[Resolvido!]Vários iexplore.exe .exe e svchost

[Elwood 0]

Bom Dia!

 

Meu notebook tem ficado o tempo todo com 100% de processamento e chegando a ocuopar quase 2GB de memória no total.

Notei que as tarefas iexplore.exe svchost.exe e help.exe apareciam diversas vezes no gerenciado de tarefas.

Pesquisei a respeito e tentei duas atitudes, desinstalei o flashget e tentei instalar um antivirus (Norton), mas não consegui instalar, acredito que pela lentidão do sistema. Tentei então passar esse anti virus on-line: http://www.kaspersky.com/virusscanner sem sucesso novamente.

 

Abaixo o Log do Hijack

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:20:25, on 21/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Igor\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\Igor\LOCALS~1\Temp\woso.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: winxp2 - Unknown owner - C:\WINDOWS\system32\scarem.exe

O23 - Service: xp2 - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\yejwx.exe (file missing)

 

 

O help.exe não tem aparecido ultimamente, mas já foi um dos mais carregados!

 

Obrigado pela atenção

[Elwood 0]

Após algumas fuçadas por conta própria dei fim no super processamento, eu acho... e nos excessos de iexplore.exe e svchost. Agora eu tenho uma sequencia de janelas de erro que abre inumeras vezes do help.exe e varios incidentes no log do antivirus do panda.

 

Abaixo o log atual do Hijack e do Panda

 

------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 18:23:24, on 22/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Igor\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\Igor\LOCALS~1\Temp\woso.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: winxp2 - Unknown owner - C:\WINDOWS\system32\scarem.exe

O23 - Service: xp2 - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\yejwx.exe (file missing)

 

-----------------------------------

 

Incident Status Location

 

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Doubleclick Not disinfected

Spyware:Cookie/Advertising Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/YieldManager Not disinfected

Spyware:Cookie/Statcounter Not disinfected

Spyware:Cookie/Tribalfusion Not disinfected

Spyware:Cookie/Atwola Not disinfected

Spyware:Cookie/Hitbox Not disinfected

Spyware:Cookie/Atlas DMT Not disinfected

Spyware:Cookie/FastClick Not disinfected

Spyware:Cookie/Xiti Not disinfected

Spyware:Cookie/onestat.com Not disinfected

Spyware:Cookie/2o7 Not disinfected

Spyware:Cookie/adultfriendfinder Not disinfected

Spyware:Cookie/Falkag Not disinfected

Spyware:Cookie/Adtech Not disinfected

Spyware:Cookie/Serving-sys Not disinfected

Spyware:Cookie/Serving-sys Not disinfected

Spyware:Cookie/Serving-sys Not disinfected

Spyware:Cookie/PointRoll Not disinfected

Spyware:Cookie/WebtrendsLive Not disinfected

Spyware:Cookie/Overture Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Mediaplex Not disinfected

Spyware:Cookie/Server.iad.Liveperson Not disinfected

Spyware:Cookie/Server.iad.Liveperson Not disinfected

Spyware:Cookie/BurstNet Not disinfected

Spyware:Cookie/Overture Not disinfected

Spyware:Cookie/bravenetA Not disinfected

Spyware:Cookie/Zedo Not disinfected

Spyware:Cookie/Doubleclick Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Xiti Not disinfected

Spyware:Cookie/Adtech Not disinfected

Spyware:Cookie/YieldManager Not disinfected

Spyware:Cookie/bravenetA Not disinfected

Spyware:Cookie/Overture Not disinfected

Spyware:Cookie/adultfriendfinder Not disinfected

Spyware:Cookie/Tribalfusion Not disinfected

Spyware:Cookie/Zedo Not disinfected

Spyware:Cookie/MetriWeb Not disinfected

Spyware:Cookie/Advertising Not disinfected

Spyware:Cookie/Atlas DMT Not disinfected

Spyware:Cookie/Casalemedia Not disinfected

Spyware:Cookie/FastClick Not disinfected

Spyware:Cookie/Server.iad.Liveperson Not disinfected

Spyware:Cookie/Server.iad.Liveperson Not disinfected

Spyware:Cookie/Bluestreak Not disinfected

Spyware:Cookie/Overture Not disinfected

Spyware:Cookie/FortuneCity Not disinfected

Spyware:Cookie/QuestionMarket Not disinfected

Spyware:Cookie/Weborama Not disinfected

Spyware:Cookie/Maxserving Not disinfected

Spyware:Cookie/Atwola Not disinfected

Spyware:Cookie/Serving-sys Not disinfected

Spyware:Cookie/Serving-sys Not disinfected

Spyware:Cookie/WUpd Not disinfected

Spyware:Cookie/Hitbox Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Admotion Not disinfected

Spyware:Cookie/Atwola Not disinfected

Spyware:Cookie/Ccbill Not disinfected

Spyware:Cookie/Cgi-bin Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Go Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Com.com Not disinfected

Spyware:Cookie/Xiti Not disinfected

Virus:Bck/mIRCBased.X Not disinfected

Potentially unwanted tool:Application/JohnTheRipper.A Not disinfected

Potentially unwanted tool:Application/JohnTheRipper.A Not disinfected

Potentially unwanted tool:Application/JohnTheRipper.A Not disinfected

Potentially unwanted tool:Application/JohnTheRipper.A Not disinfected

Potentially unwanted tool:Application/JohnTheRipper.A Not disinfected

Potentially unwanted tool:Application/JohnTheRipper.A Not disinfected

Potentially unwanted tool:Application/JohnTheRipper.A Not disinfected

Potentially unwanted tool:Application/JohnTheRipper.A Not disinfected

 

Adianto que já apaguei o arquivo que continha o "Virus:Bck/mIRCBased.X ".

 

Meu avg (recem instalado) acusa frequentemente o arquivo "scaremo.dll".

 

Acredito que ainda tenham algumas pragas por aqui.

 

Obrigado pela atenção novamente

[Frusciante 0]

Bom Elwood...

 

Seu log aponta alguns arquivos que não deveriam estar na máquina.

 

Por isso...segue abaixo a lista de arquivos que você deve excluir na reinicialização do Sistema (utilizando o Pocket KillBox) e, em seguida, a lista de entrada que devem ser excluídas no HijackThis

 

Arquivos a serem excluídos

 

C:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\TPSBattM.exeC:\WINDOWS\system32\RAMASST.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exe

 

 

Entradas a serem eliminadas

 

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [wosa] C:\DOCUME~1\Igor\LOCALS~1\Temp\woso.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO23 - Service: winxp2 - Unknown owner - C:\WINDOWS\system32\scarem.exeO23 - Service: xp2 - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\yejwx.exe (file missing)

 

Meu...acho que isso ajuda.

 

abracos

[jgarcia 1]

Opa Elwood,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[Elwood 0]

Ok!

 

Vamos lá!

 

Primeiro segui todas as orientações do Frusciante. Quando reiniciei a máquina dois programas que custumavam inicializar sumiram. Eram da toshiba mesmo. Mas não tem importância, não os utilizava mto e além do mais resolveu o problema do help32.exe que não incomodou mais. Mas o virus que o AVG acusava, curava e sempre voltava, voltou (heheheheh). Abaixo o que o AVG disse:

 

c:\windows\system32\scaremo.dll

trojan horse Backdoor.generic5.ntx

 

Logo após vi a resposta do jgarcia.

Executei o bankerfix. Abaixo o log dele.

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 22/5/2007 - 21:40

-------------------------------------------------------

Lista de Definição: 2007-05-19-1

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

==================

 

Como não acusou nada resolvi dar fim no AVG e intalei o Norton (agora consegui pq o processamentovoltou ao normal).

 

Ele achou 3 virus e disse que apagou os 3 (nenhum era o Backdoor.generic5.ntx do scaremo.dll)

 

Então agora executei o hijackthis, segue o log:

 

Logfile of HijackThis v1.99.1

Scan saved at 23:56:15, on 22/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Igor\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

 

==============================

 

E ai? será que estou limpo agora? ^_^

 

Obrigado pela atenção e paciência amigos.

[jgarcia 1]

Primeiro segui todas as orientações do Frusciante. Quando reiniciei a máquina dois programas que custumavam inicializar sumiram. Eram da toshiba mesmo. Mas não tem importância, não os utilizava mto e além do mais resolveu o problema do help32.exe que não incomodou mais.

Desculpe, mas eu não penso que seja tão simples assim. A resposta do Frusciante fez com que você deletasse arquivos legítimos, os quais, felizmente faziam parte de programas pouco utilizados e não essenciais ao sistema operacional, mas poderia ter sido pior. Imagine que você tivesse removido um arquivo essencial ao SO. A esta altura você estaria reinstalando o Windows. Imaginou?

 

Outrossim, o help32.exe fora deletado pelo BankerFix e não em função da remoção dos arquivos indicados pelo colega. Para que tenha uma idéia, apenas as entradas abaixo eram ruins ou pouco convenientes:

 

O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\Igor\LOCALS~1\Temp\woso.exe

O11 - Options group: [iNTERNATIONAL] International*

O23 - Service: winxp2 - Unknown owner - C:\WINDOWS\system32\scarem.exe

O23 - Service: xp2 - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\yejwx.exe (file missing)

Bem, o log não apresenta entradas anormais. Como anda o funcionamento da máquina?

[Elwood 0]

Aparentemente tudo normal, confesso que a única preocupação restante é aquele scaremo.dll que o AVG identificava, mas a máquina voltou ao normal após a instalação do Norton, mesmo ele não tendo identificado isto.Muito obrigado pela sua ajuda.

[jgarcia 1]

Opa Elwood,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.

[Elwood 0]

Mister jgarcia.Tai o log do panda. E eu que jurava que o Ad-aware apagava essas coisas ai! Exceto o John the ripper, que acredito não fazer mal a ninguem em boas mãos ;-) .Spyware:Cookie/Atlas DMT Spyware:Cookie/Com.com Spyware:Cookie/Com.com Spyware:Cookie/Com.com Spyware:Cookie/Com.com Spyware:Cookie/Doubleclick Spyware:Cookie/Com.com Spyware:Cookie/Xiti Spyware:Cookie/Statcounter Spyware:Cookie/Zedo Spyware:Cookie/Adtech Spyware:Cookie/Advertising Spyware:Cookie/FastClick Spyware:Cookie/Hitbox Spyware:Cookie/Atwola Spyware:Cookie/onestat.com Spyware:Cookie/adultfriendfinder Spyware:Cookie/Falkag Spyware:Cookie/Serving-sys Spyware:Cookie/Serving-sys Spyware:Cookie/Serving-sys Spyware:Cookie/PointRoll Spyware:Cookie/WebtrendsLive Spyware:Cookie/Overture Spyware:Cookie/Com.com Spyware:Cookie/Mediaplex Spyware:Cookie/Server.iad.Liveperson Spyware:Cookie/Server.iad.Liveperson Spyware:Cookie/BurstNet Spyware:Cookie/Overture Spyware:Cookie/Atlas DMT Spyware:Cookie/Doubleclick Spyware:Cookie/Com.com Spyware:Cookie/Doubleclick Spyware:Cookie/Com.com Spyware:Cookie/Com.com Spyware:Cookie/Com.com Spyware:Cookie/Com.com Spyware:Cookie/Com.com Spyware:Cookie/Xiti Spyware:Cookie/Adtech Spyware:Cookie/YieldManager Spyware:Cookie/bravenetA Spyware:Cookie/Overture Spyware:Cookie/adultfriendfinder Spyware:Cookie/Tribalfusion Spyware:Cookie/Zedo Spyware:Cookie/MetriWeb Spyware:Cookie/Advertising Spyware:Cookie/Atlas DMT Spyware:Cookie/Casalemedia Spyware:Cookie/FastClick Spyware:Cookie/Server.iad.Liveperson Spyware:Cookie/Server.iad.Liveperson Spyware:Cookie/Bluestreak Spyware:Cookie/Overture Spyware:Cookie/FortuneCity Spyware:Cookie/QuestionMarket Spyware:Cookie/Weborama Spyware:Cookie/Maxserving Spyware:Cookie/Atwola Spyware:Cookie/Serving-sys Spyware:Cookie/Serving-sys Spyware:Cookie/WUpd Spyware:Cookie/Hitbox Spyware:Cookie/Com.com Spyware:Cookie/Admotion Spyware:Cookie/Atwola Spyware:Cookie/Ccbill Spyware:Cookie/Cgi-bin Spyware:Cookie/Com.com Spyware:Cookie/Go Spyware:Cookie/Com.com Spyware:Cookie/Com.com Spyware:Cookie/Com.com Spyware:Cookie/Xiti Potentially unwanted tool:Application/JohnTheRipper.A Potentially unwanted tool:Application/JohnTheRipper.A Potentially unwanted tool:Application/JohnTheRipper.A Potentially unwanted tool:Application/JohnTheRipper.A Potentially unwanted tool:Application/JohnTheRipper.A Potentially unwanted tool:Application/JohnTheRipper.A Potentially unwanted tool:Application/JohnTheRipper.A Potentially unwanted tool:Application/JohnTheRipper.AObrigado novamente, abraço.

[jgarcia 1]

Opa Elwood,

 

Vamos lá.

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

Baixe o AVG AntiSpyware em:

AVG AntiSpyware

 

* Selecione "English" como idioma para a instalação;

* Clique em Next --> I Agree --> Next --> Next. Desmarque a caixa Install background guard e clique em Install e depois Finish;

* Na janela principal do AVG AntiSpyware clique em Actualizar no menu esquerdo e então clique em Iniciar actualização;

* Quando a atualização terminar, você verá a mensagem Actualizado com sucesso no canto inferior esquerdo;

* Pronto, mas não o execute ainda.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie em Modo Seguro.

 

Execute uma verificação completa com o AVG AntiSpyware.

 

* Abra o AVG AntiSpyware e clique em Verificar --> Verificação Completa do Sistema;

* O AVG AntiSpyware detecta alguns programas legítimos, portanto não marque a caixa que diz Executar a ação em todas as infecções. Se o AVG AntiSpyware encontrar um arquivo que você acredita ser legítimo, escolha a opção "Nenhuma" e clique em OK. Caso contrário, deixe em Remover e clique em OK.

* Quando o AVG AntiSpyware terminar, feche-o.

 

3ª Etapa

 

Reinicie o computador em Modo Normal.

 

Execute a função Limpeza do CCleaner e clique em Executar Cleaner.

 

Execute a função Erros do CCleaner para Corrigir os erros existentes no micro.

 

Execute o Active Scan novamente e veja se ainda detecta algo.

 

Abraços.

[Elwood 0]

Foi quase tudo embora :) !Sobraram apenas:Spyware:Cookie/Com.com Spyware:Cookie/Doubleclick Spyware:Cookie/Com.com Spyware:Cookie/Com.com Spyware:Cookie/Atlas DMTIsso faz algum mal?Muito Obrigado.Abraço

[jgarcia 1]

Opa Elwood,

 

Pode-se considerar que a máquina está limpa. :thumbsup:

 

Utilize o CCleaner semanalmente para livrar-se dos Cookies, pois, isoladamente, eles não representam risco real ao PC.

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como.

 

Abraços.

[Elwood 0]

Ok!Tudo feito.Muito grato pela ajuda!Abraço

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.