[Resolvido!] Janelas do IE abrem sozinhas

Rodrigo Rocha RJ · Dezembro 17, 2009

Olá amigos do iMasters,

Depois de muito pesquisar e não conseguir resolver o problemas com minhas próprias mãos resolvi pedir ajuda a vocês.

Pesquisando no google vi que aqui existe uma pessoa com o problema idêntico ao meu (http://forum.imasters.com.br/index.php?/topic/371985-janelas-do-ie-abrem-sozinhas/). Segui a orientação dada pelo Antônio Vieira Sobrinho e agora postarei o log para a anlise.

Desde já obrigado pela ajuda.

PS.: Meu AV é o Avira free e tenho também o Spybot Search and Destroy.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:54: Rodrigo, on 17/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.72.199.106:80

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [eSnips] "C:\Arquivos de programas\eSnips\ClientGW.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AXIS TONS THE MP3] C:\Documents and Settings\All Users\Dados de aplicativos\Readme Live Axis Tons\SOAP PART.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Rodrigo Rocha\Dados de aplicativos\drivers\winupgro.exe

O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Rodrigo Rocha\Dados de aplicativos\m\flec006.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)" -"http://www.cartoonnetworkla.com/folders/200803/dexter.game.pt.labyrinth.432x330.zip2357934847000454/index.html"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Arquivos%20de%20programas/Bejeweled%202/Images/stg_drm.ocx

O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown IE Helper Portuguese) - http://idownload.br.toontown.com/sv1.4.22.6/ttinst-portuguese.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.oifotos.com/custom/send3/ImageUploader5.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Arquivos%20de%20programas/Bejeweled%202/Images/armhelper.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{27D4895C-B9D5-4547-BE37-98EB075148C3}: NameServer = 200.149.55.140 200.165.132.147

O17 - HKLM\System\CS4\Services\Tcpip\..\{27D4895C-B9D5-4547-BE37-98EB075148C3}: NameServer = 200.149.55.140 200.165.132.147

O17 - HKLM\System\CS5\Services\Tcpip\..\{27D4895C-B9D5-4547-BE37-98EB075148C3}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 13460 bytes

DigRam · Dezembro 17, 2009

Boa Tarde! Rodrigo Rocha RJ

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Desabilite seu anti-vírus ou Firewall.

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

Abraços!

Rodrigo Rocha RJ · Dezembro 17, 2009

Olá DigRam,

Obrigado pela ajuda

Log do Lop S&D

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.80GHz )

BIOS : Award Modular BIOS v6.00PG

USER : Rodrigo Rocha ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:18 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

F:\ (CD or DVD)

G:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( qui 17/12/2009|13:06 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

Deletado! - C:\DOCUME~1\RODRIG~1\CONFIG~1\Temp\sta18C.exe

Deletado! - C:\Arquivos de programas\Circle Developement

-

[ Arquivos/Ficheiros Hosts ] .. RESTAURADO

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Lista de pastas em DADOSD~1

[27/08/2008|14:54:] C:\DOCUME~1\ADMINI~1\DADOSD~1\<DIR> Microsoft

[31/05/2009|11:57:] C:\DOCUME~1\ALINER~1\DADOSD~1\<DIR> Adobe

[14/05/2008|10:31:] C:\DOCUME~1\ALINER~1\DADOSD~1\<DIR> Google

[14/10/2007|03:18:] C:\DOCUME~1\ALINER~1\DADOSD~1\<DIR> Identities

[14/10/2007|12:42:] C:\DOCUME~1\ALINER~1\DADOSD~1\<DIR> Macromedia

[27/08/2008|14:54:] C:\DOCUME~1\ALINER~1\DADOSD~1\<DIR> Microsoft

[31/05/2009|11:05:] C:\DOCUME~1\ALINER~1\DADOSD~1\<DIR> Mozilla

[06/11/2007|22:34:] C:\DOCUME~1\ALINER~1\DADOSD~1\<DIR> Nero

[31/05/2009|11:05:] C:\DOCUME~1\ALINER~1\DADOSD~1\<DIR> Real

[06/11/2008|19:54:] C:\DOCUME~1\ALINER~1\DADOSD~1\<DIR> SecuROM

[12/12/2009|12:37:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Adobe

[16/10/2007|20:15:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Ahead

[27/08/2008|14:54:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Avg7

[18/04/2009|22:04:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Avira

[15/02/2008|21:15:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> ConeXware

[27/07/2008|10:27:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> DVD Shrink

[14/04/2009|17:21:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> GbPlugin

[24/09/2009|21:41:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Google

[17/07/2008|21:01:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Hewlett-Packard

[17/07/2008|20:51:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> HP

[17/07/2008|20:51:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> HP Product Assistant

[17/07/2008|20:54:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> HPSSUPPLY

[05/02/2008|13:56:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Messenger Plus!

[17/11/2009|17:55:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Microsoft

[10/12/2009|14:27:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Microsoft Help

[19/01/2008|14:06:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> NCH Swift Sound

[05/12/2007|19:20:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Nero

[17/03/2008|20:24:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Office Genuine Advantage

[27/09/2009|01:44:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> PopCap Games

[23/10/2009|10:28:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Real

[02/02/2009|23:16:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> SlySoft

[14/10/2007|03:09:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Sony

[25/01/2009|23:01:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Spybot - Search & Destroy

[10/12/2009|10:08:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> TEMP

[27/12/2007|01:10:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> vsosdk

[17/07/2008|21:04:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> WEBREG

[13/10/2007|13:25:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> Windows Genuine Advantage

[13/04/2008|19:44:] C:\DOCUME~1\ALLUSE~1\DADOSD~1\<DIR> WLInstaller

[13/10/2007|12:38:] C:\DOCUME~1\DEFAUL~1\DADOSD~1\<DIR> Microsoft

[27/08/2008|14:54:] C:\DOCUME~1\LNSS_M~1\DADOSD~1\<DIR> Microsoft

[14/07/2009|22:28:] C:\DOCUME~1\LOCALS~1\DADOSD~1\<DIR> Adobe

[27/08/2008|14:54:] C:\DOCUME~1\LOCALS~1\DADOSD~1\<DIR> Microsoft

[27/08/2008|14:54:] C:\DOCUME~1\NETWOR~1\DADOSD~1\<DIR> Microsoft

[12/12/2009|12:37:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Adobe

[20/01/2009|20:18:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Ahead

[17/12/2009|02:10:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> BitTorrent

[15/07/2009|02:20:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> drivers

[05/05/2008|23:07:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Google

[05/11/2007|23:42:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Hamachi

[10/01/2008|22:25:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Help

[17/07/2008|21:08:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> HP

[24/07/2008|17:35:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> HPAppData

[13/10/2007|12:44:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Identities

[14/04/2009|11:41:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> m

[18/05/2008|21:15:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Macromedia

[30/01/2008|01:17:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Media Player Classic

[18/11/2009|13:26:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Microsoft

[26/12/2008|19:10:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Mozilla

[19/01/2008|15:14:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> NCH Swift Sound

[01/11/2007|14:39:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Nero

[10/06/2008|20:13:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> proDAD

[14/10/2007|03:13:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Publish Providers

[23/10/2009|10:54:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Real

[23/07/2009|12:40:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Samsung

[20/10/2009|11:12:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> SecondLife

[05/11/2008|14:32:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> SecuROM

[02/06/2008|00:39:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Sony

[14/10/2007|02:40:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Sony Setup

[27/09/2009|02:54:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> SpinTop

[14/07/2008|01:17:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Sun

[08/05/2008|19:51:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Talkback

[15/04/2009|00:34:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Vso

[14/10/2007|00:22:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> WinRAR

[24/01/2009|18:29:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> Yahoo!

[10/06/2008|21:04:] C:\DOCUME~1\RODRIG~1\DADOSD~1\<DIR> ZC Dream Photo

[19/03/2008|10:22:] C:\DOCUME~1\Users\DADOSD~1\<DIR> Adobe

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

[17/12/2009 12:49: Rodrigo][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1547161642-2147145749-1003UA.job

[16/12/2009 23:49: Rodrigo][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1547161642-2147145749-1003Core.job

[17/12/2009 10:35: Rodrigo][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 17:07: Rodrigo][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Lista de pastas em C:\Arquivos de programas

[18/05/2008|00:27:] C:\Arquivos de programas\<DIR> Aavs 6cc for Vegas

[18/05/2008|00:28:] C:\Arquivos de programas\<DIR> Adam's Plug-ins for Sony Vegas

[01/01/2009|23:24:] C:\Arquivos de programas\<DIR> Adobe

[20/06/2008|23:06:] C:\Arquivos de programas\<DIR> Ahead

[23/08/2009|13:46:] C:\Arquivos de programas\<DIR> Alcohol Soft

[10/12/2009|10:09:] C:\Arquivos de programas\<DIR> Arquivos comuns

[18/04/2009|22:04:] C:\Arquivos de programas\<DIR> Avira

[23/07/2009|12:42:] C:\Arquivos de programas\<DIR> AviSynth 2.5

[24/01/2009|00:14:] C:\Arquivos de programas\<DIR> AvRack

[19/08/2009|01:12:] C:\Arquivos de programas\<DIR> BitTorrent

[14/01/2009|22:21:] C:\Arquivos de programas\<DIR> Combined Community Codec Pack

[16/04/2008|00:17:] C:\Arquivos de programas\<DIR> DebugMode

[24/11/2007|15:31:] C:\Arquivos de programas\<DIR> directx

[07/01/2009|09:25:] C:\Arquivos de programas\<DIR> Disney

[14/10/2007|00:49:] C:\Arquivos de programas\<DIR> DVD Shrink

[18/03/2009|20:36:] C:\Arquivos de programas\<DIR> DVDlabPro2

[20/08/2009|23:46:] C:\Arquivos de programas\<DIR> eMule

[05/07/2009|22:09:] C:\Arquivos de programas\<DIR> Foxit Software

[02/09/2009|12:53:] C:\Arquivos de programas\<DIR> Gabest

[14/04/2009|11:38:] C:\Arquivos de programas\<DIR> GbPlugin

[24/09/2009|21:41:] C:\Arquivos de programas\<DIR> Google

[17/07/2008|20:50:] C:\Arquivos de programas\<DIR> Hewlett-Packard

[17/12/2009|11:54:] C:\Arquivos de programas\<DIR> Hijack This

[17/07/2008|20:54:] C:\Arquivos de programas\<DIR> HP

[17/10/2007|17:19:] C:\Arquivos de programas\<DIR> InCode Solutions

[23/07/2009|12:40:] C:\Arquivos de programas\<DIR> InstallShield Installation Information

[13/10/2007|14:10:] C:\Arquivos de programas\<DIR> Intel

[10/12/2009|15:26:] C:\Arquivos de programas\<DIR> Internet Explorer

[09/09/2009|19:52:] C:\Arquivos de programas\<DIR> Java

[30/01/2008|01:16:] C:\Arquivos de programas\<DIR> K-Lite Codec Pack

[19/02/2008|23:26:] C:\Arquivos de programas\<DIR> Lavasoft

[24/01/2009|12:24:] C:\Arquivos de programas\<DIR> Messenger

[25/11/2009|22:58:] C:\Arquivos de programas\<DIR> Messenger Plus! Live

[17/11/2009|17:57:] C:\Arquivos de programas\<DIR> Microsoft

[26/04/2008|15:14:] C:\Arquivos de programas\<DIR> Microsoft CAPICOM 2.1.0.2

[13/10/2007|12:39:] C:\Arquivos de programas\<DIR> microsoft frontpage

[13/10/2007|13:46:] C:\Arquivos de programas\<DIR> Microsoft Office

[17/11/2009|17:56:] C:\Arquivos de programas\<DIR> Microsoft Office Outlook Connector

[18/11/2009|17:15:] C:\Arquivos de programas\<DIR> Microsoft Silverlight

[14/10/2007|03:09:] C:\Arquivos de programas\<DIR> Microsoft SQL Server

[17/11/2009|17:54:] C:\Arquivos de programas\<DIR> Microsoft SQL Server Compact Edition

[17/11/2009|17:55:] C:\Arquivos de programas\<DIR> Microsoft Sync Framework

[13/10/2007|13:45:] C:\Arquivos de programas\<DIR> Microsoft Visual Studio

[18/11/2009|23:34:] C:\Arquivos de programas\<DIR> Microsoft Works

[06/09/2008|14:42:] C:\Arquivos de programas\<DIR> Movie Maker

[17/12/2009|11:49:] C:\Arquivos de programas\<DIR> Mozilla Firefox

[18/04/2009|16:20:] C:\Arquivos de programas\<DIR> MSBuild

[15/08/2008|19:13:] C:\Arquivos de programas\<DIR> MSECache

[13/10/2007|12:35:] C:\Arquivos de programas\<DIR> MSN Gaming Zone

[02/11/2007|16:38:] C:\Arquivos de programas\<DIR> MSXML 4.0

[19/01/2008|15:14:] C:\Arquivos de programas\<DIR> NCH Swift Sound

[06/09/2008|14:37:] C:\Arquivos de programas\<DIR> NetMeeting

[30/11/2007|09:05:] C:\Arquivos de programas\<DIR> Oi Velox

[22/01/2008|14:04:] C:\Arquivos de programas\<DIR> Ontrack

[13/08/2009|01:19:] C:\Arquivos de programas\<DIR> Outlook Express

[23/07/2009|12:39:] C:\Arquivos de programas\<DIR> Panda Security

[13/10/2007|22:08:] C:\Arquivos de programas\<DIR> PC Camera

[10/06/2008|20:14:] C:\Arquivos de programas\<DIR> Picasa2

[27/09/2009|14:01:] C:\Arquivos de programas\<DIR> PopCap Games

[16/04/2008|00:18:] C:\Arquivos de programas\<DIR> Pure Motion

[04/02/2009|23:40:] C:\Arquivos de programas\<DIR> Rapid-USD NoCaptcha -Th3zone.com Sep2007

[24/01/2009|00:14:] C:\Arquivos de programas\<DIR> Realtek AC97

[13/10/2007|14:11:] C:\Arquivos de programas\<DIR> Realtek Sound Manager

[18/04/2009|16:20:] C:\Arquivos de programas\<DIR> Reference Assemblies

[30/06/2008|18:51:] C:\Arquivos de programas\<DIR> Scpad

[13/10/2007|12:37:] C:\Arquivos de programas\<DIR> Servi‡os on-line

[24/11/2007|15:19:] C:\Arquivos de programas\<DIR> Sierra On-Line

[23/02/2009|17:40:] C:\Arquivos de programas\<DIR> SlySoft

[27/05/2008|00:42:] C:\Arquivos de programas\<DIR> Sonic Foundry

[05/08/2008|02:37:] C:\Arquivos de programas\<DIR> Sony

[02/06/2008|00:31:] C:\Arquivos de programas\<DIR> Sony Setup

[24/01/2009|20:30:] C:\Arquivos de programas\<DIR> Spybot - Search & Destroy

[23/02/2009|17:41:] C:\Arquivos de programas\<DIR> THQ

[08/02/2008|17:53:] C:\Arquivos de programas\<DIR> UltraISO

[14/10/2007|03:09:] C:\Arquivos de programas\<DIR> Uninstall Information

[17/01/2009|20:55:] C:\Arquivos de programas\<DIR> VSO

[14/10/2007|03:05:] C:\Arquivos de programas\<DIR> Vstplugins

[13/05/2009|07:20:] C:\Arquivos de programas\<DIR> Webteh

[14/01/2009|20:32:] C:\Arquivos de programas\<DIR> WinAVI Video Converter

[17/11/2009|17:56:] C:\Arquivos de programas\<DIR> Windows Live

[17/11/2009|17:50:] C:\Arquivos de programas\<DIR> Windows Live SkyDrive

[13/10/2007|13:30:] C:\Arquivos de programas\<DIR> Windows Media Connect 2

[28/11/2009|11:19:] C:\Arquivos de programas\<DIR> Windows Media Player

[06/09/2008|14:37:] C:\Arquivos de programas\<DIR> Windows NT

[13/10/2007|12:37:] C:\Arquivos de programas\<DIR> WindowsUpdate

[13/10/2007|22:21:] C:\Arquivos de programas\<DIR> WinRAR

[13/10/2007|12:39:] C:\Arquivos de programas\<DIR> xerox

[25/06/2008|16:37:] C:\Arquivos de programas\<DIR> YouTube Downloader

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

[01/01/2009|23:24:] C:\Arquivos de programas\Arquivos comuns\<DIR> Adobe

[18/01/2007|15:36:] C:\Arquivos de programas\Arquivos comuns\<DIR> Ahead

[10/06/2008|01:48:] C:\Arquivos de programas\Arquivos comuns\<DIR> Bcgsoft

[13/10/2007|13:45:] C:\Arquivos de programas\Arquivos comuns\<DIR> DESIGNER

[01/03/2008|16:36:] C:\Arquivos de programas\Arquivos comuns\<DIR> DirectX

[08/02/2008|17:53:] C:\Arquivos de programas\Arquivos comuns\<DIR> EZB Systems

[21/04/2008|22:29:] C:\Arquivos de programas\Arquivos comuns\<DIR> Hewlett-Packard

[17/07/2008|20:50:] C:\Arquivos de programas\Arquivos comuns\<DIR> HP

[13/10/2007|22:08:] C:\Arquivos de programas\Arquivos comuns\<DIR> InstallShield

[12/07/2008|19:29:] C:\Arquivos de programas\Arquivos comuns\<DIR> Java

[18/11/2009|23:35:] C:\Arquivos de programas\Arquivos comuns\<DIR> Microsoft Shared

[13/10/2007|12:36:] C:\Arquivos de programas\Arquivos comuns\<DIR> MSSoap

[13/10/2007|09:29:] C:\Arquivos de programas\Arquivos comuns\<DIR> ODBC

[13/10/2007|22:08:] C:\Arquivos de programas\Arquivos comuns\<DIR> PCCamera

[23/10/2009|10:21:] C:\Arquivos de programas\Arquivos comuns\<DIR> Real

[13/10/2007|12:36:] C:\Arquivos de programas\Arquivos comuns\<DIR> Servi‡os

[13/10/2007|09:29:] C:\Arquivos de programas\Arquivos comuns\<DIR> SpeechEngines

[08/03/2009|11:39:] C:\Arquivos de programas\Arquivos comuns\<DIR> SWF Studio

[10/01/2009|19:39:] C:\Arquivos de programas\Arquivos comuns\<DIR> Symantec Shared

[17/11/2009|17:56:] C:\Arquivos de programas\Arquivos comuns\<DIR> System

[17/11/2009|17:34:] C:\Arquivos de programas\Arquivos comuns\<DIR> Windows Live

[13/04/2008|19:57:] C:\Arquivos de programas\Arquivos comuns\<DIR> WindowsLiveInstaller

[14/09/2009|19:52:] C:\Arquivos de programas\Arquivos comuns\<DIR> Wise Installation Wizard

[23/10/2009|10:20:] C:\Arquivos de programas\Arquivos comuns\<DIR> xing shared

--------------------\\ Process

( 44 Processes )

... OK !

--------------------\\ Procura pelo S_Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura no Registro

..... OK !

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

Arquivos/Ficheiros Hosts LIMPO

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-17 13:12:37

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 11

--------------------\\ Procurando por outras infecções

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\srosa]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\srosa]

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa]

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\RODRIG~1\Dados de aplicativos\BitTorrent\Bejeweled 2 + Crack [Full Version].rar.torrent

C:\DOCUME~1\RODRIG~1\Dados de aplicativos\BitTorrent\Call.Of.Duty.4.Modern.Warfare.(v1.5).Single.&.Multiplayer.Crack.Incl.KeyGen-XiNiTHAOUS.rar.torrent

C:\DOCUME~1\RODRIG~1\Meus documentos\Downloads\Bejeweled 2 + Crack [Full Version].rar

C:\DOCUME~1\RODRIG~1\Meus documentos\Downloads\Full Spectrum Warrior Ten Hammers\CRACKFIX

C:\DOCUME~1\RODRIG~1\Meus documentos\Downloads\Full Spectrum Warrior Ten Hammers\CRACKFIX\fsw2.exe

C:\DOCUME~1\RODRIG~1\Meus documentos\Downloads\PC-Full.Spectrum.Warrior.Ten.Hammers-DvD.Multi5-By.TXT\Crack

C:\DOCUME~1\RODRIG~1\Meus documentos\Downloads\PC-Full.Spectrum.Warrior.Ten.Hammers-DvD.Multi5-By.TXT\Crack\fsw2.exe

C:\DOCUME~1\RODRIG~1\Meus documentos\L.A.R. V¡deo Produ‡äes\M£sicas\CINEMA\nutcrack.mid

[F:321][D:23]-> C:\DOCUME~1\RODRIG~1\CONFIG~1\Temp

[F:52][D:0]-> C:\DOCUME~1\RODRIG~1\Cookies

[F:2408][D:16]-> C:\DOCUME~1\RODRIG~1\CONFIG~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - qui 17/12/2009|13:19 - Option : [2]

--------------------\\ Verificação completa em 13:19:37

Log do HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:23: Rodrigo, on 17/12/2009