Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Fanty

C:Windows\Downloaded Program Files\ClientAX.dll

Recommended Posts

meu log .......

Logfile of HijackThis v1.99.1

Scan saved at 18:25:11, on 27/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\WINDOWS\system32\LXSUPMON.EXE

C:\WINDOWS\rqqsnd.exe

C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe

C:\Arquivos de programas\ORiNOCO\Client Manager\CMLUC.EXE

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\UOL\Barra UOL\ubphost.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: Free Cruise Toolbar - {C5B7140A-CBA6-4C5B-B10D-DF94B5F17AB5} - C:\Arquivos de programas\Free Cruise Toolbar\usetb.dll

O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Arquivos de programas\UOL\Barra UOL\ubp.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Free Cruise Toolbar - {C5B7140A-CBA6-4C5B-B10D-DF94B5F17AB5} - C:\Arquivos de programas\Free Cruise Toolbar\usetb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [services] C:\WINDOWS\system32\service\services.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [nostd] C:\WINDOWS\system32\nostd.scr

O4 - HKLM\..\Run: [rqqsnd] C:\WINDOWS\rqqsnd.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: ORiNOCO Client Manager.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Adicionar RSS - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3130

O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Liberar pop-ups desta página - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3028

O8 - Extra context menu item: Liberar pop-ups deste site - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3027

O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Free Cruise Toolbar - {3E90E701-A4A6-4a9e-B935-C39519274323} - C:\Arquivos de programas\Free Cruise Toolbar\usetb.dll

O9 - Extra 'Tools' menuitem: Free Cruise Toolbar - {3E90E701-A4A6-4a9e-B935-C39519274323} - C:\Arquivos de programas\Free Cruise Toolbar\usetb.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...836/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA425A18-8C0D-4079-BB06-45B1BAF4C237}: NameServer = 201.30.97.200,200.255.255.65

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

:huh:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fantybrothers, a Toolbar "Free Cruise Toolbar" é válida para você? Caso não seja, entre em adicionar ou remover programas e desinstale.

@- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

- Copie as instruções para o bloco de notas ou imprima!

- Faça a descompactação do KillBox e reserve-o numa pasta ou em seu desktop;

- Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

C:Windows\Downloaded Program Files\ClientAX.dll

C:\WINDOWS\system32\service\services.exe

C:\WINDOWS\system32\nostd.scr

C:\WINDOWS\rqqsnd.exe

...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X...killbox.png e responda Não à pergunta.

@- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

- Execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes à(s) entradas relacionadas abaixo em azul. Ao final da seleção, clique em Fix Checked... ht-fix.png

O4 - HKLM\..\Run: [services] C:\WINDOWS\system32\service\services.exe

O4 - HKLM\..\Run: [nostd] C:\WINDOWS\system32\nostd.scr

O4 - HKLM\..\Run: [rqqsnd] C:\WINDOWS\rqqsnd.exe

@- Reinicie em modo normal.

- Faça um scan On-Line com o Ewido.

http://www.ewido.net/en/onlinescan/

@- Copie outro log do Hijack (atualizado), do Ewido e cole-os na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • bom Mr Coruja eu já removi a " Free Cruise Toolbar"

    i aqui ta u log atualizado

    Logfile of HijackThis v1.99.1

    Scan saved at 02:30:48, on 28/8/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

    C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\System32\svchost.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\Arquivos de programas\DAP\DAP.EXE

    C:\WINDOWS\system32\LXSUPMON.EXE

    C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe

    C:\Arquivos de programas\ORiNOCO\Client Manager\CMLUC.EXE

    C:\Arquivos de programas\WinZip\WZQKPICK.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\UOL\Barra UOL\ubphost.exe

    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

    R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Arquivos de programas\UOL\Barra UOL\ubp.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

    O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - Global Startup: Image Transfer.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: ORiNOCO Client Manager.lnk = ?

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

    O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

    O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: Adicionar RSS - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3130

    O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Liberar pop-ups desta página - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3028

    O8 - Extra context menu item: Liberar pop-ups deste site - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3027

    O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...836/mcfscan.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA425A18-8C0D-4079-BB06-45B1BAF4C237}: NameServer = 201.30.97.200,200.255.255.65

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    i do ewido :

    __________________________________________________

    ewido anti-spyware online scanner

    http://www.ewido.net

    __________________________________________________

    Name: TrackingCookie.2o7

    Path: C:\Documents and Settings\Usuario\Cookies\usuario@2o7[2].txt

    Risk: Medium

    Name: TrackingCookie.Atdmt

    Path: C:\Documents and Settings\Usuario\Cookies\usuario@atdmt[2].txt

    Risk: Medium

    Name: TrackingCookie.Com

    Path: C:\Documents and Settings\Usuario\Cookies\usuario@com[1].txt

    Risk: Medium

    Name: TrackingCookie.Doubleclick

    Path: C:\Documents and Settings\Usuario\Cookies\usuario@doubleclick[1].txt

    Risk: Medium

    Name: TrackingCookie.Tribalfusion

    Path: C:\Documents and Settings\Usuario\Cookies\usuario@tribalfusion[1].txt

    Risk: Medium

    Name: Adware.Altnet

    Path: HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE

    Risk: Medium

    Name: Adware.180Solutions

    Path: HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller

    Risk: Medium

    Name: Adware.180Solutions

    Path: HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID

    Risk: Medium

    Name: Adware.180Solutions

    Path: HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer

    Risk: Medium

    Name: Adware.180Solutions

    Path: HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1

    Risk: Medium

    Name: Adware.Zango

    Path: HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent

    Risk: Medium

    Name: Adware.Zango

    Path: HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID

    Risk: Medium

    Name: Adware.Zango

    Path: HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer

    Risk: Medium

    Name: Adware.Zango

    Path: HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1

    Risk: Medium

    Name: Adware.WebDir

    Path: HKLM\SOFTWARE\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}

    Risk: Medium

    Name: Adware.Altnet

    Path: HKLM\SOFTWARE\Classes\SigningModule.SigningModule

    Risk: Medium

    Name: Adware.Altnet

    Path: HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID

    Risk: Medium

    Name: Adware.Altnet

    Path: HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer

    Risk: Medium

    Name: Adware.Altnet

    Path: HKLM\SOFTWARE\Classes\SigningModule.SigningModule.1

    Risk: Medium

    Name: Adware.WebRebates

    Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins

    Risk: Medium

    Name: Adware.Starware

    Path: HKU\S-1-5-21-1078081533-1606980848-854245398-1003\Software\Starware

    Risk: Medium

    Name: Adware.Starware

    Path: HKU\S-1-5-21-1078081533-1606980848-854245398-1003\Software\Starware\Options

    Risk: Medium

    Name: Adware.Starware

    Path: HKU\S-1-5-21-1078081533-1606980848-854245398-1003\Software\Starware\OriginalAutoSearch

    Risk: Medium

    Name: Adware.Starware

    Path: HKU\S-1-5-21-1078081533-1606980848-854245398-1003\Software\Starware\OriginalSearchAssistant

    Risk: Medium

    Name: Adware.Starware

    Path: HKU\S-1-5-21-1078081533-1606980848-854245398-1003\Software\Starware\OriginalURLSearchHooks

    Risk: Medium

    Name: Adware.Starware

    Path: HKU\S-1-5-21-1078081533-1606980848-854245398-1003\Software\Starware\SearchAssistant

    Risk: Medium

    Name: Adware.Altnet

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\asmfiles.cab/asm.exe

    Risk: Medium

    Name: Adware.Altnet

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\asmfiles.cab/asmps.dll

    Risk: Medium

    Name: TrackingCookie.Atdmt

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\Cookies\usuario@atdmt[2].txt

    Risk: Medium

    Name: TrackingCookie.Doubleclick

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\Cookies\usuario@doubleclick[1].txt

    Risk: Medium

    Name: Adware.Altnet

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\Temporary Internet Files\Content.IE5\4DERK9UJ\asmfiles[1].cab/asm.exe

    Risk: Medium

    Name: Adware.Altnet

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\Temporary Internet Files\Content.IE5\4DERK9UJ\asmfiles[1].cab/asmps.dll

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\BrowserSearch

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\BrowserSearch\BrowserSearch.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\BrowserSearch\BrowserSearch.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ErrorSearch

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ErrorSearch\ErrorSearchOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ErrorSearch\ErrorSearchOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Games

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Games\GamesOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Games\GamesOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Layouts

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Layouts\PreferencesLayout.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Layouts\PreferencesLayout.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Layouts\ToolbarLayout.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Layouts\ToolbarLayout.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Manager

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Manager\ManagerOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Manager\ManagerOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\PopupBlocker

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\PopupBlocker\PopupBlockerOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\PopupBlocker\PopupBlockerOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Reference

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Reference\ReferenceOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Reference\ReferenceOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\RelatedSearch

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\RelatedSearch\RelatedSearchOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\RelatedSearch\RelatedSearchOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ScreenSavers

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ScreenSavers\ScreenSaversOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ScreenSavers\ScreenSaversOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\SearchAssistPlus

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\SearchMatch

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\SearchMatch\SearchMatchOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\SearchMatch\SearchMatchOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\SmileyTown

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\SmileyTown\SmileyTownOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\SmileyTown\SmileyTownOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Toolbar

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Toolbar\TBProductsOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\Toolbar\TBProductsOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ToolbarLogo

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ToolbarLogo\ToolbarLogoOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ToolbarSearch

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ToolbarSearch\ToolbarSearchOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\TravelSearch

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\TravelSearch\TravelSearchOptions.xml

    Risk: Medium

    Name: Adware.Starware

    Path: C:\Documents and Settings\Usuario\Dados de aplicativos\Starware\TravelSearch\TravelSearchOptions.xml.backup

    Risk: Medium

    Name: Adware.Altnet

    Path: C:\Program Files\Altnet\Download Manager\asm.exe

    Risk: Medium

    Name: Adware.Altnet

    Path: C:\Program Files\Altnet\Download Manager\asmps.dll

    Risk: Medium

    Name: Adware.eZula

    Path: C:\WINDOWS\iLookup

    Risk: Medium

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Fantybrothers, vou lhe pedir que rode o scan do ewido novamente e faça a limpeza automática de todos os problemas encontrados.

    Post novos logs...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • tudo bem vou fazer u scan i vou postar us novos logs ....

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Mr Coruja ,

    Bom eu fiz o que foi pedido aqui estar :

    Logfile of HijackThis v1.99.1

    Scan saved at 23:02:05, on 28/8/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\System32\svchost.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\Arquivos de programas\DAP\DAP.EXE

    C:\WINDOWS\system32\LXSUPMON.EXE

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe

    C:\Arquivos de programas\ORiNOCO\Client Manager\CMLUC.EXE

    C:\Arquivos de programas\WinZip\WZQKPICK.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

    C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

    C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\UOL\Barra UOL\ubphost.exe

    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

    R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Arquivos de programas\UOL\Barra UOL\ubp.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

    O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKLM\..\Run: [HelperVer] "C:\WINDOWS\HelperVer.exe"

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - Global Startup: Image Transfer.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: ORiNOCO Client Manager.lnk = ?

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

    O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

    O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: Adicionar RSS - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3130

    O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Liberar pop-ups desta página - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3028

    O8 - Extra context menu item: Liberar pop-ups deste site - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3027

    O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...836/mcfscan.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA425A18-8C0D-4079-BB06-45B1BAF4C237}: NameServer = 201.30.97.200,200.255.255.65

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    E do scan ewido :

    Name: Adware.Altnet

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\asmfiles.cab/asm.exe

    Risk: Medium

    Name: Adware.Altnet

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\asmfiles.cab/asmps.dll

    Risk: Medium

    Name: TrackingCookie.Atdmt

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\Cookies\usuario@atdmt[2].txt

    Risk: Medium

    Name: TrackingCookie.Doubleclick

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\Cookies\usuario@doubleclick[1].txt

    Risk: Medium

    Name: Adware.Altnet

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\Temporary Internet Files\Content.IE5\4DERK9UJ\asmfiles[1].cab/asm.exe

    Risk: Medium

    Name: Adware.Altnet

    Path: C:\Documents and Settings\Usuario\Configurações locais\Temp\Temporary Internet Files\Content.IE5\4DERK9UJ\asmfiles[1].cab/asmps.dll

    Risk: Medium

    Name:Adware.Altnet

    Path: C:\Program Files\Altnet\Download Manager\asm.exe

    Risk: Medium

    Name: Adware.Altnet

    Path: C:\Program Files\Altnet\Download Manager\asmps.dll

    Risk: Medium

    Name: Adware.eZula

    Path: C:\WINDOWS\iLookup

    Risk: Medium

    esses dai acimas não foram possiveis de remover automaticamente

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Fantybrothers,

    @- Vá até o site, http://virusscan.jotti.org/ , faça um "Scan" no(s) seguinte(s) arquivo(s) abaixo e retorne os resultados.

    C:\WINDOWS\HelperVer.exe

    • Copie o caminho completo acima e cole-o dentro da box no, File to upload...
    • Clique em Submit.
    • Aguarde... Copie e cole o resultado para o bloco de notas. Salve e reserve.

    - Baixe o CCleaner e instale.

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

    C:\Program Files\Altnet

    C:\WINDOWS\iLookup

    ...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X...killbox.png e responda Não à pergunta.

    @- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    - Execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes à(s) entradas relacionadas abaixo em azul. Ao final da seleção, clique em Fix Checked... ht-fix.png

    O4 - HKLM\..\Run: [HelperVer] "C:\WINDOWS\HelperVer.exe"

    - Rode o CCleaner, faça uma boa limpeza em seu computador e procure por erros no registro.

    @- Reinicie em modo normal.

    @- Copie outro log do Hijack (atualizado), Resultado do Scan (arquivo: HelperVer.exe) e cole-os na sequência.

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • bom Mr Coruja , fiz o qui foi pedido i aqui estar novamente

    u log atualizado :

    Logfile of HijackThis v1.99.1

    Scan saved at 11:16:11, on 29/8/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\Arquivos de programas\DAP\DAP.EXE

    C:\WINDOWS\system32\LXSUPMON.EXE

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe

    C:\Arquivos de programas\ORiNOCO\Client Manager\CMLUC.EXE

    C:\Arquivos de programas\WinZip\WZQKPICK.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\UOL\Barra UOL\ubphost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

    R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

    O2 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Arquivos de programas\UOL\Barra UOL\ubp.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - Global Startup: Image Transfer.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: ORiNOCO Client Manager.lnk = ?

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

    O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

    O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: Adicionar RSS - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3130

    O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Liberar pop-ups desta página - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3028

    O8 - Extra context menu item: Liberar pop-ups deste site - res://C:\Arquivos de programas\UOL\Barra UOL\ubp.dll/3027

    O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...836/mcfscan.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA425A18-8C0D-4079-BB06-45B1BAF4C237}: NameServer = 201.30.97.200,200.255.255.65

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    e o outro do arquivo :

    File: HelperVer.exe

    Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)

    MD5 0dd9fddb222a97d659b9a220464db485

    Packers detected: -

    Scanner results

    AntiVir Found Heuristic/Trojan.Downloader (probable variant)

    ArcaVir Found nothing

    Avast Found nothing

    AVG Antivirus Found nothing

    BitDefender Found nothing

    ClamAV Found nothing

    Dr.Web Found nothing

    F-Prot Antivirus Found nothing

    Fortinet Found nothing

    Kaspersky Anti-Virus Found nothing

    NOD32 Found nothing

    Norman Virus Control Found nothing

    UNA Found nothing

    VirusBuster Found nothing

    VBA32 Found Trojan-Downloader.Agent.164 (paranoid heuristics) (probable variant)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    <div align="center">Fantybrothers,

    O seu log está LIMPO! Mais algum problema?

    Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

    Como o arquivo "C:\WINDOWS\HelperVer.exe" é apenas suspeito, vamos fazer um procedimento de renomeá-lo. Então, reinicie o seu computador em modo seguro e altere a extensão deste arquivo para, ex: C:\WINDOWS\HelperVer.exe.BAK. Reinicie em modo normal</div>

    <div align="center">Obrigado pelo retorno e um forte abraço!</div>

    <div align="center">buho8xs.gif</div>

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bom Mr Coruja até agora tudo esta ok , u msn ta normal , i meus problemas foram resolvidos . então desde já quero lhe agradecer pela ajuda qui você mi proporcio i por tudo

    è só isso , qualqer problema eu retornu

    Brigadão ....

    falou

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    <div align="center">Fico feliz pela solução do seu problema... Tenha um bom dia amigo.

    Poderá clicar no botão ALERTAR e informar ao moderador da área que o problema foi resolvido e que o tópico pode ser fechado.</div>

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    CASO RESOLVIDO!

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×