Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Liberi

[Resolvido!] Quickfinder

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Liberi    0

Liberi
Postado

Bom, eu programo em PHP e uso o EasyPHP para tal. Para ver o resultado da programação, digito em qualquer navegador "localhost" e tenho acesso normalmente. Até chegar hoje a noite em casa e tentar acessar o localhost e reparar que sempre era redirecionado para um site de busca chamado "My QuickFinder". Isso tanto no IE quanto no firefox. Já dei uma olhada aqui no fórum, usei as ferramentas CCleaner e ATF Cleaner e não obtive sucesso algum. Eu preciso muito voltar a ter acesso ao localhost.

 

Log:

Obs: O Sistema Operacional que uso é o Windows 7 Pro.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:33:41, on 02/12/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEGL.EXE

C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe

C:\Users\Carlos\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files\BrOffice.org 3\program\soffice.exe

C:\Program Files\BrOffice.org 3\program\soffice.bin

C:\Sun\SDK\jdk\bin\javaw.exe

C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Carlos\Desktop\EasyPHP3.1\EasyPHP.exe

C:\Users\Carlos\Desktop\EasyPHP3.1\Apache\bin\apache.exe

C:\Windows\system32\conhost.exe

C:\Users\Carlos\Desktop\EasyPHP3.1\Apache\bin\apache.exe

C:\Users\Carlos\Desktop\EasyPHP3.1\MySql\bin\mysqld.exe

C:\Program Files\Winamp\winamp.exe

C:\Users\Public\Games\World of Warcraft\BackgroundDownloader.exe

C:\Windows\system32\notepad.exe

C:\ProgramData\Mozilla Firefox\firefox.exe

C:\Users\Carlos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=15161&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1840\wso.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [EPSON Stylus TX400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGL.EXE /FU "C:\Windows\TEMP\E_S3DCB.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BrOffice.org 3.1.lnk = C:\Program Files\BrOffice.org 3\program\quickstart.exe

O4 - Startup: SDK Tray Menu.lnk = ?

O4 - Global Startup: OfficeSAS.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4e521835-6b12-49df-9a68-2cfbaa87a351}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{EC153CF9-BEE0-40D3-9076-1B23A950AEDC}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{4e521835-6b12-49df-9a68-2cfbaa87a351}: NameServer = 200.204.0.10 200.204.0.138

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 7753 bytes

 

Desde já eu agradeço a paciência e a boa vontade de vocês.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Liberi

 

<@> Baixe: < a2ppf_banner.jpg > ( ...by EmsiSoft )

<@> Salve-o em Arquivos de programas.

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve e poste o relatório desta verificação. ( a2scan_xxyy09-xxxxxx.txt ) <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Liberi    0

Liberi
Postado

Só pra constar, o problema persiste

 

HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:36:12, on 02/12/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe

C:\Users\Carlos\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe

C:\Program Files\BrOffice.org 3\program\soffice.exe

C:\Program Files\BrOffice.org 3\program\soffice.bin

C:\Sun\SDK\jdk\bin\javaw.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe

C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\FileZilla FTP Client\filezilla.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Notepad++\notepad++.exe

C:\Program Files\osu!\osu!.exe

C:\Users\Carlos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=15161&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1840\wso.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [EPSON Stylus TX400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGL.EXE /FU "C:\Windows\TEMP\E_S3DCB.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BrOffice.org 3.1.lnk = C:\Program Files\BrOffice.org 3\program\quickstart.exe

O4 - Startup: SDK Tray Menu.lnk = ?

O4 - Global Startup: OfficeSAS.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4e521835-6b12-49df-9a68-2cfbaa87a351}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{EC153CF9-BEE0-40D3-9076-1B23A950AEDC}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{4e521835-6b12-49df-9a68-2cfbaa87a351}: NameServer = 200.204.0.10 200.204.0.138

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 8476 bytes

 

 

a2scan_xxyy09-xxxxxx.txt:

 

a-squared Free - Versão 4.5

Última atualização 02/12/2009 08:23:30

 

Configurações da análise:

 

Scan type: deep

Objetos: Memória, Rastros, Cookies, C:\

Análise de arquivos: Ligado

Heurística: Desligado

Análise de ADS: Ligado

 

Início da análise: 02/12/2009 12:46:16

 

C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Cookies\carlos@iwon[2].txt detectado: Trace.TrackingCookie.iwon!A2

C:\Program Files\Automated Content Enhancer\4.1.0.5190\acepx.exe detectado: Virus.Win32.CeeInject!IK

C:\Program Files\IceChat7\Profiles.exe detectado: Trojan-Dropper.Win32.VB!IK

C:\Program Files\Ratio Faker\RatioFaker.exe detectado: Trojan.Win32.Agent!IK

C:\Program Files\Web Search Operator\3.1.0.1840\wsopx.exe detectado: Virus.Win32.CeeInject!IK

C:\Users\Carlos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\650996da-3a56cbe4 detectado: Trojan-Downloader.Java.Agent!IK

C:\Users\Carlos\Desktop\backup\autorun.inf detectado: Worm.Win32.AutoRun!IK

C:\Users\Carlos\Desktop\backup\Material para P3 - Circuitos Digitais\Circuitos Digitais\_ASM\emu8086_crack\crack_emu8086\snd.nfo detectado: Win32.SuspectCrc!IK

C:\Users\Carlos\Desktop\Jogos\Call of Duty 4 - Modern Warfare\#readme#\rzr-cod4-keygen.exe detectado: Riskware.Keygen.CoD4!IK

 

Analisado

 

Arquivos: 597181

Objetos: 550194

Cookies: 54

Processos: 76

 

Encontrado

 

Arquivos: 8

Objetos: 0

Cookies: 1

Processos: 0

Chaves do registro: 0

 

Fim da análise: 02/12/2009 14:25:50

Duração da análise: 1:39:34

 

C:\Users\Carlos\Desktop\Jogos\Call of Duty 4 - Modern Warfare\#readme#\rzr-cod4-keygen.exe Em quarentena Riskware.Keygen.CoD4!IK

C:\Users\Carlos\Desktop\backup\Material para P3 - Circuitos Digitais\Circuitos Digitais\_ASM\emu8086_crack\crack_emu8086\snd.nfo Em quarentena Win32.SuspectCrc!IK

C:\Users\Carlos\Desktop\backup\autorun.inf Em quarentena Worm.Win32.AutoRun!IK

C:\Users\Carlos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\650996da-3a56cbe4 Em quarentena Trojan-Downloader.Java.Agent!IK

C:\Program Files\Ratio Faker\RatioFaker.exe Em quarentena Trojan.Win32.Agent!IK

C:\Program Files\IceChat7\Profiles.exe Em quarentena Trojan-Dropper.Win32.VB!IK

C:\Program Files\Automated Content Enhancer\4.1.0.5190\acepx.exe Em quarentena Virus.Win32.CeeInject!IK

C:\Program Files\Web Search Operator\3.1.0.1840\wsopx.exe Em quarentena Virus.Win32.CeeInject!IK

C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Cookies\carlos@iwon[2].txt Em quarentena Trace.TrackingCookie.iwon!A2

 

Em quarentena

 

Arquivos: 8

Objetos: 0

Cookies: 1

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! Liberi

 

<@> Baixe: < marcinsig.gif >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Liberi    0

Liberi
Postado

Ae! Esse resolveu o problema, consegui acessar o localhost! Mto obrigado mesmo!

 

 

Log:

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3280

Windows 6.1.7600

 

02/12/2009 18:27:19

mbam-log-2009-12-02 (18-27-19).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 265306

Tempo decorrido: 41 minute(s), 58 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 2

Chaves do Registro infectadas: 20

Valores do Registro infectados: 2

Ítens do Registro infectados: 0

Pastas infectadas: 15

Arquivos infectados: 28

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

C:\Program Files\Web Search Operator\3.1.0.1840\WSOCommon.dll (Adware.Agent) -> Delete on reboot.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot.

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

C:\Program Files\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840 (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\Data (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\components (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190 (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\Data (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\HottieStar Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\DsNET Corp\aTube Catcher 1.0\yct.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOnSubL.dll (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Liberi

 

<@> Para desinstalar o Malwarebytes,dê duplo-clique no arquivo em destaque.

<@> C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe <--

<@> Reinicie o computador,após a conclusão!

<><><><><><><><><><>

<@> Ps: Para o Windows7,a Microsoft lançou o: < Microsoft Security Essentials >

<@> Voçê já o testou?

<@> Seu log está limpo! :bye:

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito