[Resolvido!] "Virus" CID

VictorG · Agosto 18, 2009

Boa Tarde,

Estou com um problema ja faz algum tempo e nao consigo resolve-lo. Ja rodei anti-virus mas nao funciona. Li topicos aqui no forum para me informar, entao decidi criar um, para que talvez alguem posssa me ajudar. Trata-se do "virus" CID, onde janelas de propaganda ficam abrindo sozinhas.

Ta aqui o Log.

Obrigado.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:23:00, on 18/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Typle2.0v\Typle.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Real\RealPlayer\realplay.exe

C:\Arquivos de programas\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Arquivos de programas\AskSearch\bin\DefaultSearch.dll

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll (file missing)

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll (file missing)

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [file wave user bat] C:\Documents and Settings\All Users\Dados de aplicativos\Mail For File Wave\cast up.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [tickmeet] C:\DOCUME~1\Tania\DADOSD~1\PHONEC~1\mediabikeknob.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Typle.lnk = C:\Arquivos de programas\Typle2.0v\Typle.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 8767 bytes

DigRam · Agosto 19, 2009

Bom Dia! VictorG

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde!

<@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena.

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

Abraços!

VictorG · Agosto 19, 2009

Olá,

os relatorios;

Obrigado.

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )

BIOS : Rev 1.00

USER : Tania ( Administrator )

BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.5 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:39 Go (Free:13 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

G:\ (Local Disk) - NTFS - Total:109 Go (Free:87 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( qua 19/08/2009|10:29 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

Deletado! - C:\WINDOWS\Tasks\ACFE95209185077C.job

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Mail For File Wave\cast up.dat

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Mail For File Wave\cast up.exe

Deletado! - C:\DOCUME~1\Tania\DADOSD~1\phonec~1\Bags Pop Rdr.exe

Deletado! - C:\DOCUME~1\Tania\DADOSD~1\phonec~1\dgjovosc.exe

Deletado! - C:\DOCUME~1\Tania\DADOSD~1\phonec~1\mediabikeknob.exe

Deletado! - C:\DOCUME~1\Tania\DADOSD~1\phonec~1\nmxeauym.exe

Deletado! - C:\DOCUME~1\Tania\DADOSD~1\phonec~1\trowyniv.exe

Deletado! - C:\DOCUME~1\Tania\DADOSD~1\phonec~1\wait blue bash ooze.exe

Deletado! - C:\DOCUME~1\Tania\CONFIG~1\Temp\msgpl_809d.tmp

Deletado! - C:\DOCUME~1\Tania\CONFIG~1\Temp\msgpl_8383.tmp

Deletado! - C:\DOCUME~1\Tania\CONFIG~1\Temp\msgpl_e810.tmp

Deletado! - C:\DOCUME~1\Tania\CONFIG~1\Temp\nss69.tmp

Deletado! - C:\DOCUME~1\Tania\CONFIG~1\Temp\sta1.exe

Deletado! - C:\DOCUME~1\Tania\Cookies\tania@www.adserver5[2].txt

Deletado! - C:\DOCUME~1\Tania\CONFIG~1\Temp\bis16.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Mail For File Wave

Deletado! - C:\DOCUME~1\Tania\DADOSD~1\phonec~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Lista de pastas em DADOSD~1

[01/12/2008|13:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[25/03/2009|14:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

[18/11/2008|19:24] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

[18/11/2008|19:24] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[31/03/2009|13:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\avg8

[06/04/2009|12:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[02/08/2009|20:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[26/07/2009|21:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[12/03/2009|11:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Help

[02/08/2009|23:04] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[06/04/2009|12:24] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Temp

[10/02/2009|09:04] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[27/11/2008|11:21] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

[01/01/2002|16:00] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

[31/03/2009|13:58] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

[31/03/2009|13:58] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

[12/03/2009|22:29] C:\DOCUME~1\Tania\DADOSD~1\aAvgApi

[27/03/2009|17:54] C:\DOCUME~1\Tania\DADOSD~1\Adobe

[03/12/2008|10:55] C:\DOCUME~1\Tania\DADOSD~1\Apple Computer

[25/03/2009|14:36] C:\DOCUME~1\Tania\DADOSD~1\Canneverbe_Limited

[09/02/2009|10:58] C:\DOCUME~1\Tania\DADOSD~1\Corel

[06/04/2009|12:30] C:\DOCUME~1\Tania\DADOSD~1\CyberLink

[08/07/2009|22:36] C:\DOCUME~1\Tania\DADOSD~1\DAEMON Tools

[28/11/2008|20:06] C:\DOCUME~1\Tania\DADOSD~1\DeepBurner

[23/04/2009|16:15] C:\DOCUME~1\Tania\DADOSD~1\Desktopicon

[22/12/2008|09:50] C:\DOCUME~1\Tania\DADOSD~1\Identities

[01/01/2002|20:01] C:\DOCUME~1\Tania\DADOSD~1\Macromedia

[18/08/2009|14:12] C:\DOCUME~1\Tania\DADOSD~1\Media Player Classic

[31/03/2009|13:58] C:\DOCUME~1\Tania\DADOSD~1\Microsoft

[19/11/2008|15:01] C:\DOCUME~1\Tania\DADOSD~1\Mozilla

[02/08/2009|22:29] C:\DOCUME~1\Tania\DADOSD~1\Nero

[19/11/2008|15:00] C:\DOCUME~1\Tania\DADOSD~1\Real

[13/03/2009|14:12] C:\DOCUME~1\Tania\DADOSD~1\Sun

[01/12/2008|19:51] C:\DOCUME~1\Tania\DADOSD~1\temp

[02/08/2009|19:48] C:\DOCUME~1\Tania\DADOSD~1\uTorrent

[12/05/2009|09:08] C:\DOCUME~1\Tania\DADOSD~1\VJ.Nights

[19/11/2008|15:45] C:\DOCUME~1\Tania\DADOSD~1\WinRAR

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

[19/08/2009 10:21][--a------] C:\WINDOWS\tasks\WGASetup.job

[02/02/2009 07:36][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[19/08/2009 10:18][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 12:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Lista de pastas em C:\Arquivos de programas

[01/12/2008|13:08] C:\Arquivos de programas\Adobe

[02/08/2009|22:39] C:\Arquivos de programas\Ahead

[26/07/2009|21:11] C:\Arquivos de programas\Alcohol Soft

[01/01/2002|19:23] C:\Arquivos de programas\Analog Devices

[18/11/2008|19:24] C:\Arquivos de programas\Apple Software Update

[02/08/2009|23:04] C:\Arquivos de programas\Arquivos comuns

[19/11/2008|15:16] C:\Arquivos de programas\AskSearch

[28/11/2008|20:07] C:\Arquivos de programas\Astonsoft

[01/01/2002|20:10] C:\Arquivos de programas\AVG

[25/03/2009|14:36] C:\Arquivos de programas\CDBurnerXP

[16/08/2009|23:20] C:\Arquivos de programas\Cheat Engine

[01/01/2002|15:57] C:\Arquivos de programas\ComPlus Applications

[09/02/2009|10:55] C:\Arquivos de programas\Corel

[02/08/2009|17:39] C:\Arquivos de programas\DivX

[19/11/2008|15:16] C:\Arquivos de programas\DVDVideoSoft

[02/12/2008|14:36] C:\Arquivos de programas\Gabest

[18/08/2009|14:23] C:\Arquivos de programas\HiJackThis

[06/04/2009|13:20] C:\Arquivos de programas\InstallShield Installation Information

[12/08/2009|14:40] C:\Arquivos de programas\Internet Explorer

[27/03/2009|09:53] C:\Arquivos de programas\Java

[01/01/2002|19:30] C:\Arquivos de programas\Marvell

[13/01/2009|23:18] C:\Arquivos de programas\Messenger

[12/08/2009|10:36] C:\Arquivos de programas\Messenger Plus! Live

[15/03/2009|21:21] C:\Arquivos de programas\Microsoft

[01/01/2002|16:00] C:\Arquivos de programas\microsoft frontpage

[01/01/2002|18:08] C:\Arquivos de programas\Microsoft Office

[15/03/2009|21:21] C:\Arquivos de programas\Microsoft Office Outlook Connector

[31/07/2009|18:11] C:\Arquivos de programas\Microsoft Silverlight

[07/08/2009|22:12] C:\Arquivos de programas\Microsoft SQL Server Compact Edition

[01/12/2008|20:38] C:\Arquivos de programas\Microsoft Works

[12/03/2009|11:21] C:\Arquivos de programas\Microsoft.NET

[01/01/2002|15:58] C:\Arquivos de programas\Movie Maker

[19/08/2009|10:21] C:\Arquivos de programas\Mozilla Firefox

[11/03/2009|15:25] C:\Arquivos de programas\MSBuild

[01/01/2002|15:56] C:\Arquivos de programas\MSN Gaming Zone

[02/08/2009|23:13] C:\Arquivos de programas\MSXML 4.0

[02/08/2009|22:15] C:\Arquivos de programas\MSXML 6.0

[02/08/2009|22:25] C:\Arquivos de programas\Nero

[01/01/2002|15:58] C:\Arquivos de programas\NetMeeting

[12/08/2009|23:33] C:\Arquivos de programas\Outlook Express

[18/11/2008|19:24] C:\Arquivos de programas\QuickTime

[18/11/2008|19:12] C:\Arquivos de programas\Real

[11/03/2009|15:25] C:\Arquivos de programas\Reference Assemblies

[07/08/2009|11:33] C:\Arquivos de programas\Scpad

[01/01/2002|15:59] C:\Arquivos de programas\Servi‡os on-line

[15/08/2009|13:07] C:\Arquivos de programas\Typle2.0v

[01/01/2002|17:06] C:\Arquivos de programas\Uninstall Information

[25/07/2009|19:16] C:\Arquivos de programas\uTorrent

[18/08/2009|14:12] C:\Arquivos de programas\WinAVI Video Converter 9.0

[15/03/2009|21:21] C:\Arquivos de programas\Windows Live

[08/05/2009|13:20] C:\Arquivos de programas\Windows Media Player

[01/01/2002|15:56] C:\Arquivos de programas\Windows NT

[01/01/2002|15:59] C:\Arquivos de programas\WindowsUpdate

[18/11/2008|19:10] C:\Arquivos de programas\WinRAR

[01/01/2002|16:00] C:\Arquivos de programas\xerox

[25/03/2009|14:32] C:\Arquivos de programas\Yahoo!

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

[01/12/2008|13:08] C:\Arquivos de programas\Arquivos comuns\Adobe

[02/08/2009|22:39] C:\Arquivos de programas\Arquivos comuns\Ahead

[09/02/2009|10:55] C:\Arquivos de programas\Arquivos comuns\Corel

[06/04/2009|12:27] C:\Arquivos de programas\Arquivos comuns\CyberLink

[10/02/2009|08:56] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[19/11/2008|15:16] C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

[09/02/2009|10:55] C:\Arquivos de programas\Arquivos comuns\InstallShield

[31/03/2009|13:58] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[01/01/2002|15:58] C:\Arquivos de programas\Arquivos comuns\MSSoap

[01/01/2002|13:50] C:\Arquivos de programas\Arquivos comuns\ODBC

[18/11/2008|19:12] C:\Arquivos de programas\Arquivos comuns\Real

[01/01/2002|15:58] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[01/01/2002|13:50] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[15/03/2009|21:21] C:\Arquivos de programas\Arquivos comuns\System

[15/03/2009|20:55] C:\Arquivos de programas\Arquivos comuns\Windows Live

[27/11/2008|11:26] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

[18/11/2008|19:12] C:\Arquivos de programas\Arquivos comuns\xing shared

--------------------\\ Process

( 39 Processes )

... OK !

--------------------\\ Procura pelo S_Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura no Registro

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

Arquivos/Ficheiros Hosts LIMPO

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

http://www.gmer.net

Rootkit scan 2009-08-19 10:32:06

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Procurando por outras infecções

Não foram encontradas outras infecções.

[F:4787][D:176]-> C:\DOCUME~1\Tania\CONFIG~1\Temp

[F:73][D:0]-> C:\DOCUME~1\Tania\Cookies

[F:13278][D:22]-> C:\DOCUME~1\Tania\CONFIG~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - qua 19/08/2009|10:33 - Option : [2]

--------------------\\ Verificação completa em 10:33:25

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:35:13, on 19/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE