[Arquivado] iE abrindo pagina pornograficas...Analise o Log

[lufoliene 0]

Boa noite ..

Como eu disce no titulo ... meu iE esta abrindo pagina ---ograficas automaticamente....eu li um topico e diceram q eu tenho q postar meu log no Hijack entao ai vai

 

Logfile of HijackThis v1.99.1

Scan saved at 00:54:14, on 24/1/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\regsvr32.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\bagulho\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {bce608e8-1dd1-11b2-9ede-f547996e875d} - C:\WINDOWS\mbkjmrcd.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [czifyfwd] regsvr32 /u "C:\Documents and Settings\All Users\Dados de aplicativos\czifyfwd.dll"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: Win32 Classes -

O17 - HKLM\System\CCS\Services\Tcpip\..\{1F82D876-BE18-4B91-822C-F480B520DBE7}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{1F82D876-BE18-4B91-822C-F480B520DBE7}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)

 

Obrigado...

 

agurado a resposta =D

[DigRam 144]

Bom Dia lufoliene!

 

>@< Faça o download do SmitfraudFix.

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável ( SmitfraudFix.cmd ),para o Desktop.

>@< Reinicie o computador em Modo de Segurança! << Importante!

>@< Execute o SmitfraudFix.cmd <!>

>@< Aperte a opção 2 >> Enter.

>@< Quando aparecer a mensagem: Do you want to clean the registry,aperte a opção Y >> Enter.

>@< Reinicie,normalmente,o computador!

>@< Caso tenha ocorrido mudanças,no desktop,corrija nas propriedades de vídeo.( Tema )

>@< Copie o Log ( rapport.txt ) e poste,na sua resposta + HijackThis,atualizado.

 

Abraços!

[lufoliene 0]

Boa tarde ou quase boa noite... descupe a demora...

 

A vai o novo log do Hijack this:

 

Logfile of HijackThis v1.99.1

Scan saved at 18:58:35, on 24/1/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\regsvr32.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\bagulho\HijackThis.exe

 

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {bce608e8-1dd1-11b2-9ede-f547996e875d} - C:\WINDOWS\mbkjmrcd.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [czifyfwd] regsvr32 /u "C:\Documents and Settings\All Users\Dados de aplicativos\czifyfwd.dll"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: Win32 Classes -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)

 

o log no otro programa n consegui salva como eu faço?

 

vou tentar de novo c n der me explica aew !!

[lufoliene 0]

Acho q essa é a parte importante do log do rapport...ai vai

 

SmitFraudFix v2.274

 

Scan done at 18:55:48,07, qui 24/01/2008

Run from C:\bagulho\SmitfraudFix

OS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NT

The filesystem type is FAT32

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 007guard.com

127.0.0.1 www.007guard.com

127.0.0.1 008i.com

127.0.0.1 008k.com...............

.................(aq vem uma serie de sites )

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\migicons.exe Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix.exe by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{31E8A893-FA78-463B-AFAD-761E28352EED}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS1\Services\Tcpip\..\{31E8A893-FA78-463B-AFAD-761E28352EED}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS2\Services\Tcpip\..\{31E8A893-FA78-463B-AFAD-761E28352EED}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

Junto o anexo do rapport inteiro

[DigRam 144]

Boa Noite lufoline!

 

>@< Reinicie o computador,em Modo de Segurança.

>@< Abra o HijackThis e clique em,Do a system scan only.

>@< Marque as entradas,logo abaixo,e clique em Fix checked.

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {bce608e8-1dd1-11b2-9ede-f547996e875d} - C:\WINDOWS\mbkjmrcd.dll

O4 - HKLM\..\Run: [czifyfwd] regsvr32 /u "C:\Documents and Settings\All Users\Dados de aplicativos\czifyfwd.dll"

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: Win32 Classes -

>@< Ainda,em Modo Seguro,delete os ficheiros:

 

C:\WINDOWS\mbkjmrcd.dll

 

C:\Documents and Settings\All Users\Dados de aplicativos\czifyfwd.dll

 

>@< Reinicie em Modo Normal!

___________________________

 

>@< Poste,na sua resposta: Log,do HijackThis,atualizado.

 

Abraços!

[lufoliene 0]

Boa noite....Dig

 

Entao fiz oq você falou porem n foi encontrado os ficheiros...q você mandou deletar...

 

ai vai o log depois dos processos q eu fiz citados por você

 

Logfile of HijackThis v1.99.1

Scan saved at 21:49:44, on 24/1/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\bagulho\HijackThis.exe

 

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)

 

eae oq aconteceu?

 

 

vlws abraço

[DigRam 144]

Bom Dia lufoliene!

 

>@< Faça o download do HostsXpert.

>@< Descompacte-o e mova o executável ( HostsXpert.exe ),para o Desktop.

>@< Feche todas as janelas e o navegador!

>@< Clique em Restore Microsoft's Hosts file >> Ok.

>@< Finalize o programa!

>@< Reinicie o computador!

_________________________

 

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,não faça nenhum scan!

_________________________

 

>@< Reinicie o computador,em Modo de Segurança.

>@< Vá em em Iniciar >> Executar.

>@< Digite: cmd >> Clique em Ok.

>@< Na janela DOS,que surgir,digite:

 

SC STOP "Distributed Allocated Memory Unit " >> Aperte Enter.

SC DELETE "Distributed Allocated Memory Unit " >> Aperte Enter.

SC STOP "Microsoft security update service" >> Aperte Enter.

SC DELETE "Microsoft security update service" >> Aperte Enter.

exit >> Aperte Enter.

>@< Ps: Para cada linha digitada,aperte Enter.

>@< Terminando,vá ao a-squared e clique em: Analisar agora.

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena.

>@< Aonde,daí,serão excluídos ou restaurados.

>@< Reinicie,em Modo Normal!.

_________________________

 

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.