[Resolvido!]"Virus" do popup CiD

mauriciobrandon · Agosto 30, 2008

Gente, acabei de rodar o HijackThis e o log dele foi esse daqui:

Logfile of HijackThis v1.99.1

Scan saved at 11:52:35, on 30/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\eZpublish\apache\apache.exe

C:\Arquivos de programas\eZpublish\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

C:\Arquivos de programas\eZpublish\apache\apache.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Oracle\Ora92\bin\omtsreco.exe

C:\Oracle\Ora92\bin\agntsrvc.exe

C:\Oracle\Ora92\Apache\Apache\apache.exe

C:\WINDOWS\system32\cmd.exe

C:\Oracle\Ora92\BIN\TNSLSNR.exe

c:\oracle\ora92\bin\ORACLE.EXE

C:\Oracle\Ora92\bin\dbsnmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Oracle\Ora92\Apache\Apache\apache.exe

C:\Oracle\Ora92\jdk\bin\java.exe

c:\oracle\ora92\bin\isqlplus

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avast4\ashWebSv.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\ARQUIV~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\eXPert PDF 5\vspdfprsrv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\RSSoft\RedSwoosh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\ASUS WiFi-AP Solo\RtWLan.exe

C:\Arquivos de programas\OpenOffice.org 2.4\program\soffice.exe

C:\Arquivos de programas\OpenOffice.org 2.4\program\soffice.BIN

C:\Speedy\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Killbox\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Arquivos de programas\eXPert PDF 5\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MODE FREE BIRD SURF] C:\Documents and Settings\All Users\Dados de aplicativos\beep axis mode free\four curb.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [NVIDIA nTune] C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile

O4 - HKCU\..\Run: [Mode Locks] C:\DOCUME~1\ADM\DADOSD~1\THEREC~1\up dent chic.exe

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Arquivos de programas\OpenOffice.org 2.4\program\quickstart.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Speedy\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apache - Unknown owner - C:\Arquivos de programas\eZpublish\apache\apache.exe" --ntservice (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos de programas\eZpublish\mysql\bin\mysqld-nt.exe" MySQL (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OracleDirectoryService_BDados - Unknown owner - C:\Oracle\Ora92\bin\oidservice.exe

O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Oracle\Ora92\bin\omtsreco.exe

O23 - Service: OracleOra92Agent - Oracle Corporation - C:\Oracle\Ora92\bin\agntsrvc.exe

O23 - Service: OracleOra92ClientCache - Unknown owner - C:\Oracle\Ora92\BIN\ONRSD.EXE

O23 - Service: OracleOra92HTTPServer - Unknown owner - C:\Oracle\Ora92\Apache\Apache\apache.exe" --ntservice (file missing)

O23 - Service: OracleOra92PagingServer - Unknown owner - C:\Oracle\Ora92/bin/pagntsrv.exe

O23 - Service: OracleOra92SNMPPeerEncapsulator - Unknown owner - C:\Oracle\Ora92\BIN\ENCSVC.EXE

O23 - Service: OracleOra92SNMPPeerMasterAgent - Unknown owner - C:\Oracle\Ora92\BIN\AGNTSVC.EXE

O23 - Service: OracleOra92TNSListener - Unknown owner - C:\Oracle\Ora92\BIN\TNSLSNR.exe

O23 - Service: OracleServiceSYSTEM - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\System Update\UpdateCenterService.exe

O que eu posso fazer pra tirar esse problema do popup do CiD do meu PC?

Abraços!

DigRam · Agosto 31, 2008

Bom Dia! mauriciobrandon

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\lopR.txt )

<@> Poste,também,HijackThis atualizado.

Abraços!

mauriciobrandon · Setembro 1, 2008

Bom Dia! mauriciobrandon

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\lopR.txt )

<@> Poste,também,HijackThis atualizado.

Abraços!

Conteúdo do lopR.txt:

--------------------\\ Lop S&D 4.2.3-8 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU 6600 @ 2.40GHz )

BIOS : BIOS Date: 10/20/06 11:52:35 Ver: 08.00.12

USER : ADM ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 080831-0] 4.8.1229 (Activated)

"C:\Lop SD" ( MAJ : 31-08-2008|15:45 )

Option : [2] ( seg 01/09/2008| 2:59 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\beep axis mode free\four curb.exe

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsb2.tmp

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsf2.tmp

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsf3.tmp

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsj2.tmp

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsl2.tmp

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsl3.tmp

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsm2.tmp

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsm3.tmp

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsm4.tmp

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsp2.tmp

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsp4.tmp

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\nsq2.tmp

Deletado! - C:\Arquivos de programas\Circle Developement\Uninstall.exe

Deletado! - C:\DOCUME~1\ADM\Cookies\adm@www.adserver5[1].txt

Deletado! - C:\DOCUME~1\ADM\Cookies\adm@www.lop[1].txt

Deletado! - C:\DOCUME~1\ADM\CONFIG~1\Temp\bisF.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\beep axis mode free

Deletado! - C:\Arquivos de programas\Circle Developement

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Lista de pastas em DADOSD~1

[29/06/2008|06:22] C:\DOCUME~1\ADM\DADOSD~1\Adobe

[28/06/2007|00:26] C:\DOCUME~1\ADM\DADOSD~1\Ahead

[05/04/2008|05:22] C:\DOCUME~1\ADM\DADOSD~1\Apple Computer

[07/05/2007|00:47] C:\DOCUME~1\ADM\DADOSD~1\Autodesk

[05/04/2008|14:15] C:\DOCUME~1\ADM\DADOSD~1\BrOffice.org2

[05/04/2008|12:10] C:\DOCUME~1\ADM\DADOSD~1\DAEMON Tools

[28/04/2007|13:04] C:\DOCUME~1\ADM\DADOSD~1\desktop.ini

[29/06/2008|06:26] C:\DOCUME~1\ADM\DADOSD~1\eXPert PDF Editor

[13/09/2007|22:52] C:\DOCUME~1\ADM\DADOSD~1\fltk.org

[11/08/2007|01:16] C:\DOCUME~1\ADM\DADOSD~1\Help

[30/06/2008|07:53] C:\DOCUME~1\ADM\DADOSD~1\ICAClient

[28/04/2007|16:20] C:\DOCUME~1\ADM\DADOSD~1\Identities

[28/04/2008|21:26] C:\DOCUME~1\ADM\DADOSD~1\ImgBurn

[05/04/2008|12:22] C:\DOCUME~1\ADM\DADOSD~1\Lavasoft

[29/08/2008|22:57] C:\DOCUME~1\ADM\DADOSD~1\LimeWire

[28/04/2007|16:56] C:\DOCUME~1\ADM\DADOSD~1\Macromedia

[30/03/2008|01:54] C:\DOCUME~1\ADM\DADOSD~1\Media Player Classic

[17/03/2008|04:27] C:\DOCUME~1\ADM\DADOSD~1\Microsoft

[14/03/2008|19:56] C:\DOCUME~1\ADM\DADOSD~1\Motive

[17/06/2008|19:06] C:\DOCUME~1\ADM\DADOSD~1\Mozilla

[08/05/2007|14:40] C:\DOCUME~1\ADM\DADOSD~1\My Games

[30/08/2008|13:24] C:\DOCUME~1\ADM\DADOSD~1\OpenOffice.org2

[20/06/2008|22:21] C:\DOCUME~1\ADM\DADOSD~1\Real

[05/11/2007|18:37] C:\DOCUME~1\ADM\DADOSD~1\SecuROM

[03/05/2007|15:06] C:\DOCUME~1\ADM\DADOSD~1\Sports Interactive

[09/06/2007|03:54] C:\DOCUME~1\ADM\DADOSD~1\Sun

[21/06/2008|14:18] C:\DOCUME~1\ADM\DADOSD~1\temp

[30/08/2008|06:22] C:\DOCUME~1\ADM\DADOSD~1\the rect

[29/06/2008|05:49] C:\DOCUME~1\ADM\DADOSD~1\Thinstall

[25/03/2008|04:19] C:\DOCUME~1\ADM\DADOSD~1\TuneUp Software

[03/08/2007|15:52] C:\DOCUME~1\ADM\DADOSD~1\Winamp

[05/04/2008|14:39] C:\DOCUME~1\ADM\DADOSD~1\WinRAR

[29/06/2008|06:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[28/06/2007|00:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

[05/08/2008|07:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

[17/06/2008|11:13] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[07/05/2007|00:45] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Autodesk

[28/04/2007|13:04] C:\DOCUME~1\ALLUSE~1\DADOSD~1\desktop.ini

[21/07/2007|00:59] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[29/06/2008|06:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\eXPert PDF

[29/06/2008|06:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\eXPert PDF 5

[29/06/2008|06:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\eXPert PDF Jobs

[09/05/2008|05:33] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Lavasoft

[15/03/2008|08:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[05/04/2008|12:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[12/06/2007|00:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NVIDIA

[13/05/2007|03:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

[29/03/2008|23:56] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

[12/05/2007|14:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[25/03/2008|04:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TuneUp Software

[28/04/2007|17:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[14/03/2008|21:15] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

[25/04/2008|23:28] C:\DOCUME~1\CONVID~1\DADOSD~1\Adobe

[26/04/2008|01:27] C:\DOCUME~1\CONVID~1\DADOSD~1\Apple Computer

[14/03/2008|21:29] C:\DOCUME~1\CONVID~1\DADOSD~1\BrOffice.org2

[28/04/2007|13:04] C:\DOCUME~1\CONVID~1\DADOSD~1\desktop.ini

[05/08/2008|18:11] C:\DOCUME~1\CONVID~1\DADOSD~1\eXPert PDF Editor

[10/05/2008|07:48] C:\DOCUME~1\CONVID~1\DADOSD~1\Google

[08/06/2007|19:09] C:\DOCUME~1\CONVID~1\DADOSD~1\Identities

[26/04/2008|00:02] C:\DOCUME~1\CONVID~1\DADOSD~1\LimeWire

[03/07/2007|18:30] C:\DOCUME~1\CONVID~1\DADOSD~1\Macromedia

[24/07/2007|18:35] C:\DOCUME~1\CONVID~1\DADOSD~1\Microsoft

[14/03/2008|21:28] C:\DOCUME~1\CONVID~1\DADOSD~1\Motive

[27/06/2008|09:30] C:\DOCUME~1\CONVID~1\DADOSD~1\Mozilla

[29/08/2008|23:49] C:\DOCUME~1\CONVID~1\DADOSD~1\OpenOffice.org2

[07/07/2008|21:10] C:\DOCUME~1\CONVID~1\DADOSD~1\Real

[10/05/2008|07:46] C:\DOCUME~1\CONVID~1\DADOSD~1\Sun

[27/06/2008|18:26] C:\DOCUME~1\CONVID~1\DADOSD~1\WinRAR

[28/04/2007|13:04] C:\DOCUME~1\DEFAUL~1\DADOSD~1\desktop.ini

[28/04/2007|16:15] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

[04/06/2007|19:56] C:\DOCUME~1\Filipe\DADOSD~1\Adobe

[23/05/2008|20:40] C:\DOCUME~1\Filipe\DADOSD~1\Apple Computer

[23/03/2008|17:52] C:\DOCUME~1\Filipe\DADOSD~1\BrOffice.org2

[28/04/2007|13:04] C:\DOCUME~1\Filipe\DADOSD~1\desktop.ini

[19/05/2007|01:17] C:\DOCUME~1\Filipe\DADOSD~1\DivX

[02/08/2008|19:27] C:\DOCUME~1\Filipe\DADOSD~1\eXPert PDF Editor

[29/04/2007|13:19] C:\DOCUME~1\Filipe\DADOSD~1\Identities

[26/01/2008|19:41] C:\DOCUME~1\Filipe\DADOSD~1\Lavasoft

[29/04/2007|13:22] C:\DOCUME~1\Filipe\DADOSD~1\Macromedia

[19/05/2007|01:17] C:\DOCUME~1\Filipe\DADOSD~1\Media Player Classic

[21/03/2008|00:50] C:\DOCUME~1\Filipe\DADOSD~1\Microsoft

[09/07/2008|01:19] C:\DOCUME~1\Filipe\DADOSD~1\Mozilla

[03/08/2008|14:37] C:\DOCUME~1\Filipe\DADOSD~1\OpenOffice.org2

[29/04/2007|13:19] C:\DOCUME~1\Filipe\DADOSD~1\Real

[17/12/2007|11:23] C:\DOCUME~1\Filipe\DADOSD~1\Sports Interactive

[03/06/2007|21:50] C:\DOCUME~1\Filipe\DADOSD~1\Sun

[03/06/2008|15:03] C:\DOCUME~1\Filipe\DADOSD~1\temp

[23/05/2008|20:49] C:\DOCUME~1\Filipe\DADOSD~1\WinRAR

[28/04/2007|19:20] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

[22/05/2008|21:46] C:\DOCUME~1\Lurdes\DADOSD~1\Adobe

[14/07/2008|19:33] C:\DOCUME~1\Lurdes\DADOSD~1\Apple Computer

[22/03/2008|23:52] C:\DOCUME~1\Lurdes\DADOSD~1\BrOffice.org2

[28/04/2007|13:04] C:\DOCUME~1\Lurdes\DADOSD~1\desktop.ini

[12/10/2007|16:27] C:\DOCUME~1\Lurdes\DADOSD~1\DivX

[06/10/2007|17:48] C:\DOCUME~1\Lurdes\DADOSD~1\Help

[29/04/2007|19:44] C:\DOCUME~1\Lurdes\DADOSD~1\Identities

[29/04/2007|20:05] C:\DOCUME~1\Lurdes\DADOSD~1\Macromedia

[12/10/2007|16:27] C:\DOCUME~1\Lurdes\DADOSD~1\Media Player Classic

[17/03/2008|13:08] C:\DOCUME~1\Lurdes\DADOSD~1\Microsoft

[09/07/2008|01:56] C:\DOCUME~1\Lurdes\DADOSD~1\Mozilla

[02/08/2008|00:09] C:\DOCUME~1\Lurdes\DADOSD~1\OpenOffice.org2

[29/04/2007|19:44] C:\DOCUME~1\Lurdes\DADOSD~1\Real

[27/10/2007|03:15] C:\DOCUME~1\Lurdes\DADOSD~1\Sun

[27/07/2008|03:33] C:\DOCUME~1\Lurdes\DADOSD~1\WinRAR

[28/04/2007|16:15] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

[25/08/2008 13:54][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[01/09/2008 03:00][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job

[30/08/2008 13:22][--ah-----] C:\WINDOWS\tasks\SA.DAT

[02/03/2006 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Lista de pastas em C:\Arquivos de programas

[27/06/2008|01:58] C:\Arquivos de programas\Adobe

[06/01/2008|18:43] C:\Arquivos de programas\Alcohol Soft

[15/08/2007|15:16] C:\Arquivos de programas\Analog Devices

[07/05/2007|00:42] C:\Arquivos de programas\AnswerWorks 4.0

[05/08/2008|07:20] C:\Arquivos de programas\Apple Software Update

[29/06/2008|06:22] C:\Arquivos de programas\Arquivos comuns

[15/08/2007|15:05] C:\Arquivos de programas\AskTBar

[29/06/2008|06:58] C:\Arquivos de programas\ASUS WiFi-AP Solo

[07/05/2007|00:43] C:\Arquivos de programas\AutoCAD 2006

[07/05/2007|00:37] C:\Arquivos de programas\Autodesk

[25/07/2008|10:02] C:\Arquivos de programas\Avast4

[06/08/2007|19:45] C:\Arquivos de programas\Badongo

[30/03/2008|02:33] C:\Arquivos de programas\BitComet

[05/04/2008|14:16] C:\Arquivos de programas\BrOffice.org 2.2

[09/03/2008|21:44] C:\Arquivos de programas\Click21

[14/03/2008|19:54] C:\Arquivos de programas\Common Files

[21/07/2007|01:05] C:\Arquivos de programas\Complex

[28/04/2007|16:13] C:\Arquivos de programas\ComPlus Applications

[05/04/2008|12:10] C:\Arquivos de programas\DAEMON Tools

[29/07/2008|03:32] C:\Arquivos de programas\DAEMON Tools Lite

[29/08/2008|14:52] C:\Arquivos de programas\Desafio Sebrae 2008

[30/05/2007|17:38] C:\Arquivos de programas\DivX

[30/06/2008|18:04] C:\Arquivos de programas\DOSBox-0.71

[04/10/2007|19:53] C:\Arquivos de programas\DriverGuide Toolkit

[21/07/2007|00:58] C:\Arquivos de programas\DVD Shrink

[07/05/2007|01:21] C:\Arquivos de programas\EA SPORTS

[30/07/2008|06:32] C:\Arquivos de programas\Everest Poker.net

[29/06/2008|06:23] C:\Arquivos de programas\eXPert PDF 5

[12/05/2007|14:24] C:\Arquivos de programas\eZpublish

[25/03/2008|21:25] C:\Arquivos de programas\FireTune

[25/07/2008|10:15] C:\Arquivos de programas\FlashGet

[24/06/2008|21:28] C:\Arquivos de programas\Futuremark

[30/03/2008|22:25] C:\Arquivos de programas\Gabest

[09/05/2008|05:36] C:\Arquivos de programas\Google

[05/06/2007|16:16] C:\Arquivos de programas\IDoser

[28/04/2008|21:26] C:\Arquivos de programas\ImgBurn

[25/07/2008|11:23] C:\Arquivos de programas\InstallShield Installation Information

[28/04/2007|16:23] C:\Arquivos de programas\Intel

[13/08/2008|21:05] C:\Arquivos de programas\Internet Explorer

[15/08/2007|14:50] C:\Arquivos de programas\InterVideo

[02/08/2008|04:21] C:\Arquivos de programas\Java

[09/05/2008|05:33] C:\Arquivos de programas\Lavasoft

[13/07/2008|22:42] C:\Arquivos de programas\LimeWire

[28/04/2007|16:27] C:\Arquivos de programas\Marvell

[13/08/2008|21:07] C:\Arquivos de programas\Messenger

[30/08/2008|06:21] C:\Arquivos de programas\Messenger Plus! Live

[28/04/2007|16:15] C:\Arquivos de programas\microsoft frontpage

[07/05/2007|00:42] C:\Arquivos de programas\Microsoft Office

[19/08/2008|03:00] C:\Arquivos de programas\Microsoft Silverlight

[14/03/2008|19:53] C:\Arquivos de programas\Motive

[25/07/2008|11:30] C:\Arquivos de programas\Movie Maker

[31/08/2008|15:19] C:\Arquivos de programas\Mozilla Firefox

[28/04/2007|21:01] C:\Arquivos de programas\MSBuild

[28/04/2007|16:12] C:\Arquivos de programas\MSN Gaming Zone

[14/05/2007|03:00] C:\Arquivos de programas\MSXML 4.0

[16/08/2007|02:59] C:\Arquivos de programas\MSXML 6.0

[28/06/2007|00:25] C:\Arquivos de programas\Nero

[25/07/2008|11:31] C:\Arquivos de programas\NetMeeting

[29/06/2008|06:20] C:\Arquivos de programas\NVIDIA Corporation

[05/04/2008|14:13] C:\Arquivos de programas\OpenOffice

[23/06/2008|06:34] C:\Arquivos de programas\OpenOffice.org 2.4

[30/09/2007|02:21] C:\Arquivos de programas\Oracle

[25/07/2008|11:31] C:\Arquivos de programas\Outlook Express

[17/06/2008|11:13] C:\Arquivos de programas\QuickTime

[28/04/2007|19:57] C:\Arquivos de programas\Real

[09/05/2008|05:35] C:\Arquivos de programas\Real Alternative

[28/04/2007|20:58] C:\Arquivos de programas\Reference Assemblies

[27/06/2007|13:19] C:\Arquivos de programas\ReflexiveArcade

[01/09/2008|01:51] C:\Arquivos de programas\RSSoft

[28/04/2007|16:14] C:\Arquivos de programas\Servi‡os on-line

[09/08/2008|13:37] C:\Arquivos de programas\Sony

[09/08/2008|13:36] C:\Arquivos de programas\Sony Setup

[03/04/2008|20:00] C:\Arquivos de programas\SopCast

[06/04/2008|07:35] C:\Arquivos de programas\Spybot - Search & Destroy

[14/09/2007|22:07] C:\Arquivos de programas\sqldeveloper

[03/08/2008|14:29] C:\Arquivos de programas\Steam

[14/09/2007|22:04] C:\Arquivos de programas\Sun

[30/08/2008|06:22] C:\Arquivos de programas\the rect

[25/03/2008|04:38] C:\Arquivos de programas\TuneUp Utilities 2008

[28/04/2007|16:20] C:\Arquivos de programas\Uninstall Information

[28/04/2007|21:09] C:\Arquivos de programas\VID_0E8F&PID_0003

[01/02/2008|20:17] C:\Arquivos de programas\VistaCodecPack

[14/03/2008|21:16] C:\Arquivos de programas\Windows Live

[24/06/2008|21:51] C:\Arquivos de programas\Windows Media Components

[28/04/2007|19:19] C:\Arquivos de programas\Windows Media Connect 2

[25/07/2008|11:30] C:\Arquivos de programas\Windows Media Player

[25/07/2008|11:44] C:\Arquivos de programas\Windows NT

[28/04/2007|16:14] C:\Arquivos de programas\WindowsUpdate

[05/04/2008|12:12] C:\Arquivos de programas\WinRAR

[28/04/2007|16:15] C:\Arquivos de programas\xerox

[05/11/2007|18:11] C:\Arquivos de programas\Zero G Registry

[26/08/2007|04:17] C:\Arquivos de programas\Zoo Digital Publishing

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

[17/02/2008|19:23] C:\Arquivos de programas\Arquivos comuns\Adobe

[29/06/2008|06:22] C:\Arquivos de programas\Arquivos comuns\Adobe AIR

[15/08/2007|14:50] C:\Arquivos de programas\Arquivos comuns\appop.log

[07/05/2007|00:43] C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

[07/05/2007|00:42] C:\Arquivos de programas\Arquivos comuns\Designer

[28/04/2007|16:39] C:\Arquivos de programas\Arquivos comuns\InstallShield

[30/04/2007|22:41] C:\Arquivos de programas\Arquivos comuns\Java

[09/08/2008|13:36] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[14/03/2008|19:55] C:\Arquivos de programas\Arquivos comuns\Motive

[28/04/2007|16:13] C:\Arquivos de programas\Arquivos comuns\MSSoap

[28/04/2007|13:04] C:\Arquivos de programas\Arquivos comuns\ODBC

[07/05/2007|00:28] C:\Arquivos de programas\Arquivos comuns\Real

[28/04/2007|16:13] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[28/04/2007|17:08] C:\Arquivos de programas\Arquivos comuns\snpstd

[28/04/2007|13:04] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[25/07/2008|11:44] C:\Arquivos de programas\Arquivos comuns\System

[14/03/2008|21:16] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

[05/04/2008|12:21] C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

--------------------\\ Process

( 54 Processus )

... OK !

--------------------\\ Procura pelo S_Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura no Registro

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

Arquivos/Ficheiros Hosts LIMPO

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-01 03:00:44

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 1

--------------------\\ Procurando por outras infecções

Não foram encontradas outras infecções.

[F:237][D:7]-> C:\DOCUME~1\ADM\CONFIG~1\Temp

[F:69][D:0]-> C:\DOCUME~1\ADM\Cookies

[F:5550][D:17]-> C:\DOCUME~1\ADM\CONFIG~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - seg 01/09/2008| 3:01 - Option : [2]

--------------------\\ Verificação completa em 3:01:43

Conteúdo do hijackthis.log:

Logfile of HijackThis v1.99.1

Scan saved at 03:04:57, on 1/9/2008