Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

ThiagoQB

[Arquivado] ...

Recommended Posts

Ola...

tipo estou com problemas...

eu conecto na net e ja esta abrindo sites de propagandas em 20 minutos abre uns 10 ja...

como posso tirar isso?

 

Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia ThiagoQB!

 

>@< Faça o download do HijackThis.

>@< Baixe-o para o Disco Local-C e estabeleça uma pasta própria para o programa.

>@< Temos como exemplo: < C:\HijackThis.exe > ou < C:\HijackThis\HijackThis.exe >

>@< Mas,não execute-o ainda!

>@< Para que o Log do HijackThis saia completo,vá em Iniciar >> Executar.

>@< Digite: msconfig >> Ok.

>@< Na guia Inicializar,marque tôdos os ítens e confirme!

>@< Reinicie o computador!

>@< Abra o HijackThis e clique em Do a system scan and save a logfile.

>@< Abrir-se-á um Bloco de Notas!

>@< Selecione e copie o seu conteúdo para êste Tópico. Não crie outro!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ta ai...

 

Logfile of HijackThis v1.99.1

Scan saved at 15:08 Thiago, on 21/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\krn3.exe

C:\Arquivos de programas\Valve\Steam\Steam.exe

C:\SERV-N\apache\Apache.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\SERV-N\apache\Apache.exe

C:\ARQUIV~1\Grisoft\AVG7\avgw.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\Rundll32.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Usuario03\Desktop\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://descargar.mp3.es/index.php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 201.64.18.45 nprotect.battlelands.net

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Lefty - {275296E0-75EC-4380-BB5F-900636889A8D} - C:\WINDOWS\system32\nsa3D.dll

O2 - BHO: (no name) - {4283BF5E-F41D-16A4-AFB6-5D8EEE1A1505} - (no file)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\UpMedia\ContentTool.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB89.dll

O2 - BHO: AD Bot - {BCBCEE7B-2001-4971-B991-EB6E81C96CC5} - C:\WINDOWS\system32\adspipe.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [dark] C:\WINDOWS\krn3.exe

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Valve\Steam\Steam.exe" -silent

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apache - Unknown owner - C:\SERV-N\apache\Apache.exe" --ntservice (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - \SERV-N\apache\mysql\bin\mysqld-nt.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite ThiagoQB!

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter. Aguarde!

>@< Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

_______________________

 

>@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 21/11/2007 - 19:51

-------------------------------------------------------

Lista de Definição: 2007-11-20-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\fonts\taskmgr.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\krn3.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\csrs.txt

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\code

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 19:56 Thiago, on 21/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Valve\Steam\Steam.exe

C:\SERV-N\apache\Apache.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\SERV-N\apache\Apache.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\Rundll32.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Usuario03\Desktop\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://descargar.mp3.es/index.php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 201.64.18.45 nprotect.battlelands.net

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Lefty - {275296E0-75EC-4380-BB5F-900636889A8D} - C:\WINDOWS\system32\nsa3D.dll

O2 - BHO: (no name) - {4283BF5E-F41D-16A4-AFB6-5D8EEE1A1505} - (no file)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\UpMedia\ContentTool.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB89.dll (file missing)

O2 - BHO: AD Bot - {BCBCEE7B-2001-4971-B991-EB6E81C96CC5} - C:\WINDOWS\system32\adspipe.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Valve\Steam\Steam.exe" -silent

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apache - Unknown owner - C:\SERV-N\apache\Apache.exe" --ntservice (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - \SERV-N\apache\mysql\bin\mysqld-nt.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite ThiagoQB!

 

>@< Faça o download da EliStarA.

>@< Na página,clique no botão: Descargar EliStarA v xx.xx,que fica situado ao pé da página.

>@< Salve a ferramenta no Desktop!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpyware.

>@< Reinicie o computador em Modo de Segurança.

>@< Vá ao ícone de EliStarA e execute-a!

>@< Aguarde,com paciência,o término do scan.

>@< Terminando,será gerado um relatório ( infoSat.txt ),no Disco Local-C.

>@< A ferramenta deletará,a sua página inicial,posteriormente voçê à configurará novamente.

>@< Reinicie,normalmente,o computador!

>@< Faça e poste,na sua resposta: infoSat.txt + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Wed Nov 21 22:22:31 2007

EliStartPage v15.08 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\WEB\RELATED.HTM --> Eliminado

C:\WINDOWS\SYSTEM32\CMD.COM --> Eliminado

C:\WINDOWS\SYSTEM32\SVKP.SYS --> Eliminado

C:\WINDOWS\SYSTEM32\OSSMTP.DLL --> Eliminado Motor.OSSMTP(smtp)

C:\WINDOWS\SYSTEM32\UPMEDIA\CONTENTTOOL.DLL --> Eliminado Beginto

Eliminada Class, "{00A6FAF6-072E-44CF-8957-5838F569A31D}" -> NULL2

Eliminada Class, "{07B18EA9-A523-4961-B6BB-170DE4475CCA}" -> NULL2

Eliminada Class, "{0A1C811C-88FF-493B-98A9-83B4A649ACD9}" -> C:\WINDOWS\system32\OSSMTP.dll

Eliminada Class, "{147A976E-EEE1-4377-8EA7-4716E4CDD239}" -> NULL1

Eliminada Class, "{3E720452-B472-4954-B7AA-33069EB53906}" -> NULL2

Eliminada Class, "{5015BF9D-173C-474B-9AF3-77D4D23A4135}" -> C:\WINDOWS\system32\UpMedia\ContentTool.dll

Eliminada Class, "{53CED2D0-5E9A-4761-9005-648404E6F7E5}" -> NULL2

Eliminada Class, "{5ED7D3DE-6DBE-4516-8712-01B1B64B7057}" -> C:\WINDOWS\system32\UpMedia\ContentTool.dll

Eliminada Class, "{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}" -> NULL2

Eliminada Class, "{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}" -> NULL2

Eliminada Class, "{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}" -> NULL2

Eliminada Class, "{7BF3A7DB-A516-4E24-B40A-F60B34699E26}" -> NULL2

Eliminada Class, "{92C3F342-45DA-4511-853A-B3836AAFF5F5}" -> C:\WINDOWS\system32\UpMedia\ContentTool.dll

Eliminada Class, "{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}" -> C:\WINDOWS\system32\WinNB89.dll

Eliminada Class, "{9AFB8248-617F-460D-9366-D71CDEDA3179}" -> NULL1

Eliminada Class, "{BB81FA79-DCD7-48A6-A710-A85BD5ED9640}" -> C:\WINDOWS\system32\OSSMTP.dll

Eliminada Class, "{C2A3FF36-C3A5-4334-968C-1DEA85AAA772}" -> C:\WINDOWS\system32\OSSMTP.dll

Eliminada Class, "{EA20F195-32DA-4bd6-B348-FD01FC7D3D5A}" -> NULL2

Eliminado Servicio, "SVKP"

Eliminada Carpeta "%Application Data%\HbTools"

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

 

Wed Nov 21 23:02:32 2007

EliStartPage v15.08 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Linea Eliminada del HOSTS --> 127.0.0.1 bin.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 dynamique.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 es.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 hk.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 jsp.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 nl.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 se.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 support.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 trial.updates.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 ulog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.win-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winantiviruspro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivesafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer2006.com ## added by CiD

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

 

Wed Nov 21 23:02:42 2007

EliStartPage v15.08 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SYMPROBE.EXE --> Eliminado, Apropos

C:\Arquivos de programas\MSN Messenger\RICHED20.DLL --> Eliminado, MyWebSearch

C:\Backup Ivanir\Program Files\Altnet\Download Manager\ASMPS.DLL --> Eliminado, AltNet

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP773\A0762111.EXE --> Eliminado, Trojan.Agent.GPJ

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP773\A0762123.EXE --> Eliminado, Trojan.Agent.GPJ

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP773\A0762124.EXE --> Eliminado, Trojan.Agent.GPJ

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP838\A0872925.SYS --> Eliminado, Spy.Joiner.AV

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP838\A0872926.DLL --> Eliminado, Motor.OSSMTP(smtp)

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP838\A0872927.DLL --> Eliminado, Beginto

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP838\A0872931.EXE --> Eliminado, Apropos

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP838\A0872932.DLL --> Eliminado, MyWebSearch

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP838\A0872933.DLL --> Eliminado, AltNet

C:\WINDOWS\Fonts\SAFRA2.EXE --> Eliminado, Malware.Zambrano

C:\WINDOWS\system32\CMDLINEEXT03.DLL --> Eliminado, Spy-CmdLineExt

C:\WINDOWS\system32\F3PSSAVR.SCR --> Eliminado, MyWebSearch

 

Nº Total de Directorios: 5322

Nº Total de Ficheros: 80739

Nº de Ficheros Analizados: 24872

Nº de Ficheros Infectados: 15

Nº de Ficheros Limpiados: 15

 

Wed Nov 21 23:30:29 2007

EliStartPage v15.08 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP838\A0872934.EXE --> Eliminado, Malware.Zambrano

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP838\A0872935.DLL --> Eliminado, Spy-CmdLineExt

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP838\A0872936.SCR --> Eliminado, MyWebSearch

 

Nº Total de Directorios: 5322

Nº Total de Ficheros: 80727

Nº de Ficheros Analizados: 24860

Nº de Ficheros Infectados: 3

Nº de Ficheros Limpiados: 3

 

Wed Nov 21 23:50:34 2007

EliStartPage v15.08 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 5322

Nº Total de Ficheros: 80724

Nº de Ficheros Analizados: 24857

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:25 Thiago, on 22/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\Rundll32.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Valve\Steam\Steam.exe

C:\SERV-N\apache\Apache.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\SERV-N\apache\Apache.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\SERV-N\apache\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Usuario03\Desktop\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 201.64.18.45 nprotect.battlelands.net

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Lefty - {275296E0-75EC-4380-BB5F-900636889A8D} - C:\WINDOWS\system32\nsa3D.dll

O2 - BHO: (no name) - {4283BF5E-F41D-16A4-AFB6-5D8EEE1A1505} - (no file)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AD Bot - {BCBCEE7B-2001-4971-B991-EB6E81C96CC5} - C:\WINDOWS\system32\adspipe.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Valve\Steam\Steam.exe" -silent

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apache - Unknown owner - C:\SERV-N\apache\Apache.exe" --ntservice (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - \SERV-N\apache\mysql\bin\mysqld-nt.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia ThiagoQB!

 

>@< Abra o HijackThis,e marque estas entradas,logo abaixo:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 201.64.18.45 nprotect.battlelands.net

O2 - BHO: (no name) - {4283BF5E-F41D-16A4-AFB6-5D8EEE1A1505} - (no file)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O11 - Options group: [iNTERNATIONAL] International*

>@< E,com todas as janelas fechadas,clique em Fix checked.

___________________________

 

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena.

>@< Aonde,daí,serão excluídos ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

a-squared Free - Versão 3.0

Last update: 22/11/2007 12:45:02

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 22/11/2007 12:47:06

 

[2152] C:\Arquivos de programas\Internet Explorer\MSIMG32.dll detectado: Riskware.AdTool.Win32.MyWebSearch.au

c:\windows\b.exe detectado: Trace.File.BuddyPicture

Key: HKEY_USERS\S-1-5-21-1343024091-1682526488-1060284298-1003\software\microsoft\office\11.0\common\research\sources\{19c33034-3878-4beb-b843-62c2761aff96} detectado: Trace.Registry.AlexaToolbar

Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\5.0\user agent\post platform --> alexa toolbar detectado: Trace.Registry.AlexaToolbar

Key: HKEY_CLASSES_ROOT\clsid\{40d8240a-e3a0-4d59-ac55-0443120188d1} detectado: Trace.Registry.HotBar

Key: HKEY_USERS\S-1-5-21-1343024091-1682526488-1060284298-1003\software\kazaa detectado: Trace.Registry.KaZaA

Key: HKEY_CLASSES_ROOT\typelib\{aa987bf8-e849-4996-9335-413df4a8158a} detectado: Trace.Registry.KeyLogger.wintective

Value: HKEY_CLASSES_ROOT\appid\mediagateway.exe --> appid detectado: Trace.Registry.MediaAccess

Key: HKEY_CLASSES_ROOT\clsid\{d676f999-4608-4dc5-a135-4f51f4212739} detectado: Trace.Registry.MediaPass

Key: HKEY_USERS\S-1-5-21-1343024091-1682526488-1060284298-1003\software\microsoft\windows\currentversion\ext\stats\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} detectado: Trace.Registry.Mirar

Key: HKEY_USERS\S-1-5-21-1343024091-1682526488-1060284298-1003\software\microsoft\windows\currentversion\ext\stats\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e} detectado: Trace.Registry.Mirar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detectado: Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detectado: Trace.Registry.MyWebSearch Toolbar

Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\appid\mediagateway.exe detectado: Trace.Registry.WindUpdates.MediaGateway

Value: HKEY_CLASSES_ROOT\appid\mediagateway.exe --> appid detectado: Trace.Registry.WindUpdates.MediaGateway

Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll detectado: Trace.Registry.WindUpdates.MediaGateway

c:\windows\gvcasinos.ini detectado: Trace.File.Grace Casino

Value: HKEY_CLASSES_ROOT\CLSID\{40D8240A-E3A0-4D59-AC55-0443120188D1}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.HotBar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40D8240A-E3A0-4D59-AC55-0443120188D1}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.HotBar

Value: HKEY_CLASSES_ROOT\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Search Enhancer

Value: HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> Changed detectado: Trace.Registry.Warez P2P Faster Accelerator

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> SlowInfoCache detectado: Trace.Registry.Warez P2P Faster Accelerator

c:\windows\ncuninst.exe detectado: Trace.File.MARAVEL Screensaver

C:\Documents and Settings\Usuario03\Cookies\usuario03@atdmt[1].txt detectado: Trace.TrackingCookie

C:\Arquivos de programas\Internet Explorer\msimg32.dll detectado: Riskware.AdTool.Win32.MyWebSearch.au

C:\Backup Ivanir\Arquivos de programas\Corel\Graphics10\Register\NAVBrowser.exe detectado: Heuristic.Dialer.RAS

C:\Backup Ivanir\Arquivos de programas\HP CD-Writer\support\webreg\NAVBrowser.exe detectado: Heuristic.Dialer.RAS

C:\Backup Ivanir\WINDOWS\wt\wtvh.dll detectado: Adware.WildTangent.b

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP838\A0872895.dll detectado: Riskware.AdTool.Win32.MyWebSearch.i

 

Analisado

 

Arquivos: 172277

Objetos: 337555

Cookies: 18

Processos: 29

 

Encontrado

 

Arquivos: 5

Objetos: 50

Cookies: 1

Processos: 1

Chaves do registro: 0

 

Fim da análise: 22/11/2007 18:22:49

Duração da análise: 05:35:43

 

C:\System Volume Information\_restore{55F93270-C9CB-4DEE-B43B-42D246824CAD}\RP838\A0872895.dll Excluído Riskware.AdTool.Win32.MyWebSearch.i

C:\Backup Ivanir\WINDOWS\wt\wtvh.dll Excluído Adware.WildTangent.b

C:\Backup Ivanir\Arquivos de programas\Corel\Graphics10\Register\NAVBrowser.exe Excluído Heuristic.Dialer.RAS

C:\Backup Ivanir\Arquivos de programas\HP CD-Writer\support\webreg\NAVBrowser.exe Excluído Heuristic.Dialer.RAS

C:\Documents and Settings\Usuario03\Cookies\usuario03@atdmt[1].txt Excluído Trace.TrackingCookie

c:\windows\ncuninst.exe Excluído Trace.File.MARAVEL Screensaver

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> Changed Excluído Trace.Registry.Warez P2P Faster Accelerator

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> SlowInfoCache Excluído Trace.Registry.Warez P2P Faster Accelerator

Value: HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Zwinky Toolbar

Value: HKEY_CLASSES_ROOT\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.Search Enhancer

c:\windows\gvcasinos.ini Excluído Trace.File.Grace Casino

Key: HKEY_CLASSES_ROOT\appid\mediagateway.exe Excluído Trace.Registry.WindUpdates.MediaGateway

Value: HKEY_CLASSES_ROOT\appid\mediagateway.exe --> appid Excluído Trace.Registry.WindUpdates.MediaGateway

Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll Excluído Trace.Registry.WindUpdates.MediaGateway

Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} Excluído Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} Excluído Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} Excluído Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} Excluído Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} Excluído Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} Excluído Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} Excluído Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} Excluído Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} Excluído Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} Excluído Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} Excluído Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} Excluído Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} Excluído Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} Excluído Trace.Registry.MyWebSearchToobar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName Excluído Trace.Registry.MyWebSearch Toolbar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL Excluído Trace.Registry.MyWebSearch Toolbar

Key: HKEY_USERS\S-1-5-21-1343024091-1682526488-1060284298-1003\software\microsoft\windows\currentversion\ext\stats\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} Excluído Trace.Registry.Mirar

Key: HKEY_USERS\S-1-5-21-1343024091-1682526488-1060284298-1003\software\microsoft\windows\currentversion\ext\stats\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e} Excluído Trace.Registry.Mirar

Key: HKEY_CLASSES_ROOT\clsid\{d676f999-4608-4dc5-a135-4f51f4212739} Excluído Trace.Registry.MediaPass

Value: HKEY_CLASSES_ROOT\appid\mediagateway.exe --> appid Excluído Trace.Registry.MediaAccess

Key: HKEY_CLASSES_ROOT\typelib\{aa987bf8-e849-4996-9335-413df4a8158a} Excluído Trace.Registry.KeyLogger.wintective

Key: HKEY_USERS\S-1-5-21-1343024091-1682526488-1060284298-1003\software\kazaa Excluído Trace.Registry.KaZaA

Key: HKEY_CLASSES_ROOT\clsid\{40d8240a-e3a0-4d59-ac55-0443120188d1} Excluído Trace.Registry.HotBar

Value: HKEY_CLASSES_ROOT\CLSID\{40D8240A-E3A0-4D59-AC55-0443120188D1}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.HotBar

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40D8240A-E3A0-4D59-AC55-0443120188D1}\InprocServer32 --> ThreadingModel Excluído Trace.Registry.HotBar

Key: HKEY_USERS\S-1-5-21-1343024091-1682526488-1060284298-1003\software\microsoft\office\11.0\common\research\sources\{19c33034-3878-4beb-b843-62c2761aff96} Excluído Trace.Registry.AlexaToolbar

Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\5.0\user agent\post platform --> alexa toolbar Excluído Trace.Registry.AlexaToolbar

c:\windows\b.exe Excluído Trace.File.BuddyPicture

[2152] C:\Arquivos de programas\Internet Explorer\MSIMG32.dll Excluído Riskware.AdTool.Win32.MyWebSearch.au

C:\Arquivos de programas\Internet Explorer\msimg32.dll Excluído Riskware.AdTool.Win32.MyWebSearch.au

 

Excluído

 

Arquivos: 5

Objetos: 50

Cookies: 1

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:05 Thiago, on 22/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Valve\Steam\Steam.exe

C:\SERV-N\apache\Apache.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\SERV-N\apache\mysql\bin\mysqld-nt.exe

C:\SERV-N\apache\Apache.exe

C:\WINDOWS\System32\Rundll32.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

c:\arquivos de programas\a-squared free\a2free.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\agent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Usuario03\Desktop\HijackThis\HijackThis.exe

 

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Lefty - {275296E0-75EC-4380-BB5F-900636889A8D} - C:\WINDOWS\system32\nsa3D.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AD Bot - {BCBCEE7B-2001-4971-B991-EB6E81C96CC5} - C:\WINDOWS\system32\adspipe.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Valve\Steam\Steam.exe" -silent

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Apache - Unknown owner - C:\SERV-N\apache\Apache.exe" --ntservice (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - \SERV-N\apache\mysql\bin\mysqld-nt.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite ThiagoQB!

 

>@< Abra o HijackThis e dê Fix,nesta entrada:

 

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

_________________________

 

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Executar cleaner.

>@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros.

_________________________

 

>@< Faça um escaneamento OnLine,pelo Panda.

>@< Em,Arquivar e analisar,preencha o campo: País/Distrito/Região/E-Mail válido.

>@< Digite o seu E-Mail.

>@< Marque o botão:Não desejo receber informações...

>@< Clique em: Pesquise agora,sem custos.Aguarde!

>@< Permita a instalação do Active X.

>@< Ps: Para quem possui o Avast,surgirá um alerta de malware,que deverá ser ignorado!

>@< Recomendo que seja desabilitada,a proteção residente do Avast,ao executar o Activescan.

>@< No aviso,clique em Instalar.Aguarde a finalização,da contagem regressiva!

>@< Terminando e,em: Selecione um dispositivo para analisar...

>@< Escolha: O Meu Computador.

>@< Aguarde!Pois vai demorar um pouco para concluir o scan.

>@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.