[Resolvido!]FAMOSO CID!

[Osvaldo Filho 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:47:30, on 17/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Candex2008\Apache-TomCat-5.5.26\bin\tomcat5.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hijackthis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Win Base 4 Download] C:\Documents and Settings\All Users\Dados de aplicativos\Browse Dent Win Base\Show Setup.exe

O4 - HKLM\..\RunOnce: [ReEXEc] C:\Documents and Settings\OSVALDO\Desktop\ELITRIIP.AI%D8IB%D8%D8H.EXE

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Conexão Oi Velox] "C:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bLUEBOWS] C:\DOCUME~1\OSVALDO\DADOSD~1\VGANEW~1\Link frag.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B2C6D129-88F5-4BBC-AD6D-3821802E7545}: NameServer = 200.165.132.154 200.149.55.140

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MySQLTSE - Unknown owner - C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Apache Tomcat TomCatTSE (TomCatTSE) - Apache Software Foundation - C:\Arquivos de programas\Candex2008\Apache-TomCat-5.5.26\bin\tomcat5.exe

 

--

End of file - 9662 bytes

[DigRam 144]

Bom Dia! Osvaldo Filho

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\lopR.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Osvaldo Filho 0]

Bom dia DigRam, Obrigado pela ajuda, segue o log do LOP

 

 

--------------------\\ Lop S&D 4.2.4-3 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU 4400 @ 2.00GHz )

BIOS : Award Modular BIOS v6.00PG

USER : OSVALDO ( Administrator )

BOOT : Normal boot

Antivirus : Kaspersky Anti-Virus 8.0.0.454 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total : 74 Go Free : 61 Go

D:\ (Local Disk) - NTFS - Total : 74 Go Free : 51 Go

E:\ (USB)

F:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 14-09-2008|22:40 )

Option : [2] ( 17/09/2008|10:54 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\WINDOWS\Tasks\A4FDC62A918A446E.job

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Browse Dent Win Base\Show Setup.exe

Deletado! - C:\DOCUME~1\OSVALDO\DADOSD~1\vganew~1\byymldmk.exe

Deletado! - C:\DOCUME~1\OSVALDO\DADOSD~1\vganew~1\cast noun wma.exe

Deletado! - C:\DOCUME~1\OSVALDO\DADOSD~1\vganew~1\hewbrmzp.exe

Deletado! - C:\DOCUME~1\OSVALDO\DADOSD~1\vganew~1\Link frag.exe

Deletado! - C:\DOCUME~1\OSVALDO\DADOSD~1\vganew~1\mp3infocashmanager.exe

Deletado! - C:\Arquivos de programas\Circle Developement\Uninstall.exe

Deletado! - C:\DOCUME~1\OSVALDO\Cookies\osvaldo@adultfriendfinder[1].txt

Deletado! - C:\DOCUME~1\OSVALDO\Cookies\osvaldo@www.lop[1].txt

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Browse Dent Win Base

Deletado! - C:\DOCUME~1\OSVALDO\DADOSD~1\vganew~1

Deletado! - C:\Arquivos de programas\vganew~1

Deletado! - C:\Arquivos de programas\Circle Developement

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[03/07/2008|16:41] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

 

[03/09/2008|19:34] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[14/09/2008|14:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe Systems

[09/01/2008|19:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ESET

[03/08/2008|22:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\FLEXnet

[24/08/2008|10:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[07/07/2008|16:13] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[03/05/2008|23:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[07/02/2008|00:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Installations

[29/01/2008|12:03] C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield

[14/09/2008|04:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab Setup Files

[13/09/2008|19:34] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[14/09/2008|04:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[22/04/2008|17:55] C:\DOCUME~1\ALLUSE~1\DADOSD~1\MSScanAppDataDir

[10/01/2008|16:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[07/02/2008|00:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PC Suite

[25/04/2008|20:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

[10/09/2008|13:09] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Watermark Factory

[09/01/2008|13:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[12/01/2008|12:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WinZip

[11/09/2008|12:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

[03/07/2008|16:41] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[07/01/2008|18:50] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[30/04/2008|14:03] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

[14/09/2008|14:49] C:\DOCUME~1\OSVALDO\DADOSD~1\Adobe

[14/09/2008|03:05] C:\DOCUME~1\OSVALDO\DADOSD~1\Alien Skin

[29/01/2008|12:16] C:\DOCUME~1\OSVALDO\DADOSD~1\Corel

[16/09/2008|16:15] C:\DOCUME~1\OSVALDO\DADOSD~1\FileZilla

[07/07/2008|23:48] C:\DOCUME~1\OSVALDO\DADOSD~1\Google

[02/05/2008|15:45] C:\DOCUME~1\OSVALDO\DADOSD~1\Hamachi

[08/03/2008|14:43] C:\DOCUME~1\OSVALDO\DADOSD~1\Help

[06/05/2008|14:43] C:\DOCUME~1\OSVALDO\DADOSD~1\HP

[07/01/2008|18:54] C:\DOCUME~1\OSVALDO\DADOSD~1\Identities

[04/06/2008|20:12] C:\DOCUME~1\OSVALDO\DADOSD~1\Image Zone Express

[17/09/2008|08:21] C:\DOCUME~1\OSVALDO\DADOSD~1\Lightcomm

[01/04/2008|17:13] C:\DOCUME~1\OSVALDO\DADOSD~1\Macromedia

[26/04/2008|00:07] C:\DOCUME~1\OSVALDO\DADOSD~1\Media Player Classic

[07/07/2008|21:38] C:\DOCUME~1\OSVALDO\DADOSD~1\Microsoft

[10/01/2008|16:10] C:\DOCUME~1\OSVALDO\DADOSD~1\Nero

[07/02/2008|00:03] C:\DOCUME~1\OSVALDO\DADOSD~1\Nokia

[27/07/2008|04:56] C:\DOCUME~1\OSVALDO\DADOSD~1\Nokia Multimedia Player

[22/05/2008|02:33] C:\DOCUME~1\OSVALDO\DADOSD~1\Opera

[07/02/2008|00:02] C:\DOCUME~1\OSVALDO\DADOSD~1\PC Suite

[07/02/2008|00:16] C:\DOCUME~1\OSVALDO\DADOSD~1\Publish Providers

[18/08/2008|15:32] C:\DOCUME~1\OSVALDO\DADOSD~1\RhinoSoft.com

[06/09/2008|20:09] C:\DOCUME~1\OSVALDO\DADOSD~1\Skype

[06/09/2008|19:45] C:\DOCUME~1\OSVALDO\DADOSD~1\skypePM

[10/05/2008|13:34] C:\DOCUME~1\OSVALDO\DADOSD~1\SmartFTP

[19/08/2008|05:12] C:\DOCUME~1\OSVALDO\DADOSD~1\Sony

[08/07/2008|04:22] C:\DOCUME~1\OSVALDO\DADOSD~1\Sun

[13/01/2008|21:40] C:\DOCUME~1\OSVALDO\DADOSD~1\Thinstall

[09/01/2008|21:08] C:\DOCUME~1\OSVALDO\DADOSD~1\WinRAR

[22/07/2008|05:18] C:\DOCUME~1\OSVALDO\DADOSD~1\Wireshark

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[17/09/2008 08:06][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 09:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[23/05/2008|19:49] C:\Arquivos de programas\ActivationManager

[14/09/2008|13:08] C:\Arquivos de programas\Adobe

[04/06/2008|16:08] C:\Arquivos de programas\Alwil Software

[14/09/2008|13:05] C:\Arquivos de programas\Arquivos comuns

[03/08/2008|20:27] C:\Arquivos de programas\Bonjour

[01/07/2008|10:43] C:\Arquivos de programas\Candex2008

[03/09/2008|08:57] C:\Arquivos de programas\CNPJ2008

[07/01/2008|18:47] C:\Arquivos de programas\ComPlus Applications

[25/04/2008|23:40] C:\Arquivos de programas\CoreCodec

[25/06/2008|17:46] C:\Arquivos de programas\Corel

[07/02/2008|00:02] C:\Arquivos de programas\DIFX

[11/08/2008|10:50] C:\Arquivos de programas\DIPJ2002

[11/08/2008|10:45] C:\Arquivos de programas\DIPJ2003

[21/05/2008|23:07] C:\Arquivos de programas\Download Apostila Concurso

[18/08/2008|15:43] C:\Arquivos de programas\FileZilla FTP Client

[28/07/2008|17:11] C:\Arquivos de programas\Firebird

[19/05/2008|13:57] C:\Arquivos de programas\Flash Banner Creator

[23/08/2008|07:02] C:\Arquivos de programas\GbPlugin

[07/07/2008|18:57] C:\Arquivos de programas\Google

[17/09/2008|02:45] C:\Arquivos de programas\Gravity

[25/04/2008|23:40] C:\Arquivos de programas\Haali

[03/05/2008|23:32] C:\Arquivos de programas\Hewlett-Packard

[09/05/2008|01:55] C:\Arquivos de programas\HooTech

[03/05/2008|23:35] C:\Arquivos de programas\HP

[03/09/2008|13:08] C:\Arquivos de programas\InstallShield Installation Information

[16/09/2008|03:05] C:\Arquivos de programas\Internet Explorer

[16/09/2008|15:59] C:\Arquivos de programas\ITR2003

[04/08/2008|21:28] C:\Arquivos de programas\Java

[07/07/2008|13:00] C:\Arquivos de programas\Justi‡a Eleitoral

[26/04/2008|00:06] C:\Arquivos de programas\K-Lite Codec Pack

[01/04/2008|17:12] C:\Arquivos de programas\Macromedia

[30/08/2008|11:58] C:\Arquivos de programas\Messenger

[14/09/2008|01:38] C:\Arquivos de programas\Messenger Plus! Live

[07/01/2008|18:50] C:\Arquivos de programas\microsoft frontpage

[09/01/2008|20:10] C:\Arquivos de programas\Microsoft Office

[09/01/2008|20:10] C:\Arquivos de programas\Microsoft Visual Studio

[28/08/2008|11:29] C:\Arquivos de programas\Microsoft Works

[09/01/2008|20:09] C:\Arquivos de programas\Microsoft.NET

[30/08/2008|11:55] C:\Arquivos de programas\Movie Maker

[09/01/2008|18:18] C:\Arquivos de programas\MSBuild

[07/01/2008|18:47] C:\Arquivos de programas\MSN Gaming Zone

[03/07/2008|16:41] C:\Arquivos de programas\MSXML 4.0

[03/07/2008|16:44] C:\Arquivos de programas\MSXML 6.0

[10/01/2008|16:08] C:\Arquivos de programas\Nero

[30/08/2008|11:50] C:\Arquivos de programas\NetMeeting

[07/02/2008|00:02] C:\Arquivos de programas\Nokia

[28/07/2008|16:28] C:\Arquivos de programas\Oi Velox

[10/09/2008|01:28] C:\Arquivos de programas\OnGame

[30/08/2008|11:50] C:\Arquivos de programas\Outlook Express

[07/02/2008|00:02] C:\Arquivos de programas\PC Connectivity Solution

[03/09/2008|02:37] C:\Arquivos de programas\PC Inspector File Recovery

[08/09/2008|09:10] C:\Arquivos de programas\PokerStars

[03/09/2008|08:56] C:\Arquivos de programas\Programas RFB

[15/09/2008|09:41] C:\Arquivos de programas\Programas SRF

[03/08/2008|20:29] C:\Arquivos de programas\QuickTime

[09/01/2008|18:16] C:\Arquivos de programas\Reference Assemblies

[09/01/2008|15:50] C:\Arquivos de programas\S3

[07/01/2008|18:49] C:\Arquivos de programas\Servi‡os on-line

[25/04/2008|20:32] C:\Arquivos de programas\Skype

[07/02/2008|00:13] C:\Arquivos de programas\Sony

[07/02/2008|00:09] C:\Arquivos de programas\Sony Setup

[28/07/2008|17:11] C:\Arquivos de programas\SpacialAudio

[08/07/2008|11:38] C:\Arquivos de programas\Sun

[07/01/2008|18:54] C:\Arquivos de programas\Uninstall Information

[09/01/2008|16:12] C:\Arquivos de programas\VIA

[07/02/2008|00:13] C:\Arquivos de programas\Vstplugins

[08/09/2008|16:14] C:\Arquivos de programas\Watermark Factory 2

[25/04/2008|19:22] C:\Arquivos de programas\Windows Live

[05/02/2008|13:08] C:\Arquivos de programas\Windows Media Connect 2

[30/08/2008|11:50] C:\Arquivos de programas\Windows Media Player

[30/08/2008|11:50] C:\Arquivos de programas\Windows NT

[07/01/2008|18:49] C:\Arquivos de programas\WindowsUpdate

[09/01/2008|20:06] C:\Arquivos de programas\WinRAR

[09/01/2008|19:19] C:\Arquivos de programas\WinZip

[07/01/2008|18:50] C:\Arquivos de programas\xerox

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[14/09/2008|13:06] C:\Arquivos de programas\Arquivos comuns\Adobe

[03/09/2008|19:35] C:\Arquivos de programas\Arquivos comuns\Adobe AIR

[14/09/2008|13:05] C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

[25/06/2008|17:46] C:\Arquivos de programas\Arquivos comuns\Corel

[25/06/2008|17:48] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[27/04/2008|13:02] C:\Arquivos de programas\Arquivos comuns\DirectX

[03/05/2008|23:31] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[03/05/2008|23:35] C:\Arquivos de programas\Arquivos comuns\HP

[06/02/2008|23:40] C:\Arquivos de programas\Arquivos comuns\InstallShield

[01/07/2008|10:40] C:\Arquivos de programas\Arquivos comuns\Java

[03/08/2008|20:17] C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

[11/09/2008|12:13] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[07/01/2008|18:48] C:\Arquivos de programas\Arquivos comuns\MSSoap

[10/01/2008|16:10] C:\Arquivos de programas\Arquivos comuns\Nero

[07/02/2008|00:02] C:\Arquivos de programas\Arquivos comuns\Nokia

[07/01/2008|16:42] C:\Arquivos de programas\Arquivos comuns\ODBC

[07/02/2008|00:02] C:\Arquivos de programas\Arquivos comuns\PCSuite

[07/01/2008|18:48] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[25/04/2008|20:32] C:\Arquivos de programas\Arquivos comuns\Skype

[07/01/2008|16:42] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[30/08/2008|11:50] C:\Arquivos de programas\Arquivos comuns\System

[01/04/2008|17:12] C:\Arquivos de programas\Arquivos comuns\Vbox

[25/04/2008|19:21] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

 

--------------------\\ Process

 

( 43 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-17 10:55:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 14

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\OSVALDO\Recent\Manual de Instala‡Æo do Crack.lnk

 

 

[F:365][D:12]-> C:\DOCUME~1\OSVALDO\CONFIG~1\Temp

[F:75][D:0]-> C:\DOCUME~1\OSVALDO\Cookies

[F:2704][D:20]-> C:\DOCUME~1\OSVALDO\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 17/09/2008|10:56 - Option : [2]

 

--------------------\\ Verificação completa em 10:56:43

 

 

 

 

 

 

ABAIXO, LOG DO HIJ....

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:58:44, on 17/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Candex2008\Apache-TomCat-5.5.26\bin\tomcat5.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Conexão Oi Velox] "C:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B2C6D129-88F5-4BBC-AD6D-3821802E7545}: NameServer = 200.165.132.154 200.149.55.140

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MySQLTSE - Unknown owner - C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Apache Tomcat TomCatTSE (TomCatTSE) - Apache Software Foundation - C:\Arquivos de programas\Candex2008\Apache-TomCat-5.5.26\bin\tomcat5.exe

 

--

End of file - 9291 bytes

[DigRam 144]

Bom Dia! Osvaldo Filho

 

Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.

Clique com o botão direito do mouse,em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em: < Docs >

<!> Caso queira,pode desinstalar o Lop S&D.

<!> Os logs estão limpos! :thumbsup:

<!> Tudo Ok?

 

Abraços!

[Osvaldo Filho 0]

Boa Noite DIgRam . . .

Fiz o ponto de restauração como você disse.

 

Está tudo normal, Obrigado pela ajuda.

 

Muito Obrigado!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.