Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

jurisklevo

[Arquivado] Malware - Brontok.C

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

jurisklevo    0

jurisklevo
Postado

Olá pessoal, o meu pc começou a apresentar alguns problemas, depois que coloquei a maquina digital para descarrega algumas fotos. O REGEDIT não aparece mais (a edição do registro foi desativada pelo administrador), o menu OPÇÕES DE PASTA tambem não aparece mais, e qnd ia fazer algum download via http, ele desligava o pc. Passei o Avg, mostrou varios malweres/brontok.c mais não conseguiu remover nem um. Passei o avira, ele identificou os malwares mais tbm não removeu. PAssei bankerfix tbm não removeu. No meu notebok foi a mesma coisa porem qnd passei o avg ele removeu.

 

O que faço ? =/

 

 

 

log hijack

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:38:49, on 5/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Pedro\Desktop\Virus Removal Tool\is-U2RUV\is-U2RUV.exe

C:\hijackthis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

O1 - Hosts: <html lang='en'>

O1 - Hosts: <head>

O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">

O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>

O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">

O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css">

O1 - Hosts: <style>

O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}

O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}

O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}

O1 - Hosts: .services { font-size:116%; padding-bottom:20px }

O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}

O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}

O1 - Hosts: p {margin:20px;font-size:1em;}

O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}

O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}

O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}

O1 - Hosts: </style>

O1 - Hosts: </head>

O1 - Hosts: <body>

O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->

O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->

O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">

O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">

O1 - Hosts: <div class="ez-box">

O1 - Hosts: <link type="text/css" rel="stylesheet" href="http://l.yimg.com/a/lib/uh/15/css/uh-1.0.28.css">

O1 - Hosts: <style type="text/css">

O1 - Hosts: div#headerblock div{font-family:arial;}

O1 - Hosts: </style>

O1 - Hosts: <div id="ygma"><div id="ygmaheader"><div class="bd sp"><div id="ymenu" class="ygmaclr"><div id="mepanel"><ul id="mepanel-nav"><li class="me1"><em>New User? <a class="ygmasignup" title="Sign Up" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=2/SIG=13j8rdsqp/*https://edit.yahoo.com/config/eval_register?.done=http://smallbusiness.yahoo.com%2findex.html&.src=smbiz&.intl=us">Sign Up</a></em></li><li class="me2"><a title="Sign In" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=3/SIG=13cm6p12o/*https://login.yahoo.com/config/login?.done=http://geocities.yahoo.com&.src=smbiz&.intl=us">Sign In</a></li>

O1 - Hosts: <li class="me3"><a href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*http://help.yahoo.com/l/us/yahoo/geocities/"'>http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*http://help.yahoo.com/l/us/yahoo/geocities/" target="_top" title="Yahoo! Help Central">Help</a></li>

O1 - Hosts: </ul></div><div id="ygmapromo"><a style="font-weight:bold;" id="ygmaie8" href="http://us.ard.yahoo.com/SIG=15vud5jbf/M=650008.13445975.13532322.12832737/D=smallbiz/S=2023010636:HPRM2/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=0Qw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5706923/R=0/SIG=117bakia1/*http://toolbar.yahoo.com/?.cpdl=ushdl" target="_top">Get Yahoo! Toolbar<abbr title="Yahoo! Toolbar"></abbr></a>

O1 - Hosts: <script language=javascript>

O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();

O1 - Hosts: window.yzq_d['0Qw4Atj8a20-']='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';

O1 - Hosts: </script>

O1 - Hosts: <noscript><img width=1 height=1 alt="" src="http://us.bc.yahoo.com/b?P=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48&T=144j596l3%2fX%3d1252090825%2fE%3d2023010636%2fR%3dsmallbiz%2fK%3d5%2fV%3d2.1%2fW%3dH%2fY%3dYAHOO%2fF%3d1861688409%2fQ%3d-1%2fS%3d1%2fJ%3d8B68FCD8&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1"></noscript></div>

O1 - Hosts: <div id="pa"><div id="pa-wrapper"><ul id="pa2-nav" class="sp"><li class="pa1 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/*http://yahoo.com/"'>http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/*http://yahoo.com/" title="Yahoo!" target="_top">Yahoo!</a></li><li class="pa2 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/*http://mail.yahoo.com"'>http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/*http://mail.yahoo.com" title="Yahoo! Mail" target="_top">Mail</a></li></ul><div id="pa-left" class="sp"></div><ul id="pa-nav" class="sp"><li class="pa3 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252

O1 - Hosts: <script language=javascript>

O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();

O1 - Hosts: window.yzq_d['zgw4Atj8a20-']='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';

O1 - Hosts: </script>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: <div class="ez-wr" style="width:898px;margin-top:1.5em">

O1 - Hosts: <Div class="ez-l2a" id="wrapper">

O1 - Hosts: <div class="ez-l2a-1 " style="width:898px">

O1 - Hosts: <div class="ez-box">

O1 - Hosts: <div class="ez-wr" >

O1 - Hosts: <div class="ez-box" style="width:898px">

O1 - Hosts: <h1>Sorry, the GeoCities web site you were trying to reach is no longer available.</h1>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: <div class="ez-wr">

O1 - Hosts: <div class="ez-box" id="boxyahoourls">

O1 - Hosts: <p> GeoCities has closed, but there's a lot more to explore on Yahoo!</p>

O1 - Hosts: <h2>Visit one of these popular Yahoo! sites:</h2>

O1 - Hosts: <ul class= "services">

O1 - Hosts: <li><a href="http://mail.yahoo.com">Yahoo! Mail</a></li>

O1 - Hosts: <li><a href="http://smallbusiness.yahoo.com/webhosting">Web Hosting</a></li>

O1 - Hosts: <li><a href="http://news.yahoo.com">News</a></li>

O1 - Hosts: <li><a href="http://games.yahoo.com">Games</a></li>

O1 - Hosts: <li><a href="http://sports.yahoo.com/">Sports</a> </li>

O1 - Hosts: <li><a href="http://movies.yahoo.com">Movies</a></li>

O1 - Hosts: <li><a href="http://finance.yahoo.com">Finance</a></li>

O1 - Hosts: <li><a href="http://maps.yahoo.com">Maps</a></li>

O1 - Hosts: </ul>

O1 - Hosts: </div>

O1 - Hosts: <li class="rule"><!----></li>

O1 - Hosts: <p>The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, <a href="http://www.archive.org/web/web.php" target="_blank">visit Archive.org</a> and enter the site's web address in the field provided.</p>

O1 - Hosts: <li class="rule"><!----></li>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: <div class="ez-wr">

O1 - Hosts: <div class="ez-box" style="text-align:center; margin-top:25px;">

O1 - Hosts: <font size="-2" face="verdana">Copyright © 2009 <a href="http://yahoo.com/">Yahoo!</a> Inc. All rights reserved.

O1 - Hosts: <ul>

O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a></li> -

O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a></li> -

O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a

O1 - Hosts: ></li> -

O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://smallbusiness.yahoo.com/tos/tos.php">Terms of Service

O1 - Hosts: </a></li> -

O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://help.yahoo.com/help/us/geo/">Help</a></li>

O1 - Hosts: </ul>

O1 - Hosts: </font>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: </div>

O1 - Hosts: </body>

O1 - Hosts: </html>

O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>

O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1257213586&f=us-w5" ALT=1 WIDTH=1 HEIGHT=1>

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: is-U2RUV.lnk = C:\Documents and Settings\Pedro\Desktop\Virus Removal Tool\is-U2RUV\startup.exe

O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DA1C3539-644C-4565-836C-CD8A394E7933}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 16143 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! jurisklevo

 

<@> Faça uma verificação,ao arquivo Hosts,e veja se está no padrão.

<@> No Windows XP,verifique: C:\WINDOWS\System32\Drivers\etc <--

<@> Abra essa pasta,e localize o arquivo Hosts.

<@> Ps: Abra-o com o Bloco de Notas!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

<@> Ps: No Hosts,padronizado,não poderemos ter informações,abaixo de 127.0.0.1 localhost,que indiquem sites oficiais de antivírus.

<@> Tendo dúvidas,baixe e execute o HostsXpert,que gerenciará seu arquivo Hosts.

 

<1> < Link 1 >

<2> < Link 2 >

<3> < Link 3 > <-- Descompacte-o ao utilizar!

 

<@> Ela colocará o Hosts no padrão,dentre outras opções incluídas no gerenciamento:

 

- Append File - Allows selection of a file to be appended to your current hosts file.

- Replace File - Allows selection of a file to replace your hosts file.

- Merge File - Allows selection of a file to be merged with your current hosts file.

- Create Backup - Creates a Backup of you current hosts file. Backup file will be placed where ever HostsXpert.exe resides on your Hard drive.

- Restore Backup - Restores the backup hosts file.

- Restore MS Hosts - Restores the hosts file to Microsofts original hosts file. <-- Padroniza o Hosts!

- Add to Hosts Files - Adds the line item into your hosts file.

- Delete Line - Deletes highlighted line from hosts file.

- Comments - Insert # / Remove# - Insert or Remove "#" (comment marker).

- Sort File - Sorts the current hosts file in alphanumeric order, removes all comment lines.

- Swap Localhost - Swaps the current hosts file between 127.0.0.1 and 0.0.0.0

- Remove Block Items - Removes all blocking lines in the current hosts file.

- Copy to Clipboard - Copies the current hosts file to the clipboard.

- Make Hosts read-only/writable toggle <--

- Search - Enter text to be searched for, click Previous or Next.

- Open in Memopad - Opens the Memopad built-in to HostsXpert

- Save Hosts

- Saves the Hosts file from Memopad.

- Save As - Allows you to save the hosts file as a file other than "Hosts".

- Save Hosts Exit Memopad - Saves the Hosts file from Memopad, and returns you to normal view.

- Exit Memopad - Does not save changes.

<@> Salve-a no desktop!

<@> Descompacte-a e execute: HostsXpert.exe

<@> Feche todas as janelas e o navegador!

<@> Clique em "Restores the hosts file to Microsofts original hosts file" --> Ok.

<@> Ps: Essa opção,recuperará ou colocará o Hosts,em seu formato original. ( Microsoft )

<@> Ocorrendo algum erro,em sua execução,clique em Make Writable e repita o procedimento.

<@> Ps: Essa opção,irá sobreescrever o Hosts,auxiliando a padronização.

<@> Finalize/salve essas mudanças,e reinicie o computador!

<@> Poste: HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito