos de programas\Arquivos comuns\Adobe

[26/07/2008|13:53] C:\Arquivos de programas\Arquivos comuns\Ahead

[26/07/2008|13:11] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[11/08/2008|20:50] C:\Arquivos de programas\Arquivos comuns\InstallShield

[26/07/2008|13:00] C:\Arquivos de programas\Arquivos comuns\Java

[19/08/2008|14:09] C:\Arquivos de programas\Arquivos comuns\MAGIX Shared

[29/07/2008|18:24] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[30/01/2002|20:11] C:\Arquivos de programas\Arquivos comuns\MSSoap

[30/01/2002|18:06] C:\Arquivos de programas\Arquivos comuns\ODBC

[23/08/2008|14:03] C:\Arquivos de programas\Arquivos comuns\Real

[30/01/2002|20:11] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[30/01/2002|18:06] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[26/07/2008|13:11] C:\Arquivos de programas\Arquivos comuns\System

[17/08/2008|20:38] C:\Arquivos de programas\Arquivos comuns\System Explorer

[23/08/2008|14:03] C:\Arquivos de programas\Arquivos comuns\xing shared

 

--------------------\\ Process

 

( 32 Processus )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bookcreativecast]

"DisplayName"="CiD Help"

"UninstallString"="C:\\DOCUME~1\\Leandro\\DADOSD~1\\SIGNSI~1\\Second trust.exe -uninstall"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-26 22:50:40

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 65

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\Leandro\Meus documentos\My Completed Downloads\Crack PES 2008.rar

 

 

[F:171][D:6]-> C:\DOCUME~1\Leandro\CONFIG~1\Temp

[F:21][D:0]-> C:\DOCUME~1\Leandro\Cookies

[F:388][D:4]-> C:\DOCUME~1\Leandro\CONFIG~1\TEMPOR~1\content.IE5

 

--------------------\\ Verificação completa em 22:51:06,32

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:52:28, on 26/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?...amp;InstallVA=1

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_12\bin\npjpi142_12.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_12\bin\npjpi142_12.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{ABEE6580-6102-4607-B7A3-BB0ABA48F000}: NameServer = 200.165.132.147 200.165.132.155

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

Segue os dois logs, espero que agore de certo!

Obrigado pela força!

Abraços!

[PedroN 1]

Ok, o log estar limpo.

 

Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

 

Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):

http://www.microsoft.com/downloads/details...splayLang=pt-br

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções.

[Leandro_0o 0]

Obrigado por me ajudarem!

Fico muiTo graTo!

E quem eu puder ajudar, ajudarei!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.