mexicanox 7 Denunciar post Postado Dezembro 12, 2007 entao, o que acontece é o seguinte, eu passei o antivirus aqui ai apareceu um monte de virus ai eu pediria a gentileza para que alguem desse uma olhada no meu log por que eu acho que nao é muito certo o que aconteceu kkk vlws gente e muito obrigado!!! ________________________________________________________________________________ ____________________ Logfile of HijackThis v1.99.1 Scan saved at 13:25:42, on 12/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe C:\CFusionMX7\runtime\bin\jrunsvc.exe C:\CFusionMX7\db\slserver54\bin\swagent.exe C:\CFusionMX7\db\slserver54\bin\swstrtr.exe C:\CFusionMX7\runtime\bin\jrun.exe C:\CFusionMX7\db\slserver54\bin\swsoc.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Print Screen Replacement\PSR.exe C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE C:\Arquivos de programas\BitTorrent\bittorrent.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\HiJackThis\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R3 - URLSearchHook: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O1 - Hosts: 204.3.141.74 www.bb.com.br O1 - Hosts: 204.3.141.74 bb.com.br O1 - Hosts: 204.3.141.74 www.bancodobrasil.com.br O1 - Hosts: 204.3.141.74 bancodobrasil.com.br O1 - Hosts: 204.3.143.188 www.cef.com.br O1 - Hosts: 204.3.143.188 cef.com.br O1 - Hosts: 204.3.143.188 www.cef.gov.br O1 - Hosts: 204.3.143.188 cef.gov.br O1 - Hosts: 204.3.143.188 www.caixa.com.br O1 - Hosts: 204.3.143.188 caixa.com.br O1 - Hosts: 204.3.143.188 www.caixaeconomicafederal.com.br O1 - Hosts: 204.3.143.188 caixaeconomicafederal.com.br O1 - Hosts: 204.3.143.188 www.caixa.gov.br O1 - Hosts: 204.3.143.188 caixa.gov.br O1 - Hosts: 198.106.88.95 www.bradesco.com.br O1 - Hosts: 198.106.88.95 bradesco.com.br O1 - Hosts: 204.3.141.237 www.bancoreal.com.br O1 - Hosts: 204.3.141.237 bancoreal.com.br O1 - Hosts: 204.3.141.237 www.real.com.br O1 - Hosts: 204.3.141.237 real.com.br O1 - Hosts: 204.3.144.4 www.nossacaixa.com.br O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: PSR.lnk = C:\Arquivos de programas\Print Screen Replacement\PSR.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{9D5D6510-63CA-4339-9022-C2EBE6C2C00D}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{D17F5117-9EF2-495F-BAEB-408DB3E89B63}: NameServer = 200.204.0.10,200.204.0.138 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - AppInit_DLLs: wbsys.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Capture Device Service - InterVideo Inc. - C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 16, 2007 Bom Dia mexicanox! >@< Faça o download do a-squared Free 3.0 >@< Abra o programa e clique em: Atualizar agora >> Aguarde! >@< Terminando,clique em: Analisar agora. >@< Caso possa,procure fazer esta análise,em Modo de Segurança. >@< Escolha a opção: A fundo. >@< Clique em Analisar! >@< Terminando,envie os ítens encontrados para a quarentena. >@< Aonde,daí,serão excluídos ou restaurados. >@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
mexicanox 7 Denunciar post Postado Dezembro 21, 2007 aki o log do HiJackThis Logfile of HijackThis v1.99.1 Scan saved at 17:28:43, on 21/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Print Screen Replacement\PSR.exe C:\Arquivos de programas\a-squared Free\a2service.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\BitTorrent\bittorrent.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\HiJackThis\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O1 - Hosts: 204.3.141.74 www.bb.com.br O1 - Hosts: 204.3.141.74 bb.com.br O1 - Hosts: 204.3.141.74 www.bancodobrasil.com.br O1 - Hosts: 204.3.141.74 bancodobrasil.com.br O1 - Hosts: 204.3.143.188 www.cef.com.br O1 - Hosts: 204.3.143.188 cef.com.br O1 - Hosts: 204.3.143.188 www.cef.gov.br O1 - Hosts: 204.3.143.188 cef.gov.br O1 - Hosts: 204.3.143.188 www.caixa.com.br O1 - Hosts: 204.3.143.188 caixa.com.br O1 - Hosts: 204.3.143.188 www.caixaeconomicafederal.com.br O1 - Hosts: 204.3.143.188 caixaeconomicafederal.com.br O1 - Hosts: 204.3.143.188 www.caixa.gov.br O1 - Hosts: 204.3.143.188 caixa.gov.br O1 - Hosts: 198.106.88.95 www.bradesco.com.br O1 - Hosts: 198.106.88.95 bradesco.com.br O1 - Hosts: 204.3.141.237 www.bancoreal.com.br O1 - Hosts: 204.3.141.237 bancoreal.com.br O1 - Hosts: 204.3.141.237 www.real.com.br O1 - Hosts: 204.3.141.237 real.com.br O1 - Hosts: 204.3.144.4 www.nossacaixa.com.br O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: PSR.lnk = C:\Arquivos de programas\Print Screen Replacement\PSR.exe O8 - Extra context menu item: &Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm O8 - Extra context menu item: &Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{9D5D6510-63CA-4339-9022-C2EBE6C2C00D}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{D17F5117-9EF2-495F-BAEB-408DB3E89B63}: NameServer = 200.204.0.10,200.204.0.138 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - AppInit_DLLs: wbsys.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe ________________________________________________________________________________ ______________________ e aki o log do A-SquaredFree a-squared Free - Versão 3.0 Última atualização 20/12/2007 08:28:07 Configurações da análise: Objetos: Memória, Rastros, Cookies, C:\ Análise de arquivos: Ligado Heurística: Ligado Análise de ADS: Ligado Início da análise: 21/12/2007 11:02:34 c:\windows\system32\sys52data detectado: Trace.Directory.GoldenEye Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detectado: Trace.Registry.Ares Value: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detectado: Trace.Registry.MyWebSearch Toolbar Value: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detectado: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detectado: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detectado: Trace.Registry.MyWebSearch Toolbar Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_LOCAL_MACHINE\software\realvnc detectado: Trace.Registry.VNC Key: HKEY_LOCAL_MACHINE\software\realvnc\winvnc4 detectado: Trace.Registry.VNCServer c:\arquivos de programas\elcomsoft\archpr detectado: Trace.Directory.Advanced Archive Password Recovery c:\documents and settings\neuber\menu iniciar\programas\advanced archive password recovery detectado: Trace.Directory.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\albanian.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\all_printable.chr detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\archpr.chm detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\archpr.exe detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\archpr.log detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\bulgarian.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\caps.chr detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\chinese.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\chinese-s.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\czech.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\danish.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\deutsch.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\digits.chr detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\dutch.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\english.dic detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\english.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\file_id.diz detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\finnish.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\french.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\italiano.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\japanese.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\latvian.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\license.txt detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\macedonian.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\magyar.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\order.txt detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\polish.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\portuguese.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\readme.txt detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\romanian.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\russian.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\serbian.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\slovak.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\slovenian.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\small.chr detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\spanish.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\special.chr detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\swedish.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\thai.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\turkish.lng detectado: Trace.File.Advanced Archive Password Recovery c:\arquivos de programas\elcomsoft\archpr\ukrainian.lng detectado: Trace.File.Advanced Archive Password Recovery c:\documents and settings\neuber\menu iniciar\programas\advanced archive password recovery\advanced archive password recovery help.lnk detectado: Trace.File.Advanced Archive Password Recovery c:\documents and settings\neuber\menu iniciar\programas\advanced archive password recovery\advanced archive password recovery.lnk detectado: Trace.File.Advanced Archive Password Recovery c:\documents and settings\neuber\menu iniciar\programas\advanced archive password recovery\end-user license agreement.lnk detectado: Trace.File.Advanced Archive Password Recovery c:\documents and settings\neuber\menu iniciar\programas\advanced archive password recovery\how to order.lnk detectado: Trace.File.Advanced Archive Password Recovery c:\documents and settings\neuber\menu iniciar\programas\advanced archive password recovery\readme.lnk detectado: Trace.File.Advanced Archive Password Recovery Value: HKEY_CURRENT_USER\Software\Elcom\Advanced Archive Password Recovery --> Installer Language detectado: Trace.Registry.Advanced Archive Password Recovery Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced Archive Password Recovery --> InstallDir detectado: Trace.Registry.Advanced Archive Password Recovery Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced Archive Password Recovery --> Stat param #1 detectado: Trace.Registry.Advanced Archive Password Recovery Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced Archive Password Recovery --> Stat param #2 detectado: Trace.Registry.Advanced Archive Password Recovery Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> DisplayName detectado: Trace.Registry.Advanced Archive Password Recovery Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Archive Password Recovery --> UninstallString detectado: Trace.Registry.Advanced Archive Password Recovery Value: HKEY_CURRENT_USER\Software\Internet Security --> Path detectado: Trace.Registry.EliteCodec Value: HKEY_CURRENT_USER\Software\Internet Security --> Removable detectado: Trace.Registry.EliteCodec Value: HKEY_CURRENT_USER\Software\Internet Security --> Type detectado: Trace.Registry.EliteCodec Value: HKEY_CLASSES_ROOT\CLSID\{183261F8-780B-4506-BE91-434C01DD010A}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Remotely Anywhere Server Edition Value: HKEY_CLASSES_ROOT\CLSID\{43534152-0000-0010-8000-00AA00389B71}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Remotely Anywhere Server Edition Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{183261F8-780B-4506-BE91-434C01DD010A}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Remotely Anywhere Server Edition Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43534152-0000-0010-8000-00AA00389B71}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Remotely Anywhere Server Edition C:\Documents and Settings\Neuber\Cookies\neuber@atdmt[1].txt detectado: Trace.TrackingCookie Analisado Arquivos: 857 Objetos: 151600 Cookies: 25 Processos: 11 Encontrado Arquivos: 0 Objetos: 71 Cookies: 1 Processos: 0 Chaves do registro: 0 Fim da análise: 21/12/2007 11:04:20 Duração da análise: 0:01:46 ________________________________________________________________________________ ______________________ vlwws Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 24, 2007 Boa Noite mexicanox! >@< Faça o download do HostsXpert. >@< Descompacte-o e mova o executável ( HostsXpert.exe ),para o Desktop. >@< Mas,não execute-o,ainda! >@< Reinicie o computador,em Modo de Segurança. >@< Abra o HijackThis e clique em Do a system scan only. >@< Marque as entradas,logo abaixo,e clique em Fix checked. R3 - URLSearchHook: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file) O2 - BHO: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O3 - Toolbar: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 >@< Ainda em Modo de Segurança,execute o HostsXpert.exe <!> >@< Clique em Restore Microsoft's Hosts file >> Ok. >@< Finalize o programa! >@< Reinicie,normalmente,o computador! >@< Faça e poste um novo log,do HijackThis,na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
mexicanox 7 Denunciar post Postado Janeiro 6, 2008 salve slave DigRam aki o log do hijackthis Logfile of HijackThis v1.99.1 Scan saved at 09:58:52, on 06/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Print Screen Replacement\PSR.exe C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE C:\Arquivos de programas\Symantec\LiveUpdate\AUPDATE.EXE C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Arquivos de programas\HiJackThis\Hijackthis\HijackThis.exe C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec\LIVEUP~1\DOWNLO~1\Updt103\symlcsvc.exe C:\Arquivos de programas\Share Cracker\ShareCracker.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: PSR.lnk = C:\Arquivos de programas\Print Screen Replacement\PSR.exe O8 - Extra context menu item: &Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm O8 - Extra context menu item: &Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{9D5D6510-63CA-4339-9022-C2EBE6C2C00D}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{D17F5117-9EF2-495F-BAEB-408DB3E89B63}: NameServer = 200.204.0.10,200.204.0.138 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - AppInit_DLLs: wbsys.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe flws Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 8, 2008 Bom Dia mexicanox! >@< Estando tudo Ok com o computador,em relação aos arquivos quarantinados,vá a quarentena do a-squared. >@< Selecione todo o conteúdo,e clique em Eliminar. ______________________ >@< Faça o download do CCleaner. >@< Baixe-o para o Desktop! >@< Abra o programa e clique em Executar cleaner. >@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros. ______________________ >@< Faça um escaneamento OnLine,pelo Panda. >@< Em,Arquivar e analisar,preencha o campo: País/Distrito/Região/E-Mail válido. >@< Digite o seu E-Mail. >@< Marque o botão:Não desejo receber informações... >@< Clique em: Pesquise agora,sem custos.Aguarde! >@< Permita a instalação do Active X. >@< Ps: Para quem possui o Avast,surgirá um alerta de malware,que deverá ser ignorado! >@< Recomendo que seja desabilitada,a proteção residente do Avast,ao executar o Activescan. >@< No aviso,clique em Instalar.Aguarde a finalização,da contagem regressiva! >@< Terminando e,em: Selecione um dispositivo para analisar... >@< Escolha: O Meu Computador. >@< Aguarde!Pois vai demorar um pouco para concluir o scan. >@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
mexicanox 7 Denunciar post Postado Janeiro 8, 2008 aki o log do panda Incidência Estado Localização Virus:w32/bagle.hx.worm Desinfectado Sistema Operativo Adware:Adware/BHO Não desinfectado C:\Arquivos de programas\Helper\superfindout.dll Adware:Adware/BHO Não desinfectado C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\3IPLCD9M\xall[1].htm Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\Neuber\Cookies\neuber@ad.yieldmanager[1].txt Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\Neuber\Cookies\neuber@atdmt[2].txt Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Neuber\Cookies\neuber@uol.com[1].txt Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.terra.com.br/] Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.doubleclick.net/] Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[ad.yieldmanager.com/] Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.ig.com.br/] Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.uol.com.br/] Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.statcounter.com/] Spyware:Cookie/Tradedoubler Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.tradedoubler.com/] Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.atdmt.com/] Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[de.uol.com.br/] Spyware:Cookie/cs.sexcounter Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.cs.sexcounter.com/] Spyware:Cookie/MediaTickets Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.kinghost.com/] Spyware:Cookie/GoClick Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.goclick.com/] Spyware:Cookie/Searchportal Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[searchportal.information.com/] Spyware:Cookie/WUpd Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.revenue.net/] Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.fastclick.net/] Spyware:Cookie/Screensavers Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.i.screensavers.com/] Spyware:Cookie/Tribalfusion Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.tribalfusion.com/] Spyware:Cookie/BurstNet Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.burstnet.com/] Spyware:Cookie/bravenetA Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.bravenet.com/] Spyware:Cookie/Zedo Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.zedo.com/] Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.bs.serving-sys.com/] Spyware:Cookie/RealMedia Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.realmedia.com/] Spyware:Cookie/Azjmp Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.azjmp.com/] Spyware:Cookie/Overture Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.overture.com/] Spyware:Cookie/Toplist Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.toplist.cz/] Spyware:Cookie/SpyLog Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.spylog.com/] Spyware:Cookie/Yadro Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.yadro.ru/] Spyware:Cookie/Smartadserver Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.smartadserver.com/] Spyware:Cookie/Xiti Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.xiti.com/] Spyware:Cookie/Mediaplex Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.mediaplex.com/] Spyware:Cookie/Comclick Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[fl01.ct2.comclick.com/] Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.adtech.de/] Spyware:Cookie/Atwola Não desinfectado C:\Documents and Settings\Neuber\Dados de aplicativos\Mozilla\Firefox\Profiles\me16205w.default\cookies-1.txt[.atwola.com/] Ferramenta potencialmente indesejada:Application/Processor Não desinfectado C:\RECYCLER\S-1-5-21-1085031214-884357618-839522115-500\Dc1\Process.exe Virus:Trj/Rebooter.J Desinfectado C:\RECYCLER\S-1-5-21-1085031214-884357618-839522115-500\Dc1\Reboot.exe Ferramenta potencialmente indesejada:Application/SuperFast Não desinfectado C:\RECYCLER\S-1-5-21-1085031214-884357618-839522115-500\Dc1\restart.exe Ferramenta potencialmente indesejada:Application/CloseApp Não desinfectado C:\WINDOWS\system32\closeapp.exe Virus:W32/Bagle.QP.worm Desinfectado C:\WINDOWS\system32\drivers\down\149343.exe Virus:W32/Bagle.QP.worm Desinfectado C:\WINDOWS\system32\wintems.exe aki o log do HiJackThis Logfile of HijackThis v1.99.1 Scan saved at 17:34:37, on 08/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Print Screen Replacement\PSR.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Neuber\Meus documentos\DOWNLOADS\spybotsd15.exe C:\DOCUME~1\Neuber\CONFIG~1\Temp\is-K5BVJ.tmp\is-FD7FB.tmp C:\Arquivos de programas\HiJackThis\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Arquivos de programas\Helper\superfindout.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\RunOnce: [Panda_cleaner] C:\WINDOWS\system32\ACTIVE~1\pavdr.exe C:\WINDOWS\system32\pavdr_actions.sys O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: PSR.lnk = C:\Arquivos de programas\Print Screen Replacement\PSR.exe O8 - Extra context menu item: &Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm O8 - Extra context menu item: &Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9D5D6510-63CA-4339-9022-C2EBE6C2C00D}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{D17F5117-9EF2-495F-BAEB-408DB3E89B63}: NameServer = 200.204.0.10,200.204.0.138 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - AppInit_DLLs: wbsys.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe flws !!!! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 9, 2008 Boa Noite mexicanox! >@< No Mozilla Firefox,vá em: Ferramentas >> Opções. Marque as opções: >1< Memorizar páginas visitadas nos últimos x dias.( x=1,2,3,...,n ) << Escolha 1 dia! >2< Sites podem definir cookies até saírem do Firefox. >3< Limpar dados pessoais ao sair do Firefox. ____________________ >@< Faça o download do EliBagla. >@< Salve-o no Desktop! >@< Agora,vá ao seu ícone e execute a ferramenta! >@< Poste o relatório infoSAT.txt que está na raíz C:\ ( Disco Local-C ) ____________________ >@< Faça o download do KillBox. >@< Salve-o no Desktop! >@< Abra o KillBox e marque Delete on reboot. >@< Insira ou digite na caixa Full path of file to delete,o seguinte ficheiro: C:\Arquivos de programas\Helper\superfindout.dll >@< Clique no botão X e,na pergunta sobre o reboot,diga Não! >@< Coloque na caixa,o ficheiro: C:\WINDOWS\system32\closeapp.exe >@< Clique no botão X e,na pergunta,confirme! >@< O computador,vai reiniciar! >@< Aproveite êste reboot,e entre em Modo de Segurança. >@< Abra o HijackThis,e clique em Do a system scan only. >@< Marque as entradas,logo abaixo,e clique em Fix checked. O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Arquivos de programas\Helper\superfindout.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) >@< Reinicie,normalmente,o computador! ____________________ >@< Faça e poste: infoSat.txt + Log do HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 13, 2008 Tópico Arquivado Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
