Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

wyccka

[Arquivado] Meu pc esta com Virus CiD

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

wyccka    0

wyccka
Postado

Ola, por favor alguem pode me audar.

Desde ja, obrigada.

Wyccka.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:17:40, on 29/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Windows\System32\svchosts.exe

C:\Windows\System32\svchosts.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Documents and Settings\Geralda\Meus documentos\Downloads\HiJackThis.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supervideoloteria.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (file missing)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [] C:\Windows\System32\svchosts.exe

O4 - HKLM\..\Run: [svchosts] C:\Windows\System32\svchosts.exe

O4 - HKLM\..\Run: [CAMP SHIM EXIT HECK] C:\Documents and Settings\All Users\Dados de aplicativos\That Face Camp Shim\Road Build.exe

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.gamedesire.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://cached.gamedesire.com/g_bin/eng/solitaire_2_0_0_28.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers.net/erv2/vagas/activex/smsx.cab

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://cached.gamedesire.com/g_bin/eng/roulette_2_0_0_27.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://cached.gamedesire.com/g_bin/eng/boards_2_0_0_35.cab

O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://cached.gamedesire.com/g_bin/eng/slots90_2_0_0_35.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://cached.gamedesire.com/g_bin/eng/navy_2_0_0_29.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?AuthParam=1241417198_256205db8a11c83294bc128d0ef1107b&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab&File=jinstall-6u13-windows-i586-jc.cab&BHost=javadl.sun.com

O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://cached.gamedesire.com/g_bin/eng/hunter_2_0_0_27.cab

O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamedesire.com/g_bin/eng/marbles_2_0_0_32.cab

O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://cached.gamedesire.com/g_bin/eng/breakout_2_0_0_29.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://cached.gamedesire.com/g_bin/eng/words_2_0_0_51.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://cached.gamedesire.com/g_bin/eng/wordssingle_2_0_0_48.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://cached.gamedesire.com/g_bin/eng/mahjong_2_0_0_31.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A28F79-242D-4820-8CC3-94F7A26E8AC1}: NameServer = 200.204.0.138,200.204.0.10

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O20 - Winlogon Notify: GbPluginUni - C:\WINDOWS\Downloaded Program Files\gbiehUni.dll (file missing)

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate1c9df40d91beada) (gupdate1c9df40d91beada) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 15362 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Olá wyccka! Faça o download do Lop S&D:

http://eric.71.mespages.googlepages.com/LopSD.exe

 

Para instalá-lo, na primeira tela escolha a opção "Je suis d'accord avec..." e clique em Suivant, depois em Quitter.

 

Dê um duplo clique no Lop S&D, pressione "P", digite 2 e pressione "enter".

 

Poste o log aqui, juntamente com um novo log do HijackThis.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wyccka    0

wyccka
Postado

Ola, obrigada por responder tão rapido.

segue o log:

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Processador Intel Pentium II )

BIOS : Default System BIOS

USER : Geralda ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090729-0] 4.8.1335 (Activated)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:57 Go)

D:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( qua 29/07/2009|18:16 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\That Face Camp Shim\Road Build.dat

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\That Face Camp Shim\Road Build.exe

Deletado! - C:\Arquivos de programas\Orbitdownloader\addons

Deletado! - C:\Arquivos de programas\Orbitdownloader\banurl.ini

Deletado! - C:\Arquivos de programas\Orbitdownloader\changelog.txt

Falha ! - C:\Arquivos de programas\Orbitdownloader\download.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\Grab.exe

Deletado! - C:\Arquivos de programas\Orbitdownloader\GrabDll.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\GrabKernel.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

Falha ! - C:\Arquivos de programas\Orbitdownloader\idht.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\Lang.ini

Deletado! - C:\Arquivos de programas\Orbitdownloader\language

Deletado! - C:\Arquivos de programas\Orbitdownloader\libeay32.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

Deletado! - C:\Arquivos de programas\Orbitdownloader\saction.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\siteinfo.ini

Deletado! - C:\Arquivos de programas\Orbitdownloader\ssleay32.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\unins000.dat

Deletado! - C:\Arquivos de programas\Orbitdownloader\unins000.exe

Deletado! - C:\Arquivos de programas\Orbitdownloader\update

Deletado! - C:\Arquivos de programas\Orbitdownloader\winfile.dll

Deletado! - C:\DOCUME~1\Geralda\Cookies\geralda@ads.adserver5[2].txt

Deletado! - C:\DOCUME~1\Geralda\Cookies\geralda@ads.adserver5[3].txt

Deletado! - C:\DOCUME~1\Geralda\Cookies\geralda@adserver5[1].txt

Deletado! - C:\DOCUME~1\Geralda\Cookies\geralda@www.adserver5[2].txt

Deletado! - C:\DOCUME~1\Geralda\Cookies\geralda@advertising.marketnetwork[1].txt

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\That Face Camp Shim

Deletado! - C:\Arquivos de programas\Orbitdownloader

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[16/03/2009|22:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[08/12/2008|17:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

[03/04/2009|04:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

[10/05/2009|11:48] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ArcSoft

[20/03/2009|16:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\AVS4YOU

[21/12/2008|14:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[21/05/2009|20:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[30/06/2009|15:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[18/02/2009|11:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[10/05/2009|11:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kodak

[13/07/2009|01:45] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[28/05/2009|19:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[08/12/2008|17:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[07/06/2009|17:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NitroPC

[25/06/2009|04:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

[11/05/2009|19:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\SweetIM

[27/07/2009|14:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[08/12/2008|18:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[09/12/2008|07:48] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

[08/12/2008|17:06] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[21/12/2008|15:14] C:\DOCUME~1\Geralda\DADOSD~1\Adobe

[01/03/2009|15:19] C:\DOCUME~1\Geralda\DADOSD~1\AdobeAUM

[21/12/2008|15:14] C:\DOCUME~1\Geralda\DADOSD~1\AdobeUM

[21/12/2008|14:24] C:\DOCUME~1\Geralda\DADOSD~1\Ahead

[11/05/2009|19:56] C:\DOCUME~1\Geralda\DADOSD~1\ArcSoft

[20/03/2009|16:02] C:\DOCUME~1\Geralda\DADOSD~1\AVS4YOU

[18/06/2009|21:28] C:\DOCUME~1\Geralda\DADOSD~1\Bandoo

[18/04/2009|17:18] C:\DOCUME~1\Geralda\DADOSD~1\Canon

[21/12/2008|14:27] C:\DOCUME~1\Geralda\DADOSD~1\CyberLink

[12/05/2009|01:40] C:\DOCUME~1\Geralda\DADOSD~1\Desktopicon

[04/07/2009|00:09] C:\DOCUME~1\Geralda\DADOSD~1\Docx2Rtf

[17/03/2009|03:34] C:\DOCUME~1\Geralda\DADOSD~1\Download Manager

[15/03/2009|19:15] C:\DOCUME~1\Geralda\DADOSD~1\FastStone

[08/07/2009|21:57] C:\DOCUME~1\Geralda\DADOSD~1\GanymedeNet

[18/02/2009|11:08] C:\DOCUME~1\Geralda\DADOSD~1\Google

[17/03/2009|03:12] C:\DOCUME~1\Geralda\DADOSD~1\GrabPro

[15/01/2009|16:34] C:\DOCUME~1\Geralda\DADOSD~1\Help

[08/12/2008|17:12] C:\DOCUME~1\Geralda\DADOSD~1\Identities

[18/05/2009|20:35] C:\DOCUME~1\Geralda\DADOSD~1\KodakCredentialStore

[17/03/2009|01:32] C:\DOCUME~1\Geralda\DADOSD~1\KompoZer

[30/12/2008|20:29] C:\DOCUME~1\Geralda\DADOSD~1\Leadertech

[08/12/2008|17:58] C:\DOCUME~1\Geralda\DADOSD~1\Macromedia

[16/05/2009|22:54] C:\DOCUME~1\Geralda\DADOSD~1\Megaupload

[29/05/2009|20:40] C:\DOCUME~1\Geralda\DADOSD~1\Microsoft

[14/07/2009|18:30] C:\DOCUME~1\Geralda\DADOSD~1\Mozilla

[14/07/2009|20:00] C:\DOCUME~1\Geralda\DADOSD~1\Mp3 Love

[14/12/2008|16:53] C:\DOCUME~1\Geralda\DADOSD~1\Netscape

[17/03/2009|02:00] C:\DOCUME~1\Geralda\DADOSD~1\Nvu

[03/07/2009|23:57] C:\DOCUME~1\Geralda\DADOSD~1\NwDocx

[29/07/2009|18:15] C:\DOCUME~1\Geralda\DADOSD~1\Orbit

[14/12/2008|18:16] C:\DOCUME~1\Geralda\DADOSD~1\Reallusion

[10/05/2009|12:16] C:\DOCUME~1\Geralda\DADOSD~1\Skinux

[10/07/2009|16:16] C:\DOCUME~1\Geralda\DADOSD~1\Skype

[10/07/2009|16:06] C:\DOCUME~1\Geralda\DADOSD~1\skypePM

[04/05/2009|03:04] C:\DOCUME~1\Geralda\DADOSD~1\Sun

[10/12/2008|15:54] C:\DOCUME~1\Geralda\DADOSD~1\Teleca

[12/05/2009|01:40] C:\DOCUME~1\Geralda\DADOSD~1\Toolbars

[03/04/2009|03:08] C:\DOCUME~1\Geralda\DADOSD~1\VTExtra

[14/05/2009|01:35] C:\DOCUME~1\Geralda\DADOSD~1\WinRAR

 

[21/12/2008|14:29] C:\DOCUME~1\LOCALS~1\DADOSD~1\CyberLink

[18/05/2009|19:38] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[18/05/2009|19:38] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[29/07/2009 18:01][--a------] C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[29/07/2009 18:00][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[29/07/2009 14:01][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[29/07/2009 17:26][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1547161642-1417001333-1003UA.job

[29/07/2009 17:26][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1547161642-1417001333-1003Core.job

[15/07/2009 22:26][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[29/07/2009 17:49][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{EFE216E9-715B-4DD1-8844-AE0C027DB14E}.job

[29/07/2009 14:01][--ah-----] C:\WINDOWS\tasks\SA.DAT

[14/04/2008 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[10/12/2008|15:43] C:\Arquivos de programas\Adobe

[09/12/2008|07:59] C:\Arquivos de programas\Alwil Software

[03/04/2009|04:16] C:\Arquivos de programas\Apple Software Update

[12/07/2009|16:50] C:\Arquivos de programas\Arquivos comuns

[09/07/2009|19:46] C:\Arquivos de programas\Ask.com

[20/06/2009|01:11] C:\Arquivos de programas\Bandoo

[15/12/2008|14:31] C:\Arquivos de programas\Caere

[15/12/2008|14:33] C:\Arquivos de programas\Canon

[11/07/2009|01:44] C:\Arquivos de programas\Cine Turbo

[08/12/2008|17:38] C:\Arquivos de programas\CyberLink

[11/05/2009|20:40] C:\Arquivos de programas\DVDVideoSoft

[20/03/2009|16:33] C:\Arquivos de programas\FormatFactory

[30/06/2009|22:45] C:\Arquivos de programas\GbPlugin

[17/07/2009|21:02] C:\Arquivos de programas\Google

[29/06/2009|13:18] C:\Arquivos de programas\InstallShield Installation Information

[08/12/2008|17:50] C:\Arquivos de programas\Intel

[14/07/2009|22:00] C:\Arquivos de programas\Internet Explorer

[04/05/2009|03:10] C:\Arquivos de programas\Java

[10/05/2009|11:46] C:\Arquivos de programas\Kodak

[13/07/2009|00:15] C:\Arquivos de programas\Messenger Plus! Live

[12/02/2009|16:55] C:\Arquivos de programas\Microsoft

[08/12/2008|17:06] C:\Arquivos de programas\microsoft frontpage

[08/12/2008|17:23] C:\Arquivos de programas\Microsoft Office

[12/02/2009|16:55] C:\Arquivos de programas\Microsoft Office Outlook Connector

[02/05/2009|02:06] C:\Arquivos de programas\Microsoft Silverlight

[12/02/2009|16:49] C:\Arquivos de programas\Microsoft SQL Server Compact Edition

[12/02/2009|16:50] C:\Arquivos de programas\Microsoft Sync Framework

[29/05/2009|20:37] C:\Arquivos de programas\Microsoft Virtual PC

[08/12/2008|17:23] C:\Arquivos de programas\Microsoft Works

[08/12/2008|17:24] C:\Arquivos de programas\Microsoft.NET

[08/12/2008|17:51] C:\Arquivos de programas\Motorola

[08/12/2008|17:04] C:\Arquivos de programas\Movie Maker

[11/07/2009|17:05] C:\Arquivos de programas\Mp3 Love

[16/05/2009|02:10] C:\Arquivos de programas\MSECache

[08/12/2008|17:02] C:\Arquivos de programas\MSN Gaming Zone

[25/06/2009|23:46] C:\Arquivos de programas\MSNFans Live Winks

[08/12/2008|17:30] C:\Arquivos de programas\Nero

[08/12/2008|17:04] C:\Arquivos de programas\NetMeeting

[07/06/2009|17:04] C:\Arquivos de programas\NitroPC

[08/12/2008|17:04] C:\Arquivos de programas\Outlook Express

[11/05/2009|19:33] C:\Arquivos de programas\Pinnacle

[12/05/2009|23:18] C:\Arquivos de programas\Programas RFB

[08/12/2008|17:04] C:\Arquivos de programas\Servi‡os on-line

[25/06/2009|04:32] C:\Arquivos de programas\Skype

[08/12/2008|17:11] C:\Arquivos de programas\Uninstall Information

[14/07/2009|18:07] C:\Arquivos de programas\Utherverse Digital Inc

[16/05/2009|02:11] C:\Arquivos de programas\Windows Installer Clean Up

[18/02/2009|02:43] C:\Arquivos de programas\Windows Live

[12/02/2009|16:47] C:\Arquivos de programas\Windows Live SkyDrive

[08/12/2008|18:11] C:\Arquivos de programas\Windows Media Connect 2

[08/12/2008|18:11] C:\Arquivos de programas\Windows Media Player

[08/12/2008|17:02] C:\Arquivos de programas\Windows NT

[08/12/2008|17:04] C:\Arquivos de programas\WindowsUpdate

[14/05/2009|01:35] C:\Arquivos de programas\WinRAR

[08/12/2008|17:06] C:\Arquivos de programas\xerox

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[16/03/2009|22:22] C:\Arquivos de programas\Arquivos comuns\Adobe

[08/12/2008|17:32] C:\Arquivos de programas\Arquivos comuns\Ahead

[15/12/2008|14:32] C:\Arquivos de programas\Arquivos comuns\Caere

[08/12/2008|17:23] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[11/05/2009|20:40] C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

[29/06/2009|02:12] C:\Arquivos de programas\Arquivos comuns\InstallShield

[10/05/2009|11:45] C:\Arquivos de programas\Arquivos comuns\Kodak

[20/03/2009|16:00] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[02/05/2009|00:45] C:\Arquivos de programas\Arquivos comuns\Motorola Shared

[08/12/2008|17:04] C:\Arquivos de programas\Arquivos comuns\MSSoap

[08/12/2008|14:57] C:\Arquivos de programas\Arquivos comuns\ODBC

[14/12/2008|18:15] C:\Arquivos de programas\Arquivos comuns\Reallusion

[08/12/2008|17:04] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[25/06/2009|04:32] C:\Arquivos de programas\Arquivos comuns\Skype

[08/12/2008|14:57] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[12/02/2009|16:55] C:\Arquivos de programas\Arquivos comuns\System

[24/05/2009|19:36] C:\Arquivos de programas\Arquivos comuns\Teleca Shared

[25/01/2009|13:10] C:\Arquivos de programas\Arquivos comuns\Windows Live

[09/12/2008|07:56] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

 

--------------------\\ Process

 

( 44 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-29 18:18:40

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\Geralda\Meus documentos\Jogos\JG Sega\BMP\CRACK.BMP

C:\DOCUME~1\Geralda\Meus documentos\Jogos\JG Sega\ROM\CRACK.SMD

 

 

[F:453][D:41]-> C:\DOCUME~1\Geralda\CONFIG~1\Temp

[F:172][D:0]-> C:\DOCUME~1\Geralda\Cookies

[F:11335][D:44]-> C:\DOCUME~1\Geralda\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - qua 29/07/2009|18:21 - Option : [2]

 

--------------------\\ Verificação completa em 18:21:44

 

 

Log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:24:51, on 29/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Windows\System32\svchosts.exe

C:\Windows\System32\svchosts.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Documents and Settings\Geralda\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Geralda\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supervideoloteria.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (file missing)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll (file missing)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [] C:\Windows\System32\svchosts.exe

O4 - HKLM\..\Run: [svchosts] C:\Windows\System32\svchosts.exe

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.gamedesire.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://cached.gamedesire.com/g_bin/eng/solitaire_2_0_0_28.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers.net/erv2/vagas/activex/smsx.cab

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://cached.gamedesire.com/g_bin/eng/roulette_2_0_0_27.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://cached.gamedesire.com/g_bin/eng/boards_2_0_0_35.cab

O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://cached.gamedesire.com/g_bin/eng/slots90_2_0_0_35.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://cached.gamedesire.com/g_bin/eng/navy_2_0_0_29.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?AuthParam=1241417198_256205db8a11c83294bc128d0ef1107b&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab&File=jinstall-6u13-windows-i586-jc.cab&BHost=javadl.sun.com

O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://cached.gamedesire.com/g_bin/eng/hunter_2_0_0_27.cab

O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamedesire.com/g_bin/eng/marbles_2_0_0_32.cab

O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://cached.gamedesire.com/g_bin/eng/breakout_2_0_0_29.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://cached.gamedesire.com/g_bin/eng/words_2_0_0_51.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://cached.gamedesire.com/g_bin/eng/wordssingle_2_0_0_48.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://cached.gamedesire.com/g_bin/eng/mahjong_2_0_0_31.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A28F79-242D-4820-8CC3-94F7A26E8AC1}: NameServer = 200.204.0.138,200.204.0.10

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O20 - Winlogon Notify: GbPluginUni - C:\WINDOWS\Downloaded Program Files\gbiehUni.dll (file missing)

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate1c9df40d91beada) (gupdate1c9df40d91beada) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 15165 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

wyccka    0

wyccka
Postado

Ola Sam Spade, obrigada por me ajudar, parece que funcionou, não tem mais janelas chatas pulando na minha tela.

Agradeço a atenção.

Bjos.

Wyccka.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wyccka    0

wyccka
Postado

Ola Amigo Sam Spade,

Meu pc esta muito lento e agora começou a desligar sozinho, tem uma janela que ta aparecendo toda vez que eu ligo o pc, pedindo para reiniciar, e eu entrei no site do itau e apareceu uma janelinha de acesso direto na minha area de trabalho, ele estava com o virus CiD, mas ja fiz tudo o que me ensinaram e o CiD parou, mas parece que meu pc ficou pior do que tava.

Desde ja agradeço.

 

Segue log HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:23:41, on 5/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Windows\System32\svchosts.exe

C:\Windows\System32\svchosts.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Geralda\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supervideoloteria.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (file missing)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [] C:\Windows\System32\svchosts.exe

O4 - HKLM\..\Run: [svchosts] C:\Windows\System32\svchosts.exe

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.gamedesire.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.appl...ex/qtplugin.cab

O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://cached.gamede...re_2_0_0_28.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers....ctivex/smsx.cab

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://cached.gamede...te_2_0_0_27.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://cached.gamede...ds_2_0_0_35.cab

O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://cached.gamede...90_2_0_0_35.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://cached.gamede...vy_2_0_0_29.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....=javadl.sun.com

O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://cached.gamede...er_2_0_0_27.cab

O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamede...es_2_0_0_32.cab

O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://cached.gamede...ut_2_0_0_29.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://cached.gamede...ds_2_0_0_51.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://cached.gamede...le_2_0_0_48.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://cached.gamede...ng_2_0_0_31.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A28F79-242D-4820-8CC3-94F7A26E8AC1}: NameServer = 200.204.0.138,200.204.0.10

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O20 - Winlogon Notify: GbPluginUni - C:\WINDOWS\Downloaded Program Files\gbiehUni.dll (file missing)

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate1c9df40d91beada) (gupdate1c9df40d91beada) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 14918 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Olá, foi difícil conciliar o tempo, vamos ver esta infecção que ainda está no log e que não tem nada a ver com o CID (Lop).

 

Baixe o Malwarebytes' Anti-Malware (MBAM) neste link ou neste aqui.

 

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

 

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito