[Resolvido!] 2 iexplore.exe no gerenciador de tarefas !

Mafeh · Dezembro 20, 2009

Ola,

Estou com um problema para instalar o adobe creative suite 4 no meu pc, quando instalo diz que o internet explorer esta aberto!

Ja tentei de todas as formas fecha-lo e ate removi do computador mais nao resolveu!

No gereneciador de tarefas em processos:

Eu tento deleta o iexplore.exe (pois aparecem 2!), mais ele volta logo que eu apago ele!

E eu estou tendo uns problemas com o IE tanto que eu exclui ele achando que ia

resolver porem nao resolveu, que ele fica abrindo umas paginas de propaganda do nada

de celular, tipo pop-up !

Eu ja tentei bloquear pop-up e tal mais tbm nao adianta e mesmo tendo excluido ta aparencendo

a pagina do IE com essas propagandas!

Na PROPRIEDADES da pagina aparece esse nome sempre do mesmo: CiD: http://www.adserver5.com/dsnr.html

Deve ser por isso que nunca finaliza o IE mesmo eu excluindo no GERENCIADOR DE TAREFAS!

(obs: isso começou a acontecer depois que veio da formataçao!)

Se você puder me ajudar..

Obrigada!

Mafeh · Dezembro 20, 2009

Oi aqui vai o Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:47:23, on 20/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [dog about manager team] C:\Documents and Settings\All Users\Dados de aplicativos\Drv Audio Dog About\WAVE SIXTH.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WinPoke] C:\DOCUME~1\Usuario\DADOSD~1\BITSFR~1\UPLOADANTIAXIS.exe

O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Arquivos de programas\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT

O4 - HKCU\..\Run: [EA Core] "C:\Arquivos de programas\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\RunOnce: [uniblueRegistryBooster] "C:\Arquivos de programas\Uniblue\RegistryBooster\launcher.exe" delay 20000

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Arquivos de programas\LimeWire\LimeWire.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: VPro530.lnk = ?

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--

End of file - 10875 bytes

DigRam · Dezembro 20, 2009

Boa Tarde! Mafeh

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Desabilite seu anti-vírus ou Firewall.

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

Abraços!

Mafeh · Dezembro 20, 2009

Relatorio:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 4000+ )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : Usuario ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:68 Go (Free:48 Go)

D:\ (CD or DVD)

E:\ (USB)

F:\ (Local Disk) - NTFS - Total:80 Go (Free:80 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( dom 20/12/2009|21:20 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\WINDOWS\Tasks\A5EF12A591848CC9.job

Deleted! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Drv Audio Dog About\WAVE SIXTH.dat

Deleted! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Drv Audio Dog About\WAVE SIXTH.exe

Deleted! - C:\DOCUME~1\Usuario\DADOSD~1\bitsfr~1\List Extra Media Skip.exe

Deleted! - C:\DOCUME~1\Usuario\DADOSD~1\bitsfr~1\LiveSignJoy.exe

Deleted! - C:\DOCUME~1\Usuario\DADOSD~1\bitsfr~1\mhhmalhf.exe

Deleted! - C:\DOCUME~1\Usuario\DADOSD~1\bitsfr~1\sykgjnra.exe

Deleted! - C:\DOCUME~1\Usuario\DADOSD~1\bitsfr~1\UPLOADANTIAXIS.exe

Deleted! - C:\DOCUME~1\Usuario\Cookies\usuario@www.adserver5[1].txt

Deleted! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Drv Audio Dog About

Deleted! - C:\DOCUME~1\Usuario\DADOSD~1\bitsfr~1

Deleted! - C:\Arquivos de programas\bitsfr~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in DADOSD~1

[14/12/2009|22:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[14/12/2009|10:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[21/10/2008|12:46] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

[14/12/2009|22:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

[14/12/2009|22:15] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[14/12/2009|10:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avira

[15/12/2009|00:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Electronic Arts

[15/12/2009|18:41] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[14/12/2009|20:18] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Hewlett-Packard

[14/12/2009|20:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[14/12/2009|20:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP Product Assistant

[14/12/2009|20:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HPSSUPPLY

[14/12/2009|22:43] C:\DOCUME~1\ALLUSE~1\DADOSD~1\LimeWireTurbo

[14/12/2009|21:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[20/12/2009|12:18] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[19/12/2009|22:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Help

[21/10/2008|12:44] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[14/12/2009|11:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NVIDIA Corporation

[14/12/2009|21:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Philips

[14/12/2009|22:29] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

[21/10/2008|11:46] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

[14/12/2009|20:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WEBREG

[20/10/2008|11:16] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

[20/12/2009|02:26] C:\DOCUME~1\LOCALS~1\DADOSD~1\Adobe

[14/12/2009|18:23] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

[20/10/2008|11:16] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

[23/10/2008|17:43] C:\DOCUME~1\Usuario\DADOSD~1\Adobe

[23/10/2008|17:55] C:\DOCUME~1\Usuario\DADOSD~1\Ahead

[14/12/2009|22:19] C:\DOCUME~1\Usuario\DADOSD~1\Apple Computer

[14/12/2009|20:32] C:\DOCUME~1\Usuario\DADOSD~1\HP

[20/10/2008|11:21] C:\DOCUME~1\Usuario\DADOSD~1\Identities

[20/12/2009|20:20] C:\DOCUME~1\Usuario\DADOSD~1\LimeWire

[14/12/2009|22:47] C:\DOCUME~1\Usuario\DADOSD~1\LimeWireTurbo

[21/10/2008|11:31] C:\DOCUME~1\Usuario\DADOSD~1\Macromedia

[20/12/2009|00:11] C:\DOCUME~1\Usuario\DADOSD~1\Microsoft

[14/12/2009|23:25] C:\DOCUME~1\Usuario\DADOSD~1\Mozilla

[14/12/2009|22:48] C:\DOCUME~1\Usuario\DADOSD~1\Skype

[14/12/2009|22:36] C:\DOCUME~1\Usuario\DADOSD~1\skypePM

[14/12/2009|22:44] C:\DOCUME~1\Usuario\DADOSD~1\Sun

[21/10/2008|12:06] C:\DOCUME~1\Usuario\DADOSD~1\Symantec

[20/12/2009|13:37] C:\DOCUME~1\Usuario\DADOSD~1\Uniblue

[21/10/2008|11:19] C:\DOCUME~1\Usuario\DADOSD~1\WinRAR

[20/12/2009|20:20] C:\DOCUME~1\Usuario\DADOSD~1\WTablet

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[18/12/2009 14:10][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[20/12/2009 20:19][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 10:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Arquivos de programas

[14/12/2009|10:27] C:\Arquivos de programas\Adobe

[14/12/2009|22:14] C:\Arquivos de programas\Apple Software Update

[19/12/2009|22:24] C:\Arquivos de programas\Arquivos comuns

[14/12/2009|10:30] C:\Arquivos de programas\Avira

[14/12/2009|22:15] C:\Arquivos de programas\Bonjour

[20/12/2009|12:52] C:\Arquivos de programas\CCleaner

[14/12/2009|21:02] C:\Arquivos de programas\Circle Developemen

[20/10/2008|11:11] C:\Arquivos de programas\ComPlus Applications

[21/10/2008|12:32] C:\Arquivos de programas\CyberLink

[14/12/2009|21:01] C:\Arquivos de programas\DIFX

[19/12/2009|21:34] C:\Arquivos de programas\Electronic Arts

[21/10/2008|11:26] C:\Arquivos de programas\Ethalone

[15/12/2009|18:54] C:\Arquivos de programas\GbPlugin

[14/12/2009|20:13] C:\Arquivos de programas\Hewlett-Packard

[20/12/2009|14:47] C:\Arquivos de programas\Hijack

[14/12/2009|20:16] C:\Arquivos de programas\HP

[19/12/2009|21:34] C:\Arquivos de programas\InstallShield Installation Information

[20/12/2009|13:29] C:\Arquivos de programas\Internet Explorer

[14/12/2009|22:15] C:\Arquivos de programas\iPod

[14/12/2009|22:16] C:\Arquivos de programas\iTunes

[14/12/2009|22:45] C:\Arquivos de programas\Java

[14/12/2009|22:51] C:\Arquivos de programas\LimeWire

[20/12/2009|21:11] C:\Arquivos de programas\LopSD

[16/12/2009|21:08] C:\Arquivos de programas\Mad Scientist Productions

[14/12/2009|10:40] C:\Arquivos de programas\Messenger

[14/12/2009|11:49] C:\Arquivos de programas\Messenger Plus! Live

[14/12/2009|11:38] C:\Arquivos de programas\Microsoft

[20/10/2008|11:16] C:\Arquivos de programas\microsoft frontpage

[19/12/2009|22:24] C:\Arquivos de programas\Microsoft Office

[14/12/2009|11:39] C:\Arquivos de programas\Microsoft Silverlight

[14/12/2009|11:39] C:\Arquivos de programas\Microsoft Sync Framework

[21/10/2008|12:28] C:\Arquivos de programas\Microsoft Visual Studio

[19/12/2009|22:20] C:\Arquivos de programas\Microsoft Visual Studio 8

[19/12/2009|22:24] C:\Arquivos de programas\Microsoft Works

[15/12/2009|00:07] C:\Arquivos de programas\Microsoft WSE

[19/12/2009|22:23] C:\Arquivos de programas\Microsoft.NET

[14/12/2009|10:39] C:\Arquivos de programas\Movie Maker

[20/12/2009|21:09] C:\Arquivos de programas\Mozilla Firefox

[19/12/2009|22:24] C:\Arquivos de programas\MSBuild

[20/10/2008|11:10] C:\Arquivos de programas\MSN Gaming Zone

[21/10/2008|12:44] C:\Arquivos de programas\Nero

[14/12/2009|10:38] C:\Arquivos de programas\NetMeeting

[14/12/2009|11:17] C:\Arquivos de programas\NVIDIA Corporation

[14/12/2009|10:38] C:\Arquivos de programas\Outlook Express

[14/12/2009|21:05] C:\Arquivos de programas\Philips

[14/12/2009|21:05] C:\Arquivos de programas\Philips_VLounge

[14/12/2009|22:15] C:\Arquivos de programas\QuickTime

[20/10/2008|11:15] C:\Arquivos de programas\Servi‡os on-line

[14/12/2009|22:29] C:\Arquivos de programas\Skype

[14/12/2009|20:39] C:\Arquivos de programas\Tablet

[20/10/2008|11:21] C:\Arquivos de programas\Uninstall Information

[14/12/2009|11:39] C:\Arquivos de programas\Windows Live

[14/12/2009|11:38] C:\Arquivos de programas\Windows Live SkyDrive

[14/12/2009|10:42] C:\Arquivos de programas\Windows Media Player

[14/12/2009|10:38] C:\Arquivos de programas\Windows NT

[20/10/2008|11:15] C:\Arquivos de programas\WindowsUpdate

[14/12/2009|10:26] C:\Arquivos de programas\WinRAR

[20/10/2008|11:16] C:\Arquivos de programas\xerox

[21/10/2008|12:25] C:\Arquivos de programas\XP Codec Pack

--------------------\\ Listing Folders in C:\Arquivos de programas\Arquivos comuns

[19/12/2009|22:39] C:\Arquivos de programas\Arquivos comuns\Adobe

[21/10/2008|12:46] C:\Arquivos de programas\Arquivos comuns\Ahead

[14/12/2009|22:15] C:\Arquivos de programas\Arquivos comuns\Apple

[14/12/2009|21:05] C:\Arquivos de programas\Arquivos comuns\ArcSoft

[19/12/2009|22:24] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[14/12/2009|20:13] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[14/12/2009|20:14] C:\Arquivos de programas\Arquivos comuns\HP

[14/12/2009|10:50] C:\Arquivos de programas\Arquivos comuns\InstallShield

[19/12/2009|22:30] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[20/10/2008|11:13] C:\Arquivos de programas\Arquivos comuns\MSSoap

[20/10/2008|09:05] C:\Arquivos de programas\Arquivos comuns\ODBC

[20/10/2008|11:13] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[14/12/2009|22:29] C:\Arquivos de programas\Arquivos comuns\Skype

[14/12/2009|21:01] C:\Arquivos de programas\Arquivos comuns\SPC530NC

[20/10/2008|09:05] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[19/12/2009|22:29] C:\Arquivos de programas\Arquivos comuns\System

[14/12/2009|11:29] C:\Arquivos de programas\Arquivos comuns\Windows Live

--------------------\\ Process

( 50 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-20 21:21:44

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Searching for other infections

No other infections found !

[F:86][D:35]-> C:\DOCUME~1\Usuario\CONFIG~1\Temp

[F:38][D:0]-> C:\DOCUME~1\Usuario\Cookies

[F:1034][D:4]-> C:\DOCUME~1\Usuario\CONFIG~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - dom 20/12/2009|21:22 - Option : [2]

--------------------\\ Scan completed at 21:22:07

Hijackthis atualizado:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:29:22, on 20/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe