[Resolvido!] minha net esta lerda parece que é virus

maya2 · Abril 23, 2009

oi gente eu sou nova por aqui e preciso da ajuda de você's minha net ficou lerda no dia 31 de março depois que eu passei o avast e o adware eu ñ sei se isso tem algo a ver pois eu já tinha eles no pc minha net esta lerda e ñ posso baixar mais nada esta parevendo discada eu ñ sei direito usar esse programa HijackThis mais eu abri o programa e fui no botão escrito

" Do a system scan only " e veio este resultado:

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Azureus\Azureus.exe

C:\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60341

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\PROGRA~1\COMMON~1\uol\URLSEA~1\UOLSEA~1.DLL

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E356637-99A1-40B8-AE5E-C9D1A6509C14}: NameServer = 200.222.25.129,200.222.25.130

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 4188 bytes

Alguem pode me ajudar já passei tanto antivirus no pc e nada resolveu, obrigada

DigRam · Abril 24, 2009

Bom Dia! maya2

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Reinicie o computador,em Modo de Segurança. <-- Importante!

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

<@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt )

<><><><><><><><><><>

<@> Vá a este link,e baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

<><><><><><><><><><>

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo clique em dds.scr.

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

Abraços!

maya2 · Abril 24, 2009

Oi DigRam obrigada pela ajuda o relatorio do ToolBar foi:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Starter ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Celeron® CPU 2.80GHz )

BIOS : Award Modular BIOS v6.00PG

USER : kelow ( Administrator )

BOOT : Fail-safe boot

Antivirus : avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 (Activated)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:32 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 24/04/2009|18:05 )

[ UAC => 1 ]

C:\Windows\iun6002.exe

C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

-----------\\ REMOVIDOS

Deletado! - C:\Program Files\AskTBar\bar

Deletado! - C:\Program Files\Crawler\firefox

Deletado! - C:\Program Files\Crawler\Toolbar

Deletado! - C:\Program Files\MyGlobalSearch\bar

Deletado! - C:\Program Files\VMNToolbar\tbuninstall.exe

Deletado! - C:\Program Files\VMNToolbar\uninstall.exe

Deletado! - C:\Windows\iun6002.exe

Deletado! - C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

Deletado! - C:\Program Files\AskTBar

Deletado! - C:\Program Files\Crawler

Deletado! - C:\Program Files\MyGlobalSearch

Deletado! - C:\Program Files\VMNToolbar

-----------\\ Procura por Arquivos / Ficheiros ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.google.com"

"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

--------------------\\ Procurando por outras infecções

--------------------\\ Cracks & Keygens ..

C:\Users\kelow\AppData\Local\Temp\crack

C:\Users\kelow\AppData\Local\Temp\crack\leia-me.txt

C:\Users\kelow\AppData\Roaming\Azureus\torrents\! Crack Photo Pos Pro [mininova].torrent

C:\Users\kelow\Desktop\Programas\crack

C:\Users\kelow\Desktop\Programas\Super.Video.Splitter.v5.4.+.Crack.by.multibrasil.blogspot.com.rar

C:\Users\kelow\Desktop\Programas\crack\leia-me.txt

C:\Users\kelow\Desktop\Programas\crack\videosplitter.exe

C:\Users\kelow\Desktop\Programas\programas\crack

C:\Users\kelow\Desktop\Programas\programas\crack\leia-me.txt

C:\Users\kelow\Desktop\Programas\programas\crack\videosplitter.exe

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 24/04/2009|18:08 - Option : [2]

-----------\\ Verificação completa em 18:08:26,68

<><><><><><><><><><>

o relatorio do malwarebytes foi :

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 2036

Windows 6.0.6001 Service Pack 1

24/04/2009 20:05:04

mbam-log-2009-04-24 (20-04-48).txt

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 164335

Tempo decorrido: 1 hour(s), 23 minute(s), 32 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 6

Valores do Registro infectados: 1

Ítens do Registro infectados: 3

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

<><><><><><><><><><>

O resultado do HijackThis atualizado:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:32:01, on 24/04/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\prevhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60341

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\PROGRA~1\COMMON~1\uol\URLSEA~1\UOLSEA~1.DLL

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,userinit.exe,