wyccka 0 Denunciar post Postado Julho 29, 2009 Ola, por favor alguem pode me audar. Desde ja, obrigada. Wyccka. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:17:40, on 29/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Windows\System32\svchosts.exe C:\Windows\System32\svchosts.exe C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\Documents and Settings\Geralda\Meus documentos\Downloads\HiJackThis.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supervideoloteria.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing) O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (file missing) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file) O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [] C:\Windows\System32\svchosts.exe O4 - HKLM\..\Run: [svchosts] C:\Windows\System32\svchosts.exe O4 - HKLM\..\Run: [CAMP SHIM EXIT HECK] C:\Documents and Settings\All Users\Dados de aplicativos\That Face Camp Shim\Road Build.exe O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.gamedesire.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://cached.gamedesire.com/g_bin/eng/solitaire_2_0_0_28.cab O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers.net/erv2/vagas/activex/smsx.cab O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://cached.gamedesire.com/g_bin/eng/roulette_2_0_0_27.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://cached.gamedesire.com/g_bin/eng/boards_2_0_0_35.cab O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://cached.gamedesire.com/g_bin/eng/slots90_2_0_0_35.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://cached.gamedesire.com/g_bin/eng/navy_2_0_0_29.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?AuthParam=1241417198_256205db8a11c83294bc128d0ef1107b&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab&File=jinstall-6u13-windows-i586-jc.cab&BHost=javadl.sun.com O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://cached.gamedesire.com/g_bin/eng/hunter_2_0_0_27.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamedesire.com/g_bin/eng/marbles_2_0_0_32.cab O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://cached.gamedesire.com/g_bin/eng/breakout_2_0_0_29.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://cached.gamedesire.com/g_bin/eng/words_2_0_0_51.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://cached.gamedesire.com/g_bin/eng/wordssingle_2_0_0_48.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://cached.gamedesire.com/g_bin/eng/mahjong_2_0_0_31.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A28F79-242D-4820-8CC3-94F7A26E8AC1}: NameServer = 200.204.0.138,200.204.0.10 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing) O20 - Winlogon Notify: GbPluginUni - C:\WINDOWS\Downloaded Program Files\gbiehUni.dll (file missing) O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing) O23 - Service: Google Update Service (gupdate1c9df40d91beada) (gupdate1c9df40d91beada) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe -- End of file - 15362 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Julho 29, 2009 Olá wyccka! Faça o download do Lop S&D: http://eric.71.mespages.googlepages.com/LopSD.exe Para instalá-lo, na primeira tela escolha a opção "Je suis d'accord avec..." e clique em Suivant, depois em Quitter. Dê um duplo clique no Lop S&D, pressione "P", digite 2 e pressione "enter". Poste o log aqui, juntamente com um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
wyccka 0 Denunciar post Postado Julho 29, 2009 Ola, obrigada por responder tão rapido. segue o log: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Processador Intel Pentium II ) BIOS : Default System BIOS USER : Geralda ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1335 [VPS 090729-0] 4.8.1335 (Activated) C:\ (Local Disk) - NTFS - Total:74 Go (Free:57 Go) D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( qua 29/07/2009|18:16 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\That Face Camp Shim\Road Build.dat Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\That Face Camp Shim\Road Build.exe Deletado! - C:\Arquivos de programas\Orbitdownloader\addons Deletado! - C:\Arquivos de programas\Orbitdownloader\banurl.ini Deletado! - C:\Arquivos de programas\Orbitdownloader\changelog.txt Falha ! - C:\Arquivos de programas\Orbitdownloader\download.dll Deletado! - C:\Arquivos de programas\Orbitdownloader\Grab.exe Deletado! - C:\Arquivos de programas\Orbitdownloader\GrabDll.dll Deletado! - C:\Arquivos de programas\Orbitdownloader\GrabKernel.dll Deletado! - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll Falha ! - C:\Arquivos de programas\Orbitdownloader\idht.dll Deletado! - C:\Arquivos de programas\Orbitdownloader\Lang.ini Deletado! - C:\Arquivos de programas\Orbitdownloader\language Deletado! - C:\Arquivos de programas\Orbitdownloader\libeay32.dll Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitnet.exe Deletado! - C:\Arquivos de programas\Orbitdownloader\saction.dll Deletado! - C:\Arquivos de programas\Orbitdownloader\siteinfo.ini Deletado! - C:\Arquivos de programas\Orbitdownloader\ssleay32.dll Deletado! - C:\Arquivos de programas\Orbitdownloader\unins000.dat Deletado! - C:\Arquivos de programas\Orbitdownloader\unins000.exe Deletado! - C:\Arquivos de programas\Orbitdownloader\update Deletado! - C:\Arquivos de programas\Orbitdownloader\winfile.dll Deletado! - C:\DOCUME~1\Geralda\Cookies\geralda@ads.adserver5[2].txt Deletado! - C:\DOCUME~1\Geralda\Cookies\geralda@ads.adserver5[3].txt Deletado! - C:\DOCUME~1\Geralda\Cookies\geralda@adserver5[1].txt Deletado! - C:\DOCUME~1\Geralda\Cookies\geralda@www.adserver5[2].txt Deletado! - C:\DOCUME~1\Geralda\Cookies\geralda@advertising.marketnetwork[1].txt Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\That Face Camp Shim Deletado! - C:\Arquivos de programas\Orbitdownloader \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Lista de pastas em DADOSD~1 [16/03/2009|22:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe [08/12/2008|17:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead [03/04/2009|04:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple [10/05/2009|11:48] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ArcSoft [20/03/2009|16:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\AVS4YOU [21/12/2008|14:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink [21/05/2009|20:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink [30/06/2009|15:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin [18/02/2009|11:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google [10/05/2009|11:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kodak [13/07/2009|01:45] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus! [28/05/2009|19:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft [08/12/2008|17:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero [07/06/2009|17:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NitroPC [25/06/2009|04:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype [11/05/2009|19:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\SweetIM [27/07/2009|14:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP [08/12/2008|18:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage [09/12/2008|07:48] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller [08/12/2008|17:06] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft [21/12/2008|15:14] C:\DOCUME~1\Geralda\DADOSD~1\Adobe [01/03/2009|15:19] C:\DOCUME~1\Geralda\DADOSD~1\AdobeAUM [21/12/2008|15:14] C:\DOCUME~1\Geralda\DADOSD~1\AdobeUM [21/12/2008|14:24] C:\DOCUME~1\Geralda\DADOSD~1\Ahead [11/05/2009|19:56] C:\DOCUME~1\Geralda\DADOSD~1\ArcSoft [20/03/2009|16:02] C:\DOCUME~1\Geralda\DADOSD~1\AVS4YOU [18/06/2009|21:28] C:\DOCUME~1\Geralda\DADOSD~1\Bandoo [18/04/2009|17:18] C:\DOCUME~1\Geralda\DADOSD~1\Canon [21/12/2008|14:27] C:\DOCUME~1\Geralda\DADOSD~1\CyberLink [12/05/2009|01:40] C:\DOCUME~1\Geralda\DADOSD~1\Desktopicon [04/07/2009|00:09] C:\DOCUME~1\Geralda\DADOSD~1\Docx2Rtf [17/03/2009|03:34] C:\DOCUME~1\Geralda\DADOSD~1\Download Manager [15/03/2009|19:15] C:\DOCUME~1\Geralda\DADOSD~1\FastStone [08/07/2009|21:57] C:\DOCUME~1\Geralda\DADOSD~1\GanymedeNet [18/02/2009|11:08] C:\DOCUME~1\Geralda\DADOSD~1\Google [17/03/2009|03:12] C:\DOCUME~1\Geralda\DADOSD~1\GrabPro [15/01/2009|16:34] C:\DOCUME~1\Geralda\DADOSD~1\Help [08/12/2008|17:12] C:\DOCUME~1\Geralda\DADOSD~1\Identities [18/05/2009|20:35] C:\DOCUME~1\Geralda\DADOSD~1\KodakCredentialStore [17/03/2009|01:32] C:\DOCUME~1\Geralda\DADOSD~1\KompoZer [30/12/2008|20:29] C:\DOCUME~1\Geralda\DADOSD~1\Leadertech [08/12/2008|17:58] C:\DOCUME~1\Geralda\DADOSD~1\Macromedia [16/05/2009|22:54] C:\DOCUME~1\Geralda\DADOSD~1\Megaupload [29/05/2009|20:40] C:\DOCUME~1\Geralda\DADOSD~1\Microsoft [14/07/2009|18:30] C:\DOCUME~1\Geralda\DADOSD~1\Mozilla [14/07/2009|20:00] C:\DOCUME~1\Geralda\DADOSD~1\Mp3 Love [14/12/2008|16:53] C:\DOCUME~1\Geralda\DADOSD~1\Netscape [17/03/2009|02:00] C:\DOCUME~1\Geralda\DADOSD~1\Nvu [03/07/2009|23:57] C:\DOCUME~1\Geralda\DADOSD~1\NwDocx [29/07/2009|18:15] C:\DOCUME~1\Geralda\DADOSD~1\Orbit [14/12/2008|18:16] C:\DOCUME~1\Geralda\DADOSD~1\Reallusion [10/05/2009|12:16] C:\DOCUME~1\Geralda\DADOSD~1\Skinux [10/07/2009|16:16] C:\DOCUME~1\Geralda\DADOSD~1\Skype [10/07/2009|16:06] C:\DOCUME~1\Geralda\DADOSD~1\skypePM [04/05/2009|03:04] C:\DOCUME~1\Geralda\DADOSD~1\Sun [10/12/2008|15:54] C:\DOCUME~1\Geralda\DADOSD~1\Teleca [12/05/2009|01:40] C:\DOCUME~1\Geralda\DADOSD~1\Toolbars [03/04/2009|03:08] C:\DOCUME~1\Geralda\DADOSD~1\VTExtra [14/05/2009|01:35] C:\DOCUME~1\Geralda\DADOSD~1\WinRAR [21/12/2008|14:29] C:\DOCUME~1\LOCALS~1\DADOSD~1\CyberLink [18/05/2009|19:38] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft [18/05/2009|19:38] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft --------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks [29/07/2009 18:01][--a------] C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [29/07/2009 18:00][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [29/07/2009 14:01][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [29/07/2009 17:26][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1547161642-1417001333-1003UA.job [29/07/2009 17:26][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1547161642-1417001333-1003Core.job [15/07/2009 22:26][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [29/07/2009 17:49][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{EFE216E9-715B-4DD1-8844-AE0C027DB14E}.job [29/07/2009 14:01][--ah-----] C:\WINDOWS\tasks\SA.DAT [14/04/2008 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Lista de pastas em C:\Arquivos de programas [10/12/2008|15:43] C:\Arquivos de programas\Adobe [09/12/2008|07:59] C:\Arquivos de programas\Alwil Software [03/04/2009|04:16] C:\Arquivos de programas\Apple Software Update [12/07/2009|16:50] C:\Arquivos de programas\Arquivos comuns [09/07/2009|19:46] C:\Arquivos de programas\Ask.com [20/06/2009|01:11] C:\Arquivos de programas\Bandoo [15/12/2008|14:31] C:\Arquivos de programas\Caere [15/12/2008|14:33] C:\Arquivos de programas\Canon [11/07/2009|01:44] C:\Arquivos de programas\Cine Turbo [08/12/2008|17:38] C:\Arquivos de programas\CyberLink [11/05/2009|20:40] C:\Arquivos de programas\DVDVideoSoft [20/03/2009|16:33] C:\Arquivos de programas\FormatFactory [30/06/2009|22:45] C:\Arquivos de programas\GbPlugin [17/07/2009|21:02] C:\Arquivos de programas\Google [29/06/2009|13:18] C:\Arquivos de programas\InstallShield Installation Information [08/12/2008|17:50] C:\Arquivos de programas\Intel [14/07/2009|22:00] C:\Arquivos de programas\Internet Explorer [04/05/2009|03:10] C:\Arquivos de programas\Java [10/05/2009|11:46] C:\Arquivos de programas\Kodak [13/07/2009|00:15] C:\Arquivos de programas\Messenger Plus! Live [12/02/2009|16:55] C:\Arquivos de programas\Microsoft [08/12/2008|17:06] C:\Arquivos de programas\microsoft frontpage [08/12/2008|17:23] C:\Arquivos de programas\Microsoft Office [12/02/2009|16:55] C:\Arquivos de programas\Microsoft Office Outlook Connector [02/05/2009|02:06] C:\Arquivos de programas\Microsoft Silverlight [12/02/2009|16:49] C:\Arquivos de programas\Microsoft SQL Server Compact Edition [12/02/2009|16:50] C:\Arquivos de programas\Microsoft Sync Framework [29/05/2009|20:37] C:\Arquivos de programas\Microsoft Virtual PC [08/12/2008|17:23] C:\Arquivos de programas\Microsoft Works [08/12/2008|17:24] C:\Arquivos de programas\Microsoft.NET [08/12/2008|17:51] C:\Arquivos de programas\Motorola [08/12/2008|17:04] C:\Arquivos de programas\Movie Maker [11/07/2009|17:05] C:\Arquivos de programas\Mp3 Love [16/05/2009|02:10] C:\Arquivos de programas\MSECache [08/12/2008|17:02] C:\Arquivos de programas\MSN Gaming Zone [25/06/2009|23:46] C:\Arquivos de programas\MSNFans Live Winks [08/12/2008|17:30] C:\Arquivos de programas\Nero [08/12/2008|17:04] C:\Arquivos de programas\NetMeeting [07/06/2009|17:04] C:\Arquivos de programas\NitroPC [08/12/2008|17:04] C:\Arquivos de programas\Outlook Express [11/05/2009|19:33] C:\Arquivos de programas\Pinnacle [12/05/2009|23:18] C:\Arquivos de programas\Programas RFB [08/12/2008|17:04] C:\Arquivos de programas\Servi‡os on-line [25/06/2009|04:32] C:\Arquivos de programas\Skype [08/12/2008|17:11] C:\Arquivos de programas\Uninstall Information [14/07/2009|18:07] C:\Arquivos de programas\Utherverse Digital Inc [16/05/2009|02:11] C:\Arquivos de programas\Windows Installer Clean Up [18/02/2009|02:43] C:\Arquivos de programas\Windows Live [12/02/2009|16:47] C:\Arquivos de programas\Windows Live SkyDrive [08/12/2008|18:11] C:\Arquivos de programas\Windows Media Connect 2 [08/12/2008|18:11] C:\Arquivos de programas\Windows Media Player [08/12/2008|17:02] C:\Arquivos de programas\Windows NT [08/12/2008|17:04] C:\Arquivos de programas\WindowsUpdate [14/05/2009|01:35] C:\Arquivos de programas\WinRAR [08/12/2008|17:06] C:\Arquivos de programas\xerox --------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns [16/03/2009|22:22] C:\Arquivos de programas\Arquivos comuns\Adobe [08/12/2008|17:32] C:\Arquivos de programas\Arquivos comuns\Ahead [15/12/2008|14:32] C:\Arquivos de programas\Arquivos comuns\Caere [08/12/2008|17:23] C:\Arquivos de programas\Arquivos comuns\DESIGNER [11/05/2009|20:40] C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft [29/06/2009|02:12] C:\Arquivos de programas\Arquivos comuns\InstallShield [10/05/2009|11:45] C:\Arquivos de programas\Arquivos comuns\Kodak [20/03/2009|16:00] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared [02/05/2009|00:45] C:\Arquivos de programas\Arquivos comuns\Motorola Shared [08/12/2008|17:04] C:\Arquivos de programas\Arquivos comuns\MSSoap [08/12/2008|14:57] C:\Arquivos de programas\Arquivos comuns\ODBC [14/12/2008|18:15] C:\Arquivos de programas\Arquivos comuns\Reallusion [08/12/2008|17:04] C:\Arquivos de programas\Arquivos comuns\Servi‡os [25/06/2009|04:32] C:\Arquivos de programas\Arquivos comuns\Skype [08/12/2008|14:57] C:\Arquivos de programas\Arquivos comuns\SpeechEngines [12/02/2009|16:55] C:\Arquivos de programas\Arquivos comuns\System [24/05/2009|19:36] C:\Arquivos de programas\Arquivos comuns\Teleca Shared [25/01/2009|13:10] C:\Arquivos de programas\Arquivos comuns\Windows Live [09/12/2008|07:56] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller --------------------\\ Process ( 44 Processes ) ... OK ! --------------------\\ Procura pelo S_Lop Não foram encontradas pastas com o Lop! --------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop Não foram encontradas pastas com o Lop! --------------------\\ Procura no Registro [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ..... OK ! --------------------\\ Verificando o Arquivos/Ficheiros Hosts Arquivos/Ficheiros Hosts LIMPO --------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-29 18:18:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Procurando por outras infecções --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Geralda\Meus documentos\Jogos\JG Sega\BMP\CRACK.BMP C:\DOCUME~1\Geralda\Meus documentos\Jogos\JG Sega\ROM\CRACK.SMD [F:453][D:41]-> C:\DOCUME~1\Geralda\CONFIG~1\Temp [F:172][D:0]-> C:\DOCUME~1\Geralda\Cookies [F:11335][D:44]-> C:\DOCUME~1\Geralda\CONFIG~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - qua 29/07/2009|18:21 - Option : [2] --------------------\\ Verificação completa em 18:21:44 Log do hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:51, on 29/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Windows\System32\svchosts.exe C:\Windows\System32\svchosts.exe C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\Geralda\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Documents and Settings\Geralda\Meus documentos\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supervideoloteria.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing) O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (file missing) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file) O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll (file missing) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [] C:\Windows\System32\svchosts.exe O4 - HKLM\..\Run: [svchosts] C:\Windows\System32\svchosts.exe O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.gamedesire.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://cached.gamedesire.com/g_bin/eng/solitaire_2_0_0_28.cab O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers.net/erv2/vagas/activex/smsx.cab O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://cached.gamedesire.com/g_bin/eng/roulette_2_0_0_27.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://cached.gamedesire.com/g_bin/eng/boards_2_0_0_35.cab O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://cached.gamedesire.com/g_bin/eng/slots90_2_0_0_35.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://cached.gamedesire.com/g_bin/eng/navy_2_0_0_29.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?AuthParam=1241417198_256205db8a11c83294bc128d0ef1107b&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab&File=jinstall-6u13-windows-i586-jc.cab&BHost=javadl.sun.com O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://cached.gamedesire.com/g_bin/eng/hunter_2_0_0_27.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamedesire.com/g_bin/eng/marbles_2_0_0_32.cab O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://cached.gamedesire.com/g_bin/eng/breakout_2_0_0_29.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://cached.gamedesire.com/g_bin/eng/words_2_0_0_51.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://cached.gamedesire.com/g_bin/eng/wordssingle_2_0_0_48.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://cached.gamedesire.com/g_bin/eng/mahjong_2_0_0_31.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A28F79-242D-4820-8CC3-94F7A26E8AC1}: NameServer = 200.204.0.138,200.204.0.10 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing) O20 - Winlogon Notify: GbPluginUni - C:\WINDOWS\Downloaded Program Files\gbiehUni.dll (file missing) O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing) O23 - Service: Google Update Service (gupdate1c9df40d91beada) (gupdate1c9df40d91beada) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe -- End of file - 15165 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wyccka 0 Denunciar post Postado Julho 30, 2009 Ola Sam Spade, obrigada por me ajudar, parece que funcionou, não tem mais janelas chatas pulando na minha tela. Agradeço a atenção. Bjos. Wyccka. Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Agosto 4, 2009 Olá, deculpe a demora mas o tempo apertou. Ainda existe infecções no PC. Gere um novo log com o HijackThis e poste. Compartilhar este post Link para o post Compartilhar em outros sites
wyccka 0 Denunciar post Postado Agosto 5, 2009 Ola Amigo Sam Spade, Meu pc esta muito lento e agora começou a desligar sozinho, tem uma janela que ta aparecendo toda vez que eu ligo o pc, pedindo para reiniciar, e eu entrei no site do itau e apareceu uma janelinha de acesso direto na minha area de trabalho, ele estava com o virus CiD, mas ja fiz tudo o que me ensinaram e o CiD parou, mas parece que meu pc ficou pior do que tava. Desde ja agradeço. Segue log HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:23:41, on 5/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Windows\System32\svchosts.exe C:\Windows\System32\svchosts.exe C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Documents and Settings\Geralda\Meus documentos\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supervideoloteria.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing) O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (file missing) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file) O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [] C:\Windows\System32\svchosts.exe O4 - HKLM\..\Run: [svchosts] C:\Windows\System32\svchosts.exe O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.gamedesire.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.appl...ex/qtplugin.cab O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://cached.gamede...re_2_0_0_28.cab O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers....ctivex/smsx.cab O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://cached.gamede...te_2_0_0_27.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://cached.gamede...ds_2_0_0_35.cab O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://cached.gamede...90_2_0_0_35.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://cached.gamede...vy_2_0_0_29.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....=javadl.sun.com O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://cached.gamede...er_2_0_0_27.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamede...es_2_0_0_32.cab O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://cached.gamede...ut_2_0_0_29.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://cached.gamede...ds_2_0_0_51.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://cached.gamede...le_2_0_0_48.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://cached.gamede...ng_2_0_0_31.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A28F79-242D-4820-8CC3-94F7A26E8AC1}: NameServer = 200.204.0.138,200.204.0.10 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing) O20 - Winlogon Notify: GbPluginUni - C:\WINDOWS\Downloaded Program Files\gbiehUni.dll (file missing) O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing) O23 - Service: Google Update Service (gupdate1c9df40d91beada) (gupdate1c9df40d91beada) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe -- End of file - 14918 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Agosto 21, 2009 Olá, foi difícil conciliar o tempo, vamos ver esta infecção que ainda está no log e que não tem nada a ver com o CID (Lop). Baixe o Malwarebytes' Anti-Malware (MBAM) neste link ou neste aqui. Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão. Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir. Se houver atualizações a serem feitas, serão baixadas e instaladas. Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar. Começará então o exame. Aguarde, pois pode demorar. Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório. Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover. Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo) O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa. Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis. NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Setembro 21, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites