[Resolvido!] IE abrindo sem ser solicitado

[NORTHON 0]

olá, o IE está abrindo janelas tipo do mercadolivre ou de sites de relacionamento sem eu querer.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:14:27, on 19/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

c:\arquivos de programas\arquivos comuns\installshield\updateservice\isuspm.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\agent.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [second bat creative peak] C:\Documents and Settings\All Users\Dados de aplicativos\Axis Readme Second Bat\SOFTWARE HOLD.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [livefind] C:\DOCUME~1\user\DADOSD~1\IDLESI~1\liesload.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{03797358-0E8D-49EC-A35C-4A86A64D3997}: NameServer = 201.10.120.3 201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{03797358-0E8D-49EC-A35C-4A86A64D3997}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

 

--

End of file - 9951 bytes

[DigRam 144]

Bom Dia! Northon

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[NORTHON 0]

Bom Dia! Northon

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

 

olá, eu fiz isso que me pedisse, vou postar os relatórios, mas agora o IE só está dando erro... até mais.

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2140 @ 1.60GHz )

BIOS : Award Modular BIOS v6.00PG

USER : user ( Administrator )

BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:232 Go (Free:201 Go)

D:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( ter 24/03/2009|10:50 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\WINDOWS\Tasks\A618B72C906F2758.job

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Axis Readme Second Bat\Error window.dat

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Axis Readme Second Bat\Error window.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Axis Readme Second Bat\LESS FLAG.dat

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Axis Readme Second Bat\LESS FLAG.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Axis Readme Second Bat\SOFTWARE HOLD.dat

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Axis Readme Second Bat\SOFTWARE HOLD.exe

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1\FunkBlueLess.exe

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1\gnxeqsjb.exe

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1\hzkzgujg.exe

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1\liesload.exe

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1\nmwirlkd.exe

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1\one bone itch link.exe

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1\oovatzic.exe

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1\oxvynogj.exe

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1\ppfmkuwf.exe

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1\syvdrnth.exe

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1\xkgvemvv.exe

Deletado! - C:\Arquivos de programas\Circle Developement\Uninstall.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Axis Readme Second Bat

Deletado! - C:\DOCUME~1\Luanny\DADOSD~1\idlesi~1

Deletado! - C:\DOCUME~1\user\DADOSD~1\idlesi~1

Deletado! - C:\Arquivos de programas\idlesi~1

Deletado! - C:\Arquivos de programas\Circle Developement

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[03/11/2008|16:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[03/11/2008|16:04] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

[03/11/2008|16:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[04/02/2009|15:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\avg8

[25/11/2008|20:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Corel

[06/11/2008|00:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[01/02/2009|22:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[03/11/2008|00:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[25/11/2008|20:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield

[02/01/2009|21:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[12/03/2009|11:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[14/11/2008|10:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NCH Software

[14/11/2008|10:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NCH Swift Sound

[24/10/2008|07:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

[19/03/2009|11:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[16/11/2008|17:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

 

[23/10/2008|14:42] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[24/10/2008|07:12] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[02/03/2009|15:34] C:\DOCUME~1\Luanny\DADOSD~1\Adobe

[02/03/2009|16:02] C:\DOCUME~1\Luanny\DADOSD~1\Apple Computer

[05/03/2009|13:50] C:\DOCUME~1\Luanny\DADOSD~1\ArcSoft

[07/03/2009|13:57] C:\DOCUME~1\Luanny\DADOSD~1\DivX

[02/03/2009|14:35] C:\DOCUME~1\Luanny\DADOSD~1\Identities

[24/03/2009|01:46] C:\DOCUME~1\Luanny\DADOSD~1\LimeWire

[02/03/2009|14:36] C:\DOCUME~1\Luanny\DADOSD~1\Macromedia

[21/03/2009|14:31] C:\DOCUME~1\Luanny\DADOSD~1\Microsoft

[03/03/2009|13:51] C:\DOCUME~1\Luanny\DADOSD~1\Mozilla

[13/03/2009|02:39] C:\DOCUME~1\Luanny\DADOSD~1\Real

[07/03/2009|18:53] C:\DOCUME~1\Luanny\DADOSD~1\Sun

[02/03/2009|15:59] C:\DOCUME~1\Luanny\DADOSD~1\Winamp

 

[24/10/2008|07:12] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

[28/10/2008|13:42] C:\DOCUME~1\user\DADOSD~1\Adobe

[07/11/2008|11:48] C:\DOCUME~1\user\DADOSD~1\Apple Computer

[11/11/2008|06:38] C:\DOCUME~1\user\DADOSD~1\ArcSoft

[05/11/2008|00:22] C:\DOCUME~1\user\DADOSD~1\Blender Foundation

[25/11/2008|20:38] C:\DOCUME~1\user\DADOSD~1\Corel

[07/11/2008|00:54] C:\DOCUME~1\user\DADOSD~1\Google

[17/01/2009|22:05] C:\DOCUME~1\user\DADOSD~1\Help

[11/12/2008|09:19] C:\DOCUME~1\user\DADOSD~1\HP

[23/10/2008|14:47] C:\DOCUME~1\user\DADOSD~1\Identities

[23/10/2008|15:11] C:\DOCUME~1\user\DADOSD~1\InstallShield

[29/12/2008|07:48] C:\DOCUME~1\user\DADOSD~1\IObit

[19/03/2009|20:43] C:\DOCUME~1\user\DADOSD~1\LimeWire

[03/02/2009|19:59] C:\DOCUME~1\user\DADOSD~1\Macromedia

[24/10/2008|19:37] C:\DOCUME~1\user\DADOSD~1\Media Player Classic

[20/03/2009|04:45] C:\DOCUME~1\user\DADOSD~1\Microsoft

[04/11/2008|01:07] C:\DOCUME~1\user\DADOSD~1\Mozilla

[30/12/2008|10:18] C:\DOCUME~1\user\DADOSD~1\Mp3tag

[14/11/2008|10:17] C:\DOCUME~1\user\DADOSD~1\NCH Swift Sound

[10/01/2009|01:19] C:\DOCUME~1\user\DADOSD~1\pokerth

[29/10/2008|21:17] C:\DOCUME~1\user\DADOSD~1\Real

[24/10/2008|08:16] C:\DOCUME~1\user\DADOSD~1\Skype

[28/10/2008|19:44] C:\DOCUME~1\user\DADOSD~1\Sun

[28/10/2008|22:57] C:\DOCUME~1\user\DADOSD~1\Winamp

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[16/12/2008 08:13][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[24/03/2009 10:41][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 15:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[20/11/2008|09:35] C:\Arquivos de programas\Acro Software

[24/10/2008|12:48] C:\Arquivos de programas\Ahead

[03/12/2008|10:14] C:\Arquivos de programas\Alcohol Soft

[03/11/2008|16:04] C:\Arquivos de programas\Apple Software Update

[11/11/2008|00:04] C:\Arquivos de programas\ArcSoft

[18/11/2008|20:43] C:\Arquivos de programas\Ares

[25/11/2008|20:36] C:\Arquivos de programas\Arquivos comuns

[24/10/2008|07:14] C:\Arquivos de programas\AVG

[05/11/2008|00:22] C:\Arquivos de programas\Blender Foundation

[03/11/2008|16:05] C:\Arquivos de programas\Bonjour

[19/03/2009|10:53] C:\Arquivos de programas\CCleaner

[23/10/2008|14:39] C:\Arquivos de programas\ComPlus Applications

[25/11/2008|20:36] C:\Arquivos de programas\Corel

[24/10/2008|12:47] C:\Arquivos de programas\CyberLink

[24/10/2008|12:48] C:\Arquivos de programas\CyberLink DVD Solution

[06/11/2008|00:28] C:\Arquivos de programas\DVD Decrypter

[06/11/2008|00:23] C:\Arquivos de programas\DVD Shrink

[03/12/2008|15:26] C:\Arquivos de programas\Elifoot

[09/03/2009|13:59] C:\Arquivos de programas\Encoder 2002

[31/01/2009|20:17] C:\Arquivos de programas\EscSoft

[23/10/2008|16:55] C:\Arquivos de programas\Foxit Software

[23/03/2009|20:48] C:\Arquivos de programas\GbPlugin

[17/02/2009|17:46] C:\Arquivos de programas\Google

[20/11/2008|09:36] C:\Arquivos de programas\GPLGS

[03/11/2008|00:24] C:\Arquivos de programas\Hewlett-Packard

[24/10/2008|14:50] C:\Arquivos de programas\honestech

[03/11/2008|00:26] C:\Arquivos de programas\HP

[07/11/2008|11:28] C:\Arquivos de programas\iDump

[11/11/2008|00:04] C:\Arquivos de programas\InstallShield Installation Information

[23/10/2008|15:08] C:\Arquivos de programas\Intel

[12/02/2009|08:48] C:\Arquivos de programas\Internet Explorer

[29/12/2008|07:48] C:\Arquivos de programas\IObit

[03/11/2008|16:05] C:\Arquivos de programas\iPod

[03/11/2008|16:05] C:\Arquivos de programas\iTunes

[19/12/2008|03:23] C:\Arquivos de programas\Java

[24/10/2008|12:58] C:\Arquivos de programas\K-Lite Codec Pack

[09/03/2009|13:59] C:\Arquivos de programas\LimeWire

[09/03/2009|13:59] C:\Arquivos de programas\Messenger

[25/12/2008|20:16] C:\Arquivos de programas\Messenger Plus! Live

[04/03/2009|13:28] C:\Arquivos de programas\Microsoft

[01/03/2009|23:03] C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

[23/10/2008|14:42] C:\Arquivos de programas\microsoft frontpage

[10/03/2009|11:14] C:\Arquivos de programas\Microsoft Office

[01/03/2009|02:37] C:\Arquivos de programas\Microsoft Silverlight

[24/10/2008|07:29] C:\Arquivos de programas\Microsoft Visual Studio

[24/10/2008|07:29] C:\Arquivos de programas\Microsoft Works

[24/10/2008|07:30] C:\Arquivos de programas\Microsoft.NET

[17/11/2008|09:51] C:\Arquivos de programas\Movie Maker

[20/03/2009|05:04] C:\Arquivos de programas\Mozilla Firefox

[14/11/2008|00:45] C:\Arquivos de programas\Mp3tag

[21/11/2008|18:31] C:\Arquivos de programas\MSBuild

[23/10/2008|14:39] C:\Arquivos de programas\MSN Gaming Zone

[04/03/2009|13:28] C:\Arquivos de programas\MSN Messenger

[04/11/2008|11:45] C:\Arquivos de programas\MSXML 4.0

[14/11/2008|10:17] C:\Arquivos de programas\NCH Software

[14/11/2008|10:20] C:\Arquivos de programas\NCH Swift Sound

[17/11/2008|09:48] C:\Arquivos de programas\NetMeeting

[25/10/2008|22:18] C:\Arquivos de programas\Ontrack

[17/11/2008|09:48] C:\Arquivos de programas\Outlook Express

[09/03/2009|13:59] C:\Arquivos de programas\Paul's Blackjack

[30/12/2008|10:11] C:\Arquivos de programas\PDF LIVRE(2)

[24/10/2008|18:20] C:\Arquivos de programas\PhotoFiltre

[24/10/2008|14:13] C:\Arquivos de programas\PlayTV MPEG 8000GT

[10/01/2009|01:24] C:\Arquivos de programas\PokerTH

[23/10/2008|16:56] C:\Arquivos de programas\Prolink

[03/11/2008|16:05] C:\Arquivos de programas\QuickTime

[28/10/2008|22:51] C:\Arquivos de programas\Real

[23/10/2008|15:12] C:\Arquivos de programas\Realtek

[21/11/2008|18:31] C:\Arquivos de programas\Reference Assemblies

[23/10/2008|14:41] C:\Arquivos de programas\Servi‡os on-line

[24/10/2008|07:16] C:\Arquivos de programas\Skype

[10/11/2008|09:18] C:\Arquivos de programas\SomePDF

[19/03/2009|11:19] C:\Arquivos de programas\Sony Ericsson

[28/12/2008|02:50] C:\Arquivos de programas\Spybot - Search & Destroy

[23/10/2008|14:47] C:\Arquivos de programas\Uninstall Information

[09/03/2009|13:59] C:\Arquivos de programas\Video Aula Motorola Outros

[30/12/2008|10:11] C:\Arquivos de programas\VirtualDJ

[28/10/2008|22:56] C:\Arquivos de programas\Winamp

[04/03/2009|13:28] C:\Arquivos de programas\Windows Live

[04/03/2009|13:27] C:\Arquivos de programas\Windows Live SkyDrive

[07/12/2008|23:45] C:\Arquivos de programas\Windows Media Player

[17/11/2008|09:48] C:\Arquivos de programas\Windows NT

[23/10/2008|14:41] C:\Arquivos de programas\WindowsUpdate

[17/01/2009|22:05] C:\Arquivos de programas\WinRAR

[23/10/2008|14:42] C:\Arquivos de programas\xerox

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[24/10/2008|12:48] C:\Arquivos de programas\Arquivos comuns\Ahead

[03/11/2008|16:04] C:\Arquivos de programas\Arquivos comuns\Apple

[25/11/2008|20:36] C:\Arquivos de programas\Arquivos comuns\Corel

[25/11/2008|20:37] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[03/11/2008|00:23] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[03/11/2008|00:26] C:\Arquivos de programas\Arquivos comuns\HP

[25/11/2008|20:32] C:\Arquivos de programas\Arquivos comuns\InstallShield

[24/10/2008|12:52] C:\Arquivos de programas\Arquivos comuns\Java

[10/03/2009|11:15] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[04/11/2008|20:06] C:\Arquivos de programas\Arquivos comuns\Motorola Shared

[23/10/2008|14:40] C:\Arquivos de programas\Arquivos comuns\MSSoap

[23/10/2008|12:35] C:\Arquivos de programas\Arquivos comuns\ODBC

[25/11/2008|20:31] C:\Arquivos de programas\Arquivos comuns\Protexis

[28/10/2008|22:52] C:\Arquivos de programas\Arquivos comuns\Real

[23/10/2008|14:40] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[24/10/2008|07:16] C:\Arquivos de programas\Arquivos comuns\Skype

[23/10/2008|12:35] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[17/11/2008|09:48] C:\Arquivos de programas\Arquivos comuns\System

[25/11/2008|23:46] C:\Arquivos de programas\Arquivos comuns\Windows Live

[28/10/2008|22:52] C:\Arquivos de programas\Arquivos comuns\xing shared

 

--------------------\\ Process

 

( 46 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-24 10:52:27

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 1

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\user\Meus documentos\Northon\cd\joguinhos bobos\Atari\Crackpot.bin

C:\DOCUME~1\user\Meus documentos\Programas\CorelDRAW\CorelDRAW Graphics Suite X3__(ENG_BR)_(with_crack_full_version).zip

C:\DOCUME~1\user\Meus documentos\Programas\CorelDRAW\_CRACK_

C:\DOCUME~1\user\Meus documentos\Programas\CorelDRAW\_CRACK_\!!!___Install Notes___!!!.txt

C:\DOCUME~1\user\Meus documentos\Programas\CorelDRAW\_CRACK_\keygen.exe

C:\DOCUME~1\user\Meus documentos\Programas\CorelDRAW\_CRACK_\Notas de instala‡ao.txt

C:\DOCUME~1\user\Meus documentos\Programas\Imagem\PhotoImpression 5\Crack

C:\DOCUME~1\user\Meus documentos\Programas\Imagem\PhotoImpression 5\Crack\PhotoImpression.exe

C:\DOCUME~1\user\Meus documentos\Programas\Torrents\VSO_ConvertXtoDVD_3.1.3.40+keygen_[mininova].torrent

C:\DOCUME~1\user\Meus documentos\Programas\Torrents\WinAVI_Video_Converter_8.0_+_Working_Keygen_[mininova].torrent

 

 

[F:641][D:10]-> C:\DOCUME~1\user\CONFIG~1\Temp

[F:109][D:0]-> C:\DOCUME~1\user\Cookies

[F:9242][D:18]-> C:\DOCUME~1\user\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - ter 24/03/2009|10:53 - Option : [2]

 

--------------------\\ Verificação completa em 10:53:38

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:55:00, on 24/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\msiexec.exe

C:\Hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{03797358-0E8D-49EC-A35C-4A86A64D3997}: NameServer = 201.10.120.3 201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{03797358-0E8D-49EC-A35C-4A86A64D3997}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

 

--

End of file - 9032 bytes

[DigRam 144]

Boa Tarde! NORTHON

 

<@> Baixe: < FindLop >

<@> Descompacte-o e envie os arquivos,para uma pasta própria: < C:\FindLop.exe >

<@> Mas,não execute-o ainda!

<@> Baixe: < new_uninstall >

<@> Caso o antivírus bloqueie o download,ignore o aviso e permita sua execução.

<@> Se o navegador impedir o download,coloque: < http://lop.com >,como Site Preferencial.

<@> Desabilite as proteções residentes de antivírus e antispywares.

<@> Execute o desinstalador!

<@> Digite os números e,confirme!

<@> Ps: Não sendo possível,executar o desinstalador,siga apenas com o FindLop.

<@> Execute,agora,o findlop.bat.

<@> Será gerado um relatório ( findlop.txt ) no Disco local (C)

<@> Poste: findlop.txt + HijackThis,atualizado.

 

Abraços!

[NORTHON 0]

Boa Tarde! NORTHON

 

<@> Baixe: < FindLop >

<@> Descompacte-o e envie os arquivos,para uma pasta própria: < C:\FindLop.exe >

<@> Mas,não execute-o ainda!

<@> Baixe: < new_uninstall >

<@> Caso o antivírus bloqueie o download,ignore o aviso e permita sua execução.

<@> Se o navegador impedir o download,coloque: < http://lop.com >,como Site Preferencial.

<@> Desabilite as proteções residentes de antivírus e antispywares.

<@> Execute o desinstalador!

<@> Digite os números e,confirme!

<@> Ps: Não sendo possível,executar o desinstalador,siga apenas com o FindLop.

<@> Execute,agora,o findlop.bat.

<@> Será gerado um relatório ( findlop.txt ) no Disco local (C)

<@> Poste: findlop.txt + HijackThis,atualizado.

 

Abraços!

 

 

olá, agora o IE está funcionando normalmente... abraço.

 

 

TRACE] Enumerating jobs and queues

[TRACE] Activating job 'AppleSoftwareUpdate.job'

[TRACE] Printing all job properties

 

ApplicationName: 'C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe'

Parameters: '-task'

WorkingDirectory: ''

Comment: ''

Creator: 'SYSTEM'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 12/16/2008 9:13:00

NextRun: 03/31/2009 9:13:00

StartError: S_OK

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 0

SystemRequired = 0

Hidden = 0

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Weekly

WeeksInterval: 1

DaysOfTheWeek: ..T....

StartDate: 11/03/2008

EndDate: 00/00/0000

StartTime: 09:13

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:35:30, on 25/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\RunOnce: [ GbPluginBb] RunDll32.exe C:\ARQUIV~1\GbPlugin\gbieh.dll,Gbieh

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1202660629-926492609-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Luanny')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{03797358-0E8D-49EC-A35C-4A86A64D3997}: NameServer = 201.10.120.3 201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{03797358-0E8D-49EC-A35C-4A86A64D3997}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

 

--

End of file - 9463 bytes

[DigRam 144]

Boa Tarde! NORTHON

 

<!> Abra o HijackThis --> Clique: Do a system scan only

<!> Marque,abaixo,esta entrada!

 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

 

<!> Clique em Fix checked --> Sim!

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

<!> Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.

<!> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<!> Marque: Desativar Restauração do Sistema --> Aplicar --> Ok.

<!> Depois,desmarque novamente! --> Aplicar --> Ok.

<!> Para maiores detalhes,leia o Tutorial: < Link >

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

<!> O log está limpo! :thumbsup:

<!> Bom trabalho!

 

Abraços!

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.