[Resolvido!] Log do hijackthis

sddom · Agosto 19, 2010

Olá boa noite!

Eu não estou conseguindo instalar nenhum antivirus no computador.

Segue o log do hijackthis.

obrigado pelo espaço.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:45:09, on 19/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Java\jre6\launch4j-tmp\frd.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.superdownloads.com.br

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fornecido por Superdownloads

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.portals-links.com/http.js

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\SearchSettings.dll

O1 - Hosts: 68.233.230.153 santander.com.br

O1 - Hosts: 68.233.230.153 www.santander.com.br

O1 - Hosts: 68.233.230.153 itau.com.br

O1 - Hosts: 68.233.230.153 www.itau.com.br

O1 - Hosts: 68.233.230.153 www.itau.com

O1 - Hosts: 68.233.230.153 itau.com

O1 - Hosts: 68.233.230.153 itaupersonnalite.com.br

O1 - Hosts: 68.233.230.153 www.itaupersonnalite.com.br

O1 - Hosts: 68.233.230.153 www.bradesco.com.br

O1 - Hosts: 68.233.230.153 bradesco.com.br

O1 - Hosts: 68.233.230.153 www.bradesco.com

O1 - Hosts: 68.233.230.153 bradesco.com

O1 - Hosts: 68.233.230.153 www.bradescoempresa.com.br

O1 - Hosts: 68.233.230.153 bradescoempresa.com.br

O1 - Hosts: 68.233.230.153 www.bradescoprime.com.br

O1 - Hosts: 68.233.230.153 bradescoprime.com.br

O1 - Hosts: 68.233.230.153 bradescocartoes.com.br

O1 - Hosts: 68.233.230.153 www.bradescocartoes.com.br

O1 - Hosts: 68.233.230.153 caixa.gov.br

O1 - Hosts: 68.233.230.153 www.caixa.gov.br

O1 - Hosts: 68.233.230.153 internetbanking.caixa.gov.br

O1 - Hosts: 68.233.230.153 bb.com.br

O1 - Hosts: 68.233.230.153 www.bb.com.br

O1 - Hosts: 68.233.230.153 bancodobrasil.com.br

O1 - Hosts: 68.233.230.153 www.bancodobrasil.com.br

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: installnetworkworld - {df415bc4-65f1-7206-332b-f82d4b61ab2a} - C:\WINDOWS\system32\hYD0_ml-6O.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Arquivos de programas\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [Windows Update] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\wuauclt.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

--

End of file - 12069 bytes

Felipe_88 · Agosto 19, 2010

Olá, sddom!

Vamos por etapa, Ok?

1º

- Faça o download do HostsXpert'>http://www.linhadefensiva.org/dl/hoster"]HostsXpert

- Descompacte o arquivo, clique com o botão direito do mouse sobre o executável > Executar como administrador e clique em Restore MS Hosts File;

2º

*Baixe o MalwareBytes'>http://www.malwarebytes.org/mbam/program/mbam-setup.exe"]MalwareBytes Anti-Malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

No Aguardo!

sddom · Agosto 19, 2010

Realizado todos os procedimentos, surgiu uma mensagem que eu deveria reiniciar o computador e que alguns objetos nao puderam ser excluidos, segue o log do malwarebyte e do hijackthis.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4450

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

19/8/2010 21:35:39

mbam-log-2010-08-19 (21-35-39).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 202213

Tempo decorrido: 38 minuto(s), 37 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 26

Valores de Registro Infectados: 6

Itens de Dados no Registro Infectados: 2

Pastas Infectadas: 12

Arquivos Infectados: 64

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df415bc4-65f1-7206-332b-f82d4b61ab2a} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{df415bc4-65f1-7206-332b-f82d4b61ab2a} (Adware.AdRotator) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\autoconfigurl (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\autoconfigurl (Trojan.Banker) -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (avc14.exe %1 %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Pastas Infectadas:

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data (Adware.Agent) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.

Arquivos Infectados:

C:\Documents and Settings\Administrador\Configurações locais\Temp\wuauclt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Dealio Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\E_4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\E_4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C82CE55C-202D-416D-94AC-2FD86197F5C5}\RP100\A0192662.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C82CE55C-202D-416D-94AC-2FD86197F5C5}\RP100\A0192663.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C82CE55C-202D-416D-94AC-2FD86197F5C5}\RP101\A0192836.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C82CE55C-202D-416D-94AC-2FD86197F5C5}\RP101\A0192837.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C82CE55C-202D-416D-94AC-2FD86197F5C5}\RP102\A0193029.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C82CE55C-202D-416D-94AC-2FD86197F5C5}\RP102\A0193030.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C82CE55C-202D-416D-94AC-2FD86197F5C5}\RP103\A0193202.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C82CE55C-202D-416D-94AC-2FD86197F5C5}\RP103\A0193203.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C82CE55C-202D-416D-94AC-2FD86197F5C5}\RP62\A0134868.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C82CE55C-202D-416D-94AC-2FD86197F5C5}\RP70\A0143314.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C82CE55C-202D-416D-94AC-2FD86197F5C5}\RP99\A0185489.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\1DF01E\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\1DF01E\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\1.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\a.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\b.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\c.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\d.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\e.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\f.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\g.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\h.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\i.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\J.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\k.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\l.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\m.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\mru.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\n.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\o.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\p.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\q.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\r.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\s.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\t.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\u.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\v.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\w.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\x.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\y.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong\Data\z.xml (Adware.Agent) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\E_4\com.run (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\E_4\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\E_4\krnln.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\dsoqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\dsoqq1.dll (Spyware.OnlineGames) -> Delete on reboot.

C:\WINDOWS\system32\hYD0_ml-6O.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:52:52, on 19/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe