Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

PedroAntunes

[Arquivado] Navegadores abrem abas sem parar!

Recommended Posts

Todos os navegadores instalados (firefox e chrome) abrem novas abas sem parar... segue o log do Hijack:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:37:07, on 2/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe

C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\msiexec.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=14302&l=dis

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\DealioToolbarIE.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\DealioToolbarIE.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [WinServices] C:\WINDOWS\winservices.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [Torrent2Exe[1e255d11b6935a5cff14f3ac7da942090f650010]] C:\Documents and Settings\Pedro\Meus documentos\Downloads\b077080ptbr.exe

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: WinPolicy AutoLock (AutoLock) - Unknown owner - \WPService.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Arquivos de programas\WinPcap\rpcapd.exe

 

--

End of file - 8236 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde PedroAntunes

 

1.

*Baixe o ATF Cleaner e salve-o no desktop

*Duplo clique em ATF-Cleaner.exe

*Em Main selecione [select all]

*Clique em [Empty Selected]

=>Caso use Firefox ou Opera, também, siga os procedimentos abaixo:

*Em "Firefox" ou em "Opera" clique em [select all] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

*Clique [Empty Selected] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

*Clique em [Exit] ou no [X] para sair do programa

 

2.

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle L > [ENTER]

 

3.

*Baixe o SDFix e salve-o no desktop

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio > clique na opção "AntiVir Guard enable".

*Duplo clique em SDFix.exe e a ferramenta será instalada em C:\SDFix

*Reinicie o PC em Modo de Segurança (aperte F8 de forma intermitente durante a inicialização do PC e selecione "Modo Seguro")

*Na pasta C:\SDFix localize e execute o arquivo RunThis.bat

*Tecle [Y]

*Ao término, pressione qualquer tecla

*O PC será reiniciado automaticamente

*Ao reiniciar, a ferramenta novamente será executada

*Caso não ocorra a execução automática, execute novamente o arquivo RunThis.bat e tecle [F]

*Ao surgir "The FixTool has finished", pressione qualquer tecla

*Cole os relatórios criados em C:\SDFix\Report.txt, C:\Ad-Report-CLEAN.log e novo log do hijack

Compartilhar este post


Link para o post
Compartilhar em outros sites

C:\SDFix\Report.txt :

 

 

SDFix: Version 1.240

Run by Administrador on qua 02/12/2009 at 17:00

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"C:\\Arquivos de programas\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"="C:\\Arquivos de programas\\River Past\\Video Cleaner Pro\\VideoCleaner.exe:*:Enabled:River Past Video Cleaner Pro"

"C:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"="C:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe:*:Enabled:Pando Media Booster"

"C:\\Level Up! Games\\Perfect World\\launcher\\Launcher.exe"="C:\\Level Up! Games\\Perfect World\\launcher\\Launcher.exe:*:Enabled:Perfect World"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Mon 16 Nov 2009 4,096 A..H. --- "C:\Arquivos de programas\Gravity\Ragnarok Online\._binkw32.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Arquivos de programas\Gravity\Ragnarok Online\._CosmicRO.exe"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Arquivos de programas\Gravity\Ragnarok Online\._cps.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Arquivos de programas\Gravity\Ragnarok Online\._granny2.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Arquivos de programas\Gravity\Ragnarok Online\._GRF.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Arquivos de programas\Gravity\Ragnarok Online\._ijl15.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Arquivos de programas\Gravity\Ragnarok Online\._Mss32.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Arquivos de programas\Gravity\Ragnarok Online\._st.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Arquivos de programas\Gravity\Ragnarok Online\._unrar.dll"

Fri 25 Sep 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Meus documentos\pendrive\Pedro Antunes\._install_flash_player.exe"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cha\._binkw32.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cha\._CosmicRO.exe"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cha\._cps.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cha\._granny2.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cha\._GRF.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cha\._ijl15.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cha\._Mss32.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cha\._st.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cha\._unrar.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\CosmicRO\._binkw32.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\CosmicRO\._CosmicRO.exe"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\CosmicRO\._cps.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\CosmicRO\._granny2.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\CosmicRO\._GRF.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\CosmicRO\._ijl15.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\CosmicRO\._Mss32.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\CosmicRO\._st.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\CosmicRO\._unrar.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cosmicro2\._binkw32.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cosmicro2\._CosmicRO.exe"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cosmicro2\._cps.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cosmicro2\._granny2.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cosmicro2\._GRF.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cosmicro2\._ijl15.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cosmicro2\._Mss32.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cosmicro2\._st.dll"

Mon 16 Nov 2009 4,096 A..H. --- "C:\Documents and Settings\Pedro\Desktop\site\shippuden134\cosmicro2\._unrar.dll"

 

Finished!

 

 

C:\Ad-Report-CLEAN[1].log :

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 25.11.2009 at 18:47

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 15:48:07, qua 02/12/2009 | Normal Boot | Option: CLEAN

Executed from: C:\Arquivos de programas\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: ODRAUDE | Current user: Pedro

.

============== NEUTRALIZED ELEMENT(S) ==============

.

C:\DOCUME~1\Pedro\DADOSD~1\Dealio

C:\DOCUME~1\Pedro\DADOSD~1\DesktopIcon

C:\DOCUME~1\Pedro\DADOSD~1\Mozilla\Firefox\Profiles\ecoegf8n.default\searchplugins\askcom.xml

C:\Arquivos de programas\Dealio Toolbar

C:\Arquivos de programas\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

C:\Windows\Installer\c03a475.msi

.

HKCU\software\Dealio

HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\software\Dealio

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

HKLM\software\microsoft\windows\currentversion\uninstall\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}

 

(!) -- Temp files deleted.

 

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.5.5 [pt-BR] *

.

ProfilePath: ecoegf8n.default (Pedro)

.

(Pedro, Invalidprefs.js) Browser.search.defaultenginename, Ask.com

(Pedro, Invalidprefs.js) Browser.search.selectedEngine, Ask.com

.

(Pedro, Invalidprefs.js) ERASED - Browser.search.defaultengine, Ask.com

(Pedro, Invalidprefs.js) ERASED - Browser.search.defaultenginename, Ask.com

(Pedro, Invalidprefs.js) ERASED - Browser.search.order.1, Ask.com

(Pedro, Invalidprefs.js) ERASED - Browser.search.selectedEngine, Ask.com

(Pedro, Invalidprefs.js) ERASED - Extensions.enabledItems, toolbar@ask.com:3.3.1.313,{a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

.

(Pedro, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Pedro\Meus documentos\Downloads\OnePiece

(Pedro, prefs.js) Browser.search.defaultenginename, Yahoo

(Pedro, prefs.js) Browser.search.selectedEngine, Yahoo

.

(Pedro, prefs.js) ERASED - Browser.search.defaultengine, Ask.com

(Pedro, prefs.js) ERASED - Browser.search.order.1, Ask.com

.

.

* Internet Explorer Version 6.0.2900.5512 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Start Page: hxxp://fr.msn.com/

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Pedro\Desktop\site\shippuden134\diffpatcher.rar

C:\Documents and Settings\Pedro\Desktop\site\shippuden134\diffpatcher\diffpatcher.exe

C:\Documents and Settings\Pedro\Meus documentos\Downloads\pbRO_patch_v51GFS.exe

C:\Documents and Settings\Pedro\Meus documentos\Downloads\TriadPatcher_v1.3.0.3.rar

C:\Documents and Settings\Pedro\Meus documentos\Downloads\Cronus-OLD\Cronus-OLD\Patch\TestRO.exe

C:\Documents and Settings\Pedro\Meus documentos\Downloads\TriadPatcher_v1.3.0.3\Triad Patcher.exe

C:\Documents and Settings\Pedro\Meus documentos\Downloads\TriadPatcher_v1.3.0.3\Configurator\Triad Configurator.exe

C:\Documents and Settings\Pedro\Meus documentos\Downloads\TriadPatcher_v1.3.0.3\Packer\Triad Packer.exe

.

===================================

.

4121 Byte(s) - C:\Ad-Report-CLEAN[1].log

.

66 File(s) - C:\DOCUME~1\Pedro\CONFIG~1\Temp

1 File(s) - C:\WINDOWS\Temp

.

19 File(s) - C:\Arquivos de programas\Ad-Remover\BACKUP

84 File(s) - C:\Arquivos de programas\Ad-Remover\QUARANTINE

.

End at: 16:43:50 | qua 02/12/2009 - CLEAN[1]

.

============== E.O.F ==============

.

 

 

Hijack :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:46:54, on 2/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\FixCamera.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe

C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\DealioToolbarIE.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [Torrent2Exe[1e255d11b6935a5cff14f3ac7da942090f650010]] C:\Documents and Settings\Pedro\Meus documentos\Downloads\b077080ptbr.exe

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: WinPolicy AutoLock (AutoLock) - Unknown owner - \WPService.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Arquivos de programas\WinPcap\rpcapd.exe

 

--

End of file - 8577 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite PedroAntunes

 

Como está a máquina?

 

1.

*Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked]

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\DealioToolbarIE.dll (file missing)

*Feche o hijack

 

 

2.

*Execute novamente o AD-Remover

*Tecle D > [ENTER]

 

3.

*Delete o programa SDFix e a pasta C:\SDFix

 

4.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Ao finalizar, se alguma atualização existir,o download será automático. Aguarde...

*Terminada a atualização, o programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Remova o que for encontrado

*Ao término do scan poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] e finalmente clique em [OK]. Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. Caso não seja solicitado, reinicie o PC manualmente.

*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt

*Clique em [Abrir], copie, cole-o na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.