[Resolvido!] VíRus CiD

[douglasfert 0]

Os Banners com o vírus CiD não são apenas irritantes como também está comprometendo o processamento do pc (creio eu). Aqui está o log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:25:04, on 9/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Hijack\HiJackThis.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [two city internet heck] C:\Documents and Settings\All Users\Dados de aplicativos\does dog two city\time hide.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [symantec NetDriver Warning] C:\ARQUIV~1\SYMNET~1\SNDWarn.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sign Chic] C:\DOCUME~1\DOUGLA~1\DADOSD~1\SECOND~1\drvbias.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe

 

--

End of file - 9117 bytes

 

 

 

Espero por ajuda.

 

Atenciosamente,

 

-douglasfert

[DigRam 144]

Boa Tarde! douglasfert

 

<@> Dê um duplo clique no ícone do Norton,situado ao lado do relógio.

<@> Em Sistema,clique em Auto-Protect.

<@> Desmarque as seguintes opções:

 

< 1 > Ativar Auto-Protect

 

< 2 > Iniciar o Auto-Protect ao iniciar o Windows

 

<@> Ainda em Sistema,clique em Bloqueio de scripts.

<@> Desmarque a opção:

 

< 1 > Ativar bloqueio de scripts

<><><><><><><><><><><>

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena.

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[douglasfert 0]

Obrigado pela resposta:

 

 

Relatório do Lop:

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Sempron 2600+ )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : douglasfert ( Administrator )

BOOT : Normal boot

Antivirus : Norton AntiVirus 2004 (Not Activated)

Firewall : Norton Internet Security 2004 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:50 Go)

D:\ (Local Disk) - NTFS - Total:19 Go (Free:1 Go)

E:\ (Local Disk) - NTFS - Total:11 Go (Free:1 Go)

F:\ (CD or DVD)

G:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( s b 09/05/2009|19:57 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\WINDOWS\Tasks\A791787A91DEEE66.job

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\does dog two city\time hide.dat

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\does dog two city\time hide.exe

Deletado! - C:\DOCUME~1\Thiago\DADOSD~1\second~1\ElseBirdUploadCdrom.exe

Deletado! - C:\DOCUME~1\Thiago\DADOSD~1\second~1\vthnhicg.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\does dog two city

Deletado! - C:\DOCUME~1\DOUGLA~1\DADOSD~1\second~1

Deletado! - C:\DOCUME~1\Thiago\DADOSD~1\second~1

Deletado! - C:\Arquivos de programas\second~1

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[29/04/2009|10:34] C:\DOCUME~1\ALLUSE~1\DADOSD~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[13/04/2009|15:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[13/04/2009|00:40] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

[29/04/2009|10:33] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[11/04/2009|21:59] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Corel

[27/04/2009|10:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DAEMON Tools Lite

[12/04/2009|12:28] C:\DOCUME~1\ALLUSE~1\DADOSD~1\FLEXnet

[13/04/2009|22:55] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[07/04/2009|22:59] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[07/04/2009|16:03] C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee

[08/04/2009|23:34] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[29/04/2009|10:44] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[10/04/2009|18:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[08/04/2009|16:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

[27/04/2009|14:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com

[07/04/2009|16:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

 

[07/04/2009|15:31] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[27/04/2009|15:18] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Adobe

[08/04/2009|12:25] C:\DOCUME~1\DOUGLA~1\DADOSD~1\AdobeUM

[10/04/2009|21:54] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Ahead

[24/04/2009|15:28] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Any Video Converter

[30/04/2009|17:09] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Apple Computer

[11/04/2009|21:59] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Corel

[27/04/2009|10:25] C:\DOCUME~1\DOUGLA~1\DADOSD~1\DAEMON Tools Lite

[12/04/2009|13:18] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Desktopicon

[08/04/2009|11:26] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Google

[07/04/2009|16:00] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Identities

[08/05/2009|15:13] C:\DOCUME~1\DOUGLA~1\DADOSD~1\LimeWire

[08/04/2009|10:27] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Macromedia

[09/04/2009|11:25] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Media Player Classic

[05/05/2009|14:40] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Microsoft

[08/04/2009|11:15] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Mozilla

[10/04/2009|18:12] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Nero

[10/04/2009|18:17] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Real

[29/04/2009|10:57] C:\DOCUME~1\DOUGLA~1\DADOSD~1\SharePod

[25/04/2009|17:26] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Sun

[27/04/2009|14:00] C:\DOCUME~1\DOUGLA~1\DADOSD~1\SUPERAntiSpyware.com

[07/04/2009|16:11] C:\DOCUME~1\DOUGLA~1\DADOSD~1\Symantec

[10/04/2009|21:34] C:\DOCUME~1\DOUGLA~1\DADOSD~1\WinRAR

 

[07/04/2009|15:36] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[07/04/2009|15:36] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

[25/04/2009|11:17] C:\DOCUME~1\Thiago\DADOSD~1\Adobe

[07/04/2009|23:58] C:\DOCUME~1\Thiago\DADOSD~1\Google

[07/04/2009|22:29] C:\DOCUME~1\Thiago\DADOSD~1\Identities

[07/04/2009|22:58] C:\DOCUME~1\Thiago\DADOSD~1\Macromedia

[07/04/2009|23:28] C:\DOCUME~1\Thiago\DADOSD~1\Microsoft

[08/04/2009|23:36] C:\DOCUME~1\Thiago\DADOSD~1\Mozilla

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[06/05/2009 15:44][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[17/04/2009 22:15][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - douglasfert.job

[09/05/2009 19:43][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job

[09/05/2009 19:42][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 15:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[13/04/2009|19:47] C:\Arquivos de programas\Adobe

[10/04/2009|19:00] C:\Arquivos de programas\Ahead

[29/04/2009|10:22] C:\Arquivos de programas\Aimersoft

[29/04/2009|10:34] C:\Arquivos de programas\Any Video Converter

[13/04/2009|00:40] C:\Arquivos de programas\Apple Software Update

[09/05/2009|15:08] C:\Arquivos de programas\Arquivos comuns

[07/04/2009|16:13] C:\Arquivos de programas\AvRack

[21/04/2009|22:39] C:\Arquivos de programas\Beneton Movie GIF

[29/04/2009|10:33] C:\Arquivos de programas\Bonjour

[10/04/2009|21:11] C:\Arquivos de programas\Circle Developemet

[07/04/2009|15:27] C:\Arquivos de programas\ComPlus Applications

[11/04/2009|21:48] C:\Arquivos de programas\Corel

[27/04/2009|10:23] C:\Arquivos de programas\DAEMON Tools Lite

[27/04/2009|10:23] C:\Arquivos de programas\DAEMON Tools Toolbar

[08/04/2009|23:33] C:\Arquivos de programas\GbPlugin

[07/04/2009|23:17] C:\Arquivos de programas\Google

[29/04/2009|10:49] C:\Arquivos de programas\ImTOO

[09/05/2009|15:08] C:\Arquivos de programas\InstallShield Installation Information

[10/04/2009|18:43] C:\Arquivos de programas\Internet Explorer

[29/04/2009|10:33] C:\Arquivos de programas\iPod

[29/04/2009|10:34] C:\Arquivos de programas\iTunes

[25/04/2009|17:29] C:\Arquivos de programas\Java

[29/04/2009|10:25] C:\Arquivos de programas\Keronsoft

[08/04/2009|16:27] C:\Arquivos de programas\K-Lite Codec Pack

[08/05/2009|15:10] C:\Arquivos de programas\LimeWire

[25/04/2009|17:44] C:\Arquivos de programas\MegaJogos

[08/04/2009|11:10] C:\Arquivos de programas\Messenger

[08/04/2009|00:58] C:\Arquivos de programas\Messenger Plus! Live

[07/04/2009|23:26] C:\Arquivos de programas\Microsoft

[07/04/2009|15:32] C:\Arquivos de programas\microsoft frontpage

[27/04/2009|10:31] C:\Arquivos de programas\Microsoft Office

[27/04/2009|10:29] C:\Arquivos de programas\Microsoft.NET

[08/04/2009|10:55] C:\Arquivos de programas\Movie Maker

[09/05/2009|19:43] C:\Arquivos de programas\Mozilla Firefox

[10/04/2009|18:52] C:\Arquivos de programas\MSBuild

[07/04/2009|15:27] C:\Arquivos de programas\MSN Gaming Zone

[10/04/2009|21:45] C:\Arquivos de programas\Nero

[08/04/2009|10:50] C:\Arquivos de programas\NetMeeting

[07/04/2009|16:15] C:\Arquivos de programas\Norton Internet Security

[08/04/2009|10:50] C:\Arquivos de programas\Outlook Express

[13/04/2009|00:41] C:\Arquivos de programas\QuickTime

[07/04/2009|16:13] C:\Arquivos de programas\Realtek Sound Manager

[10/04/2009|18:47] C:\Arquivos de programas\Reference Assemblies

[07/04/2009|15:30] C:\Arquivos de programas\Servi‡os on-line

[27/04/2009|14:01] C:\Arquivos de programas\SUPERAntiSpyware

[07/04/2009|16:15] C:\Arquivos de programas\Symantec

[07/04/2009|16:46] C:\Arquivos de programas\SymNetDrv

[07/04/2009|16:00] C:\Arquivos de programas\Uninstall Information

[08/05/2009|17:34] C:\Arquivos de programas\Unlocker

[08/04/2009|16:25] C:\Arquivos de programas\WinAVI Video Converter

[07/04/2009|23:27] C:\Arquivos de programas\Windows Live

[07/04/2009|23:26] C:\Arquivos de programas\Windows Live SkyDrive

[08/04/2009|10:56] C:\Arquivos de programas\Windows Media Player

[08/04/2009|10:50] C:\Arquivos de programas\Windows NT

[07/04/2009|15:30] C:\Arquivos de programas\WindowsUpdate

[07/04/2009|16:16] C:\Arquivos de programas\WinFast

[08/04/2009|11:14] C:\Arquivos de programas\WinRAR

[07/04/2009|15:32] C:\Arquivos de programas\xerox

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[12/04/2009|12:25] C:\Arquivos de programas\Arquivos comuns\Adobe

[10/04/2009|21:51] C:\Arquivos de programas\Arquivos comuns\Ahead

[29/04/2009|10:33] C:\Arquivos de programas\Arquivos comuns\Apple

[11/04/2009|21:50] C:\Arquivos de programas\Arquivos comuns\Corel

[27/04/2009|10:31] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[09/05/2009|15:08] C:\Arquivos de programas\Arquivos comuns\Futuremark Shared

[10/04/2009|19:00] C:\Arquivos de programas\Arquivos comuns\InstallShield

[12/04/2009|12:17] C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

[27/04/2009|14:25] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[07/04/2009|15:29] C:\Arquivos de programas\Arquivos comuns\MSSoap

[10/04/2009|18:54] C:\Arquivos de programas\Arquivos comuns\Nero

[07/04/2009|12:22] C:\Arquivos de programas\Arquivos comuns\ODBC

[11/04/2009|21:57] C:\Arquivos de programas\Arquivos comuns\Protexis

[07/04/2009|15:29] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[07/04/2009|12:22] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[09/05/2009|15:09] C:\Arquivos de programas\Arquivos comuns\Symantec Shared

[27/04/2009|10:30] C:\Arquivos de programas\Arquivos comuns\System

[07/04/2009|23:19] C:\Arquivos de programas\Arquivos comuns\Windows Live

[27/04/2009|13:59] C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

 

--------------------\\ Process

 

( 31 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-09 19:59:51

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:6954][D:303]-> C:\DOCUME~1\DOUGLA~1\CONFIG~1\Temp

[F:66][D:0]-> C:\DOCUME~1\DOUGLA~1\Cookies

[F:4729][D:8]-> C:\DOCUME~1\DOUGLA~1\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - s b 09/05/2009|20:01 - Option : [2]

 

--------------------\\ Verificação completa em 20:01:01

 

 

 

Log do Hjack:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:03:41, on 9/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [symantec NetDriver Warning] C:\ARQUIV~1\SYMNET~1\SNDWarn.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe

 

--

End of file - 8813 bytes

[DigRam 144]

Boa Noite! douglasfert

 

<@> Baixe: < FindLop >

<@> Descompacte-o e envie os arquivos,para uma pasta própria: < C:\FindLop.exe >

<@> Mas,não execute-o ainda!

<@> Baixe: < new_uninstall >

<@> Caso o antivírus bloqueie o download,ignore o aviso e permita sua execução.

<@> Se o navegador impedir o download,coloque: < http://lop.com >,como Site Preferencial.

<@> Desabilite as proteções residentes de antivírus e antispywares.

<@> Execute o desinstalador!

<@> Digite os números e,confirme!

<@> Ps: Não sendo possível,executar o desinstalador,siga apenas com o FindLop.

<@> Execute,agora,o findlop.bat.

<@> Será gerado um relatório ( findlop.txt ) no Disco local (C)

<@> Poste: findlop.txt + HijackThis,atualizado.

 

Abraços!

[douglasfert 0]

Boa Noiite!

 

Findlop:

 

[TRACE] Enumerating jobs and queues

[TRACE] Activating job 'AppleSoftwareUpdate.job'

[TRACE] Printing all job properties

 

ApplicationName: 'C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe'

Parameters: '-task'

WorkingDirectory: ''

Comment: ''

Creator: 'SYSTEM'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 05/06/2009 15:44:00

NextRun: 05/13/2009 15:44:00

StartError: S_OK

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 0

SystemRequired = 0

Hidden = 0

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Weekly

WeeksInterval: 1

DaysOfTheWeek: ...W...

StartDate: 04/13/2009

EndDate: 00/00/0000

StartTime: 15:44

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

[TRACE] Activating job 'Norton AntiVirus - Scan my computer - douglasfert.job'

[TRACE] Printing all job properties

 

ApplicationName: 'C:\ARQUIV~1\NORTON~1\NORTON~1\NAVW32.EXE'

Parameters: '/task:"C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'

WorkingDirectory: ''

Comment: 'This is a schedule scan task from Norton AntiVirus.'

Creator: 'douglasfert'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 04/17/2009 20:00:00

NextRun: 05/15/2009 20:00:00

StartError: S_OK

ExitCode: 0x1

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 0

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Weekly

WeeksInterval: 1

DaysOfTheWeek: .....F.

StartDate: 04/07/2009

EndDate: 00/00/0000

StartTime: 20:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

[TRACE] Activating job 'Symantec NetDetect.job'

[TRACE] Printing all job properties

 

ApplicationName: 'C:\Arquivos de programas\Symantec\LiveUpdate\NDETECT.EXE'

Parameters: ''

WorkingDirectory: 'C:\Arquivos de programas\Symantec\LiveUpdate'

Comment: 'Symantec NetDetect'

Creator: 'douglasfert'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 05/09/2009 19:42:19

NextRun: 05/09/2009 23:43:00

StartError: S_OK

ExitCode: 0x65

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 0

TaskFlags: 0

 

2 Triggers

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 05/09/2009

EndDate: 00/00/0000

StartTime: 23:43

MinutesDuration: 1440

MinutesInterval: 5

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Trigger 1:

Type: AtLogon

StartDate: 04/07/2009

EndDate: 00/00/0000

StartTime: 16:20

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

 

HiJack:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:26:50, on 9/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [symantec NetDriver Warning] C:\ARQUIV~1\SYMNET~1\SNDWarn.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe

 

--

End of file - 8846 bytes

[DigRam 144]

Boa Noite! douglasfert

 

<!> Habilite,novamente,a proteção residente do Norton.

<><><><><><><><><>

<@> Estando tudo Ok,crie um ponto limpo na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><>

<!> O log está limpo! :thumbsup:

<!> CiD,ainda,lhe incomoda?

 

Abraços!

[douglasfert 0]

Por enquanto parece que me livrei desta praga do CID!

 

MUITO Obrigado pelas instruções!

 

O meu Log está limpo apenas do CiD ou também de outras possíveis pragas da máquina?

[DigRam 144]

Por enquanto parece que me livrei desta praga do CID!

 

MUITO Obrigado pelas instruções!

 

O meu Log está limpo apenas do CiD ou também de outras possíveis pragas da máquina?

<><><><><><><><>

Opa! douglasfert

 

<!> O log do HijackThis é limitado,para determinados tipos de malwares. Para um maior aprofundamento,na busca por infecções,terás que executar escaneamento online.

<!> O computador apresenta algum sintoma,que indique infecções?

 

Abraços!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.