Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
jrgiacon

Virus, site falso do Bradesco

9 posts neste tópico

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:11:08, on 5/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvraidservice.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Microsoft Url Search Hook - {cfbfae00-17a6-11d0-99cb-00c04fd64497} - C:\WINDOWS\system32\ieframe.dll

O1 - Hosts: 72.167.248.72 www.credicarditau.com.br

O1 - Hosts: 72.167.248.72 www.itaucard.com.br

O1 - Hosts: 72.167.248.72 itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 www.itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 www.itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bancoreal.com.br

O1 - Hosts: 72.167.248.72 www.itau.com.br

O1 - Hosts: 72.167.248.72 itau.com.br

O1 - Hosts: 72.167.248.72 www.bradesco.com.br

O1 - Hosts: 72.167.248.72 bradesco.com.br

O1 - Hosts: 72.167.248.72 www.gravames.com.br

O1 - Hosts: 72.167.248.72 www.megadata.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomicafederal.com.br

O1 - Hosts: 72.167.248.72 www.cef.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomica.com.br

O1 - Hosts: 72.167.248.72 www.caixa.gov.br

O1 - Hosts: 72.167.248.72 caixa.gov.br

O1 - Hosts: 72.167.248.72 www.caixa.com.br

O1 - Hosts: 72.167.248.72 caixa.com.br

O1 - Hosts: 72.167.248.72 www.cef.gov.br

O1 - Hosts: 72.167.248.72 santander.com.br

O1 - Hosts: 72.167.248.72 www.santander.com.br

O1 - Hosts: 72.167.248.72 banespa.com.br

O1 - Hosts: 72.167.248.72 www.banespa.com.br

O1 - Hosts: 72.167.248.72 santanderbanespa.com.br

O1 - Hosts: 72.167.248.72 www.santanderbanespa.com.br

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Arquivos de programas\Foxie Suite\foxietoolbaru.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Arquivos de programas\Foxie Suite\foxiecoreu.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Arquivos de programas\Foxie Suite\foxiecoreu.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Desktop.htm

O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Desktop.htm

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Arquivos de programas\Foxie Suite\Cleaner.exe

O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Arquivos de programas\Foxie Suite\Cleaner.exe

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Arquivos de programas\Foxie Suite\Sweeper.exe

O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Arquivos de programas\Foxie Suite\Sweeper.exe

O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - C:\Arquivos de programas\GutshotMPP\MPPoker.exe

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Arquivos de programas\PokerTimeMPP\MPPoker.exe

O9 - Extra button: All In Poker - {7FD14A80-30CB-434e-90A3-DEC1B1EA2014} - C:\Arquivos de programas\allinpokerMPP\MPPoker.exe

O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Arquivos de programas\Gnuf\Casino\casinogame.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: TowerTorneosPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\ARQUIV~1\TOWERT~4\TowerTorneosPoker.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Arquivos de programas\Gnuf\Poker\MPPoker.exe

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Infinity.htm

O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Infinity.htm

O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Arquivos de programas\royalvegasMPP\MPPoker.exe

O9 - Extra button: POKER - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Microgaming\Poker\PokermMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\USER\Menu Iniciar\Programas\Poker.com\Poker.com.lnk (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoker.com/download_helper/Nyoko.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:8995/etc/var/TVUAx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Microsoft.com/microsoftupdat...b?1163037104449

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://152.1.131.130/activex/AMC.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://193.130.144.41/media/visitorchat/TLIEFlash.CAB

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.218/g_bin/eng/billard8_2_0_0_23.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MySQLTSE - Unknown owner - C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 17238 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus e AntiSpyware para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download Banker FIX

Dê um duplo-clique em bankerfix.exe . Dê Enter.

O Internet Explorer será finalizado.aguarde a Ferramenta acabar. Isso pode demorar um pouco.

Quando terminar, aparecerá uma mensagem na tela e então dê Enter.

Poste um novo Log do HijackThis + o Relatorio.txt que encontrará em C:\LinhaDefensiva aqui mesmo neste Tópico clicando no segundo BOTÃO RESPONDER.

Depois pode apagar esta Pasta LinhaDefensiva. Habilite novamente o seu Antivírus


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus e AntiSpyware para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download Banker FIX

Dê um duplo-clique em bankerfix.exe . Dê Enter.

O Internet Explorer será finalizado.aguarde a Ferramenta acabar. Isso pode demorar um pouco.

Quando terminar, aparecerá uma mensagem na tela e então dê Enter.

Poste um novo Log do HijackThis + o Relatorio.txt que encontrará em C:\LinhaDefensiva aqui mesmo neste Tópico clicando no segundo BOTÃO RESPONDER.

Depois pode apagar esta Pasta LinhaDefensiva. Habilite novamente o seu Antivírus

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:47:33, on 5/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvraidservice.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Windows NT\Acessórios\WORDPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Microsoft Url Search Hook - {cfbfae00-17a6-11d0-99cb-00c04fd64497} - C:\WINDOWS\system32\ieframe.dll

O1 - Hosts: 72.167.248.72 www.credicarditau.com.br

O1 - Hosts: 72.167.248.72 www.itaucard.com.br

O1 - Hosts: 72.167.248.72 itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 www.itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 www.itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bancoreal.com.br

O1 - Hosts: 72.167.248.72 www.itau.com.br

O1 - Hosts: 72.167.248.72 itau.com.br

O1 - Hosts: 72.167.248.72 www.bradesco.com.br

O1 - Hosts: 72.167.248.72 bradesco.com.br

O1 - Hosts: 72.167.248.72 www.gravames.com.br

O1 - Hosts: 72.167.248.72 www.megadata.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomicafederal.com.br

O1 - Hosts: 72.167.248.72 www.cef.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomica.com.br

O1 - Hosts: 72.167.248.72 www.caixa.gov.br

O1 - Hosts: 72.167.248.72 caixa.gov.br

O1 - Hosts: 72.167.248.72 www.caixa.com.br

O1 - Hosts: 72.167.248.72 caixa.com.br

O1 - Hosts: 72.167.248.72 www.cef.gov.br

O1 - Hosts: 72.167.248.72 santander.com.br

O1 - Hosts: 72.167.248.72 www.santander.com.br

O1 - Hosts: 72.167.248.72 banespa.com.br

O1 - Hosts: 72.167.248.72 www.banespa.com.br

O1 - Hosts: 72.167.248.72 santanderbanespa.com.br

O1 - Hosts: 72.167.248.72 www.santanderbanespa.com.br

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Arquivos de programas\Foxie Suite\foxietoolbaru.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Arquivos de programas\Foxie Suite\foxiecoreu.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Arquivos de programas\Foxie Suite\foxiecoreu.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Desktop.htm

O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Desktop.htm

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Arquivos de programas\Foxie Suite\Cleaner.exe

O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Arquivos de programas\Foxie Suite\Cleaner.exe

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Arquivos de programas\Foxie Suite\Sweeper.exe

O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Arquivos de programas\Foxie Suite\Sweeper.exe

O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - C:\Arquivos de programas\GutshotMPP\MPPoker.exe

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Arquivos de programas\PokerTimeMPP\MPPoker.exe

O9 - Extra button: All In Poker - {7FD14A80-30CB-434e-90A3-DEC1B1EA2014} - C:\Arquivos de programas\allinpokerMPP\MPPoker.exe

O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Arquivos de programas\Gnuf\Casino\casinogame.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: TowerTorneosPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\ARQUIV~1\TOWERT~4\TowerTorneosPoker.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Arquivos de programas\Gnuf\Poker\MPPoker.exe

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Infinity.htm

O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Arquivos de programas\Foxie Suite\Resources\HTML\Infinity.htm

O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Arquivos de programas\royalvegasMPP\MPPoker.exe

O9 - Extra button: POKER - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Microgaming\Poker\PokermMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\USER\Menu Iniciar\Programas\Poker.com\Poker.com.lnk (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoker.com/download_helper/Nyoko.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:8995/etc/var/TVUAx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Microsoft.com/microsoftupdat...b?1163037104449

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://152.1.131.130/activex/AMC.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://193.130.144.41/media/visitorchat/TLIEFlash.CAB

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.218/g_bin/eng/billard8_2_0_0_23.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MySQLTSE - Unknown owner - C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 17274 bytes

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-01-05 - 11:45

-------------------------------------------------------

Lista de Definição: 2008-12-14-1 | CORE: 2008-12-14-1

=======================================================

Arquivo infectado detectado: C:\sysmlog.log

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\system32\svhost.exe

Arquivo infectado removido com sucesso!

----- Fim -------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Continuando.....

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Continuando.....

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Malwarebytes' Anti-Malware 1.32

Versão do banco de dados: 1619

Windows 5.1.2600 Service Pack 2

5/1/2009 19:21:44

mbam-log-2009-01-05 (19-21-44).txt

Tipo de Verificação: Rápida

Objetos verificados: 53354

Tempo decorrido: 4 minute(s), 51 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 80

Valores do Registro infectados: 8

Ítens do Registro infectados: 0

Pastas infectadas: 18

Arquivos infectados: 35

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\foxie.foxiecore (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{53b8b576-27ef-4cf5-ad81-0487f96bf21f} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6db1d8a4-3493-4414-9fd2-3924617491b5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72fc8424-86d6-4100-8846-ff211f275897} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{96eb9c1c-140f-44d8-8674-840b318b7e0b} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{09c02180-3b46-4cd8-83ff-34daf442bdef} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09c02180-3b46-4cd8-83ff-34daf442bdef} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5b18fd94-2904-4aa0-ad63-7231d59e63a2} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c65185b1-d52b-44a9-861f-8201b50d1f37} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c65185b1-d52b-44a9-861f-8201b50d1f37} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c65185b1-d52b-44a9-861f-8201b50d1f37} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.foxiecore.1 (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.foxiesecuritymodule (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.foxiesecuritymodule.1 (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.foxietoolbar (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{618d0948-6cd1-4129-9fdb-221a7f973f37} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4879d63c-c3cc-42cc-9d1c-e861b42d0a5c} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5fba0f92-abe8-421c-992e-2a85db9910c1} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{432cae3b-690f-4c3b-bd97-070ebda210d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{432cae3b-690f-4c3b-bd97-070ebda210d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{432cae3b-690f-4c3b-bd97-070ebda210d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.foxietoolbar.1 (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.httpfilter (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\foxie.httpfilter.1 (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{86a44ef9-78fc-4e18-a564-b18f806f7f56} (Trojan.MultiDefender) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{306bbb66-d9e4-4481-833e-c1d5fca06774} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{546e08aa-809f-4f1a-be1a-6b122ebfcd5a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61039b22-563d-4922-b844-b076c318a66a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e4143585-2688-4ebc-b264-27c774f600d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{306bbb66-d9e4-4481-833e-c1d5fca06774} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{546e08aa-809f-4f1a-be1a-6b122ebfcd5a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{61039b22-563d-4922-b844-b076c318a66a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e4143585-2688-4ebc-b264-27c774f600d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\foxie privacy, security & productivity suite (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\FoxIE (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FoxIE (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{09c02180-3b46-4cd8-83ff-34daf442bdef} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{306bbb66-d9e4-4481-833e-c1d5fca06774} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{546e08aa-809f-4f1a-be1a-6b122ebfcd5a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{61039b22-563d-4922-b844-b076c318a66a} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{e4143585-2688-4ebc-b264-27c774f600d5} (Rogue.Foxie) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

C:\Arquivos de programas\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\AdBlock (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Firewall (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\HTML (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Icons (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Sweeper (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Updates (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Arquivos infectados:

C:\Arquivos de programas\Foxie Suite\foxiecoreu.dll (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\foxietoolbaru.dll (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Cleaner.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Firewall.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\firewall.sys (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\foxiecore.dll (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Sweeper.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\uninst.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Uninstaller.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\update.exe (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\AdBlock\adblock.dat (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Firewall\spamservers.dat (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Firewall\spyservers.dat (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Firewall\wormservers.dat (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\HTML\Desktop.htm (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\HTML\index.gif (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\HTML\Infinity.htm (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\HTML\Query.htm (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Icons\Cleaner.ico (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Icons\Desktop.ico (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Icons\Infinity.ico (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Icons\Sweeper.ico (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Sweeper\pests.dtx (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Foxie Suite\Resources\Updates\index.dat (Rogue.Foxie) -> Quarantined and deleted successfully.

C:\Arquivos de programas\ActivationManager\Uninstall.exe (Trojan.MultiDefender) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:30:19, on 5/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvraidservice.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Arquivos de programas\Windows NT\Acessórios\WORDPAD.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Microsoft Url Search Hook - {cfbfae00-17a6-11d0-99cb-00c04fd64497} - C:\WINDOWS\system32\ieframe.dll

O1 - Hosts: 72.167.248.72 www.credicarditau.com.br

O1 - Hosts: 72.167.248.72 www.itaucard.com.br

O1 - Hosts: 72.167.248.72 itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 www.itaupersonnalite.com.br

O1 - Hosts: 72.167.248.72 itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 www.itauprivatebank.com.br

O1 - Hosts: 72.167.248.72 bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bradescoprime.com.br

O1 - Hosts: 72.167.248.72 www.bancoreal.com.br

O1 - Hosts: 72.167.248.72 www.itau.com.br

O1 - Hosts: 72.167.248.72 itau.com.br

O1 - Hosts: 72.167.248.72 www.bradesco.com.br

O1 - Hosts: 72.167.248.72 bradesco.com.br

O1 - Hosts: 72.167.248.72 www.gravames.com.br

O1 - Hosts: 72.167.248.72 www.megadata.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomicafederal.com.br

O1 - Hosts: 72.167.248.72 www.cef.com.br

O1 - Hosts: 72.167.248.72 www.caixaeconomica.com.br

O1 - Hosts: 72.167.248.72 www.caixa.gov.br

O1 - Hosts: 72.167.248.72 caixa.gov.br

O1 - Hosts: 72.167.248.72 www.caixa.com.br

O1 - Hosts: 72.167.248.72 caixa.com.br

O1 - Hosts: 72.167.248.72 www.cef.gov.br

O1 - Hosts: 72.167.248.72 santander.com.br

O1 - Hosts: 72.167.248.72 www.santander.com.br

O1 - Hosts: 72.167.248.72 banespa.com.br

O1 - Hosts: 72.167.248.72 www.banespa.com.br

O1 - Hosts: 72.167.248.72 santanderbanespa.com.br

O1 - Hosts: 72.167.248.72 www.santanderbanespa.com.br

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra button: Gutshot Poker - {70FF3DD2-AC81-43f2-AF80-979E2B789C4A} - C:\Arquivos de programas\GutshotMPP\MPPoker.exe

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Arquivos de programas\PokerTimeMPP\MPPoker.exe

O9 - Extra button: All In Poker - {7FD14A80-30CB-434e-90A3-DEC1B1EA2014} - C:\Arquivos de programas\allinpokerMPP\MPPoker.exe

O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Arquivos de programas\Gnuf\Casino\casinogame.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: TowerTorneosPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\ARQUIV~1\TOWERT~4\TowerTorneosPoker.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Arquivos de programas\Gnuf\Poker\MPPoker.exe

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Arquivos de programas\royalvegasMPP\MPPoker.exe

O9 - Extra button: POKER - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Microgaming\Poker\PokermMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\USER\Menu Iniciar\Programas\Poker.com\Poker.com.lnk (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoker.com/download_helper/Nyoko.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:8995/etc/var/TVUAx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Microsoft.com/microsoftupdat...b?1163037104449

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://152.1.131.130/activex/AMC.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://193.130.144.41/media/visitorchat/TLIEFlash.CAB

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.218/g_bin/eng/billard8_2_0_0_23.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MySQLTSE - Unknown owner - C:\Arquivos de programas\Candex2008\MySQL-5.0.45-win32\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 15159 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download HostsXpert

Descompacte, abra o Programa, execute o arquivo HostsXpert.exe, clique em "Restore Microsoft's Hosts File" e aperte em OK.

Finalize o Programa.

O PC está limpo. (H)

Mr Million só uma pergunta estes que ficaram na quarentena posso deixa-los como estão ou devo remove-los ? cara muito obrigado pela atenção gostaria de saber quanto é seu serviço ?

obrigado por tudo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pode deletar tudo na Quarentena.

No resto.........., um abraço. (H)

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.

Depois desmarque novamente. Aplicar > OK.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pode deletar tudo na Quarentena.

No resto.........., um abraço. (H)

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.

Depois desmarque novamente. Aplicar > OK.

Uma abraço feliz ano novo, tudo de melhor pra você !!!

agradecido

Compartilhar este post


Link para o post
Compartilhar em outros sites

Visitante
Este tópico é muito antigo e está impedido de receber novos posts. Se você quiser ajuda ou suporte, crie um novo tópico.
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • Vídeos do BABOO no YouTube

  • Posts

    • Uma última tentativa: Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho) Dê um duplo-clique sobre o ZHPCleaner.exe. Clique no botão Scanner. A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar. Ao final da Verificação, clique no botão Reparar. Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log. Selecione, copie e cole o conteúdo deste Log na sua próxima resposta.
    • Seu Programa HijackThis está defasado, pegue a nova Versão no Tópico acima.
    • Pessoal, estou vendendo o meu computador gamer.  Quem estiver interessado acesse o site do mercado livre para mais informações: http://produto.mercadolivre.com.br/MLB-870926055-computador-gamer-intel-core-i7-7700k-_JM Vlw.
    • Boa noite, Ciro Mota! Obrigado pelo contato! Quer dizer que os meus switches são "gato vendido por lebre"? Que safadeza...! Entendi seu esquema. Em sua opinião, o custo-benefício valeria a pena? Atualmente, minha Velox é de 10MB, limitada às "condições técnicas da rede de telefonia", segundo a operadora. Obrigado. Lúcio Dutra.
    • não imaginava q o emulador ia aparecer como S5, e como celulares são tudo parecido, não conseguia lembrar esse tal S5, ai fiquei pensando de alguém q eu já tenha logado na minha wifi, mas lembrei q não tinha nada a ver, era conta do google, ai descartei até o meu WP....
    • No Windows 7 não tem como alterar o valor da porta COM1 através do Gerenc. de Dispositivos. Daria para alterar o valor "9600" (padrão) para outro, através do regedit ou gpedit ? Obrigado.
    • Boa tarde,    Em uma pasta de trabalho, possuo uma planilha que contém uma lista de serviços e outra (modelo) para composição de preços.
      Após ter determinado os serviços da lista, seleciono o código de um dos serviços desta lista e ativo uma macro que cria uma nova planilha (baseada na modelo existente) renomeando esta com o código do serviço selecionado.   Ex: C001 = Serviço 01 da lista, após utilizar a macro eu terei uma nova planilha chamada C001 (com a estrutura da planilha Modelo).   Após criada esta nova planilha, necessito de uma macro que, ao criar uma nova planilha de composição de preço, também fosse criado um hyperlink na célula (selecionada) do código utilizado que possa me direcionará à esta planilha criada (C001).   Ex: C001 = Serviço 01 da lista, a célula que contém o código utilizado será um link para a planilha C001 criada.   Pesquisei aqui no fórum alguns modelos e cheguei a um resultado próximo, mas só consegui criar o hyperlink em um Range fixo.
      Segue abaixo a macro e espero que seja possível solucionar este empasse.

      Desde já agradeço.   Sub CriaNomeiaHyper() Dim planBase, planNova As String
      Dim plan As Worksheet, flg As Boolean
          planBase = ActiveSheet.Name
          nomePlan = ActiveCell.Value
              
              For Each plan In Worksheets
              If plan.Name Like nomePlan Then flg = True: Exit For
              Next
      If flg = True Then
          MsgBox "Já existe a planilha  " & "'" & _
          nomePlan & "'" & ",  altere o nome desejado"
      Else
          Sheets("Modelo").Copy after:=Sheets(Sheets.Count)
          ActiveSheet.Name = nomePlan
          Range("b7").Value = ActiveSheet.Name     ActiveSheet.Hyperlinks.Add Anchor:= _
          Sheets(planBase).Range("A1"), Address:="", _
              SubAddress:="'" & ActiveSheet.Name _
                  & "'!B1", TextToDisplay:=ActiveSheet.Name
      End If
      End Sub
    • Consegui instalar o Chrome, aqueles anúncios continuam. Depois que reiniciei o PC abri o Chrome, está abrindo na pagina inicial este site www.luckystarting.com/?type=hp, o firefox a pagina inicial mudou também para este http://www.searchinme.com/?type=hp&ts=1495740129257&z=8e4291db37e24a3bd516542gbz0t3wcmecewbw7c4g&from=official&uid=ST1000LM014-1EJ164_W3825S31XXXXW3825S31 e também mudou o padrão de busca dos navegadores.
    • Você quer uma rede híbrida de wireless com cabo, para uma melhor estabilidade da rede você vai precisar de mais um roteador e remover os HUBs (não são switchs). Ficaria desta forma o diagrama de sua rede:  
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.