[Resolvido] &nbspProblema com Anti-Virus

juniorzin · Agosto 17, 2011

Boa tarde , estou com um problema no meu pc , que ele simplismente não executa os anti - virus , creio eu que seja malware , ja vi problemas semelhantes ao meu que era virus ,

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:27:32, on 17/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

C:\Documents and Settings\Administrador\system.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\SoftonicDownloader_para_hijackthis.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.minilua.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minilua.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minilua.com/q/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ww4.freeurlset.com:8083/connect.dat

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {D1763781-8374-40BD-836A-F2E1F2600B2F}836A-F2E1F2600B2F} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Policies\Explorer\Run: [internet] "C:\Documents and Settings\Administrador\system.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{43116D85-F7AE-4142-A8E1-38C709F5A91C}: NameServer = 200.204.0.10 200.204.0.138

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

--

End of file - 9772 bytes

Grato

wings · Agosto 17, 2011

Olá juniorzin

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

juniorzin · Agosto 17, 2011

oii descupa , postei e fui pra academia terminei agr de fazer ^^ segue ai o log

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Versão da Base de Dados: 7491

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

17/8/2011 18:00:10

mbam-log-2011-08-17 (18-00-10).txt

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 225854

Tempo decorrido: 29 minuto(s), 55 segundo(s)

Processos de Memória Infectados: 1

Módulos de Memória Infectados: 2

Chaves de Registro Infectadas: 5

Valores de Registro Infectados: 2

Itens de Dados no Registro Infectados: 4

Pastas Infectadas: 1

Arquivos Infectados: 44

Processos de Memória Infectados:

c:\documents and settings\administrador\system.exe (Trojan.Agent) -> 1948 -> Unloaded process successfully.

Módulos de Memória Infectados:

c:\WINDOWS\ksef1541.dll (Trojan.BHO) -> Delete on reboot.

c:\documents and settings\administrador\engine.dll (Trojan.Agent) -> Delete on reboot.

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\CLSID\{D1763781-8374-40BD-836A-F2E1F2600B2F} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{C5C53AD7-957B-40C0-9886-B3CA26A51BD1} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{46AF773E-50A3-4347-A6EC-BEEA0CF115CD} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Center.CenterPlus (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D1763781-8374-40BD-836A-F2E1F2600B2F} (Trojan.BHO) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Internet (Trojan.Agent) -> Value: Internet -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Pastas Infectadas:

c:\WINDOWS\winarquivos (Trojan.Banker) -> Quarantined and deleted successfully.

Arquivos Infectados:

c:\WINDOWS\ksef1541.dll (Trojan.BHO) -> Delete on reboot.

c:\documents and settings\administrador\system.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\administrador\engine.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\administrador\configurações locais\Temp\Rar$EX00.406\diablo2_kg.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\documents and settings\administrador\configurações locais\Temp\Rar$EX06.188\keygen ps cs5.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\ebyhed.dll (Worm.Downadup) -> Delete on reboot.

c:\WINDOWS\system32\igfxrenuz.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.

c:\arquivos de programas\messenge\500a (Malware.Trace) -> Quarantined and deleted successfully.

c:\arquivos de programas\messenge\500b (Malware.Trace) -> Quarantined and deleted successfully.

c:\arquivos de programas\messenge\500c (Malware.Trace) -> Quarantined and deleted successfully.

c:\arquivos de programas\messenge\loga.dll (Malware.Trace) -> Quarantined and deleted successfully.

c:\arquivos de programas\messenge\logb.dll (Malware.Trace) -> Quarantined and deleted successfully.

c:\arquivos de programas\messenge\logc.dll (Malware.Trace) -> Quarantined and deleted successfully.

c:\arquivos de programas\messenge\logaa.dll (Malware.Trace) -> Quarantined and deleted successfully.

c:\arquivos de programas\messenge\logbb.dll (Malware.Trace) -> Quarantined and deleted successfully.

c:\arquivos de programas\messenge\logcc.dll (Malware.Trace) -> Quarantined and deleted successfully.

c:\arquivos de programas\windows media player\silkscrenn500.ini (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\administrador\connect32.dll (Trojan.Banker) -> Quarantined and deleted successfully.

c:\documents and settings\administrador\dados de aplicativos\google talk\googletalk.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\000003aba1ac3fa8 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\000003aba1ac508a (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\000003aba1ac6859 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\000003abd450960f (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\000003abd450fb92 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\000003abd4511537 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\000003abe04803f4 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\000003abe0484231 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\000003abe0488ff8 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod01.mp3 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod02.mp3 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod03.mp3 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod1-400 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod1-500 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod1-600 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod1-700 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod2-400 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod2-500 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod2-600 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod2-700 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod3-400 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod3-500 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod3-600 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\mod3-700 (Trojan.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\winarquivos\NewIcon.ico (Trojan.Banker) -> Quarantined and deleted successfully.

wings · Agosto 17, 2011

*Baixe o RogueKiller e salve-o no desktop

*Execute-o e tecle 1 > [ENTER]

*Cole o relatório apresentado

juniorzin · Agosto 17, 2011

Segue o Log

RogueKiller V5.3.1 [08/06/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Administrador [Admin rights]

Mode: Scan -- Date : 08/17/2011 18:30:46

Bad processes: 0

Registry Entries: 3

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:

127.0.0.1 localhost

0.0.0.0 gtcc1.acecounter.com

0.0.0.0 gtp1.acecounter.com

0.0.0.0 acestats.com

0.0.0.0 www.acestats.com

0.0.0.0 www.activesearch.com #[Adware.ActiveSearch]

0.0.0.0 actualnames.com #[Parasite.ActualNames][spyware.ActualNames]

0.0.0.0 www.actualnames.com

0.0.0.0 ad-up.com

0.0.0.0 www.ad-up.com

0.0.0.0 adatom.com

0.0.0.0 aesp.adatom.com

0.0.0.0 adbest.com #[iE-SpyAd]

0.0.0.0 www.adcipta.net #[W32/Malware]

0.0.0.0 adserv.adbonus.com #[iE-SpyAd]

0.0.0.0 www.adbonus.com

0.0.0.0 media.adcentriconline.com #[iE-SpyAd]

0.0.0.0 ad2.adcept.net

0.0.0.0 ad3.adcept.net

0.0.0.0 www.adcept.net #[iE-SpyAd]

[...]

Finished : << RKreport[1].txt >>

RKreport[1].txt

wings · Agosto 17, 2011

*Execute novamente o RogueKiller e tecle 2 > [ENTER]

*Cole o relatório apresentado

juniorzin · Agosto 17, 2011

Feito

RogueKiller V5.3.1 [08/06/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Administrador [Admin rights]

Mode: Remove -- Date : 08/17/2011 18:38:58

Bad processes: 0

Registry Entries: 3

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:

127.0.0.1 localhost

0.0.0.0 gtcc1.acecounter.com

0.0.0.0 gtp1.acecounter.com

0.0.0.0 acestats.com

0.0.0.0 www.acestats.com

0.0.0.0 www.activesearch.com #[Adware.ActiveSearch]

0.0.0.0 actualnames.com #[Parasite.ActualNames][spyware.ActualNames]

0.0.0.0 www.actualnames.com

0.0.0.0 ad-up.com

0.0.0.0 www.ad-up.com

0.0.0.0 adatom.com

0.0.0.0 aesp.adatom.com

0.0.0.0 adbest.com #[iE-SpyAd]

0.0.0.0 www.adcipta.net #[W32/Malware]

0.0.0.0 adserv.adbonus.com #[iE-SpyAd]

0.0.0.0 www.adbonus.com

0.0.0.0 media.adcentriconline.com #[iE-SpyAd]

0.0.0.0 ad2.adcept.net

0.0.0.0 ad3.adcept.net

0.0.0.0 www.adcept.net #[iE-SpyAd]

[...]

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

wings · Agosto 17, 2011

*Execute novamente o RogueKiller e tecle 3 > [ENTER]

*Cole o relatório apresentado

juniorzin · Agosto 17, 2011

RogueKiller V5.3.1 [08/06/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Administrador [Admin rights]

Mode: HOSTSFix -- Date : 08/17/2011 18:43:29

Bad processes: 0

HOSTS File:

127.0.0.1 localhost

0.0.0.0 gtcc1.acecounter.com

0.0.0.0 gtp1.acecounter.com

0.0.0.0 acestats.com

0.0.0.0 www.acestats.com

0.0.0.0 www.activesearch.com #[Adware.ActiveSearch]

0.0.0.0 actualnames.com #[Parasite.ActualNames][spyware.ActualNames]

0.0.0.0 www.actualnames.com

0.0.0.0 ad-up.com

0.0.0.0 www.ad-up.com

0.0.0.0 adatom.com

0.0.0.0 aesp.adatom.com

0.0.0.0 adbest.com #[iE-SpyAd]

0.0.0.0 www.adcipta.net #[W32/Malware]

0.0.0.0 adserv.adbonus.com #[iE-SpyAd]

0.0.0.0 www.adbonus.com

0.0.0.0 media.adcentriconline.com #[iE-SpyAd]

0.0.0.0 ad2.adcept.net

0.0.0.0 ad3.adcept.net

0.0.0.0 www.adcept.net #[iE-SpyAd]

[...]

Resetted HOSTS:

127.0.0.1 localhost

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

wings · Agosto 17, 2011

*Execute novamente o RogueKiller e tecle 4 > [ENTER]

*Cole o relatório apresentado

juniorzin · Agosto 17, 2011

RogueKiller V5.3.1 [08/06/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Administrador [Admin rights]

Mode: ProxyFix -- Date : 08/17/2011 18:46:28

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

wings · Agosto 17, 2011

*Baixe o ProxyFix e salve-o no desktop

*Tecle [A] > [ENTER]

*Cole o relatório apresentado

juniorzin · Agosto 17, 2011

ProxyFix v 2.0 © by Maxstar

qua 17/08/2011 - 18:49:53,09

----------Internet Explorer----------

"ProxyEnable"=dword:00000000

----------Firefox----------

user_pref("network.proxy.autoconfig_url", "http://ww4.freeurlset.com:8083/connect.dat");

user_pref("network.proxy.socks_port", 80);