[Arquivado] Virus!

[s.menezes 0]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:41:36, on 06/05/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Silvia\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Silvia\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Silvia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe -update plugin

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O17 - HKLM\System\CCS\Services\Tcpip\..\{D822D070-7E72-47FB-B853-3C23FDBD8238}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{D822D070-7E72-47FB-B853-3C23FDBD8238}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{D822D070-7E72-47FB-B853-3C23FDBD8238}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

 

--

End of file - 5046 bytes

[DigRam 144]

Boa Tarde! s.menezes

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

///°°°///

 

|- Baixe: | ZHPDiag | *ºº* < > ( ... de Nicolas Coolman )

 

|- Estando na página,clique em: < >

 

|- Salve-o no desktop!

 

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

 

 

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

 

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

 

 

|- Abra a ferramenta e clique no ícone do pergaminho. ( ZHPScript )

 

 

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

 

 

|- Clique em All.

 

|-

 

|- Clique em "Calendar" e escolha 30 dias!

 

 

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Ps: Salve-o em um local conveniente!

|- Anexe na sua resposta,ZHPDiag.txt.

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Recomendo compactá-lo e anexar em sua resposta!

 

|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < >

 

|- Ou acesse: < >

 

|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file

|- Poste o endereço que estará em "Download link" ou "Forum link".

 

|- Ou acesse: < > ( Tire-o do zip ao enviar! )

 

|- Maiores informações: < |Link| >

 

Abraços!

[s.menezes 0]

# AdwCleaner v1.605 - Logfile created 05/07/2012 at 15:00:53

# Updated 05/05/2012 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : Silvia - SILVIA-PC

# Running from : C:\Users\Silvia\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\Silvia\AppData\Local\Babylon

Folder Deleted : C:\Users\Silvia\AppData\Local\TempDir

Folder Deleted : C:\Users\Silvia\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Silvia\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Silvia\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\mmthdsgr.default\extensions\ffxtlbr@funmoods.com

Folder Deleted : C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\mmthdsgr.default\extensions\toolbar@ask.com

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Program Files\Ask.com

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

File Deleted : C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\mmthdsgr.default\searchplugins\funmoods.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKLM\SOFTWARE\APN

Key Deleted : HKLM\SOFTWARE\AskToolbar

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=pcmega1 --> hxxp://www.google.fr

 

-\\ Mozilla Firefox v12.0 (pt-BR)

 

Profile name : default

File : C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\mmthdsgr.default\prefs.js

 

C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\mmthdsgr.default\user.js ... Deleted !

 

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "somoto");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100789");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d0659898000000000000000000000000");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "d0659898000000000000000000000000");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15368");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb5");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:51:53");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.0,{972ce4c6-7e08-4474-a285-3208198ce[...]

Deleted : user_pref("extensions.funmoods.SimilarSitesStorage-pid2", "1f82a203c84e0b17");

Deleted : user_pref("extensions.funmoods.admin", false);

Deleted : user_pref("extensions.funmoods.aflt", "pcmega1");

Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");

Deleted : user_pref("extensions.funmoods.cntry", "BR");

Deleted : user_pref("extensions.funmoods.dfltLng", "EN");

Deleted : user_pref("extensions.funmoods.dfltSrch", true);

Deleted : user_pref("extensions.funmoods.dfltlng", "EN");

Deleted : user_pref("extensions.funmoods.dfltsrch", true);

Deleted : user_pref("extensions.funmoods.excTlbr", false);

Deleted : user_pref("extensions.funmoods.hdrMd5", "E8EF7E35F9D09D3C192487A007C1093F");

Deleted : user_pref("extensions.funmoods.hmpg", true);

Deleted : user_pref("extensions.funmoods.hrdid", "0");

Deleted : user_pref("extensions.funmoods.id", "d0659898000000000000000000000000");

Deleted : user_pref("extensions.funmoods.instlDay", "15446");

Deleted : user_pref("extensions.funmoods.instlRef", "");

Deleted : user_pref("extensions.funmoods.instlday", "15446");

Deleted : user_pref("extensions.funmoods.instlref", "");

Deleted : user_pref("extensions.funmoods.isDcmntCmplt", false);

Deleted : user_pref("extensions.funmoods.keywordurl", "");

Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.12.219:25:00");

Deleted : user_pref("extensions.funmoods.newTab", true);

Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=pcmega1");

Deleted : user_pref("extensions.funmoods.newtab", true);

Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=pcmega1");

Deleted : user_pref("extensions.funmoods.noFFXTlbr", false);

Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");

Deleted : user_pref("extensions.funmoods.sg", "none");

Deleted : user_pref("extensions.funmoods.smplGrp", "none");

Deleted : user_pref("extensions.funmoods.smplgrp", "none");

Deleted : user_pref("extensions.funmoods.srch", "");

Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");

Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");

Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=pcmega1&q=[...]

Deleted : user_pref("extensions.funmoods.tlbrid", "base");

Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/results.php?f=3&a=pcmega1&q=[...]

Deleted : user_pref("extensions.funmoods.vrsn", "1.5.12.2");

Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.12.219:25:00");

Deleted : user_pref("extensions.funmoods.vrsni", "1.5.12.2");

Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.12.219:25:00");

Deleted : user_pref("extensions.funmoods_i.aflt", "pcmega1");

Deleted : user_pref("extensions.funmoods_i.dfltLng", "");

Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);

Deleted : user_pref("extensions.funmoods_i.dnsErr", true);

Deleted : user_pref("extensions.funmoods_i.excTlbr", false);

Deleted : user_pref("extensions.funmoods_i.hmpg", true);

Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=pcmega1");

Deleted : user_pref("extensions.funmoods_i.id", "d0659898000000000000000000000000");

Deleted : user_pref("extensions.funmoods_i.instlDay", "15446");

Deleted : user_pref("extensions.funmoods_i.instlRef", "");

Deleted : user_pref("extensions.funmoods_i.newTab", true);

Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=pcmega1");

Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");

Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");

Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=pcmega1&[...]

Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.12.2");

Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.12.219:25:00");

Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.12.2");

 

-\\ Google Chrome v18.0.1025.168

 

File : C:\Users\Silvia\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted : "keyword": "funmoods",

Deleted : "search_url": "hxxp://start.funmoods.com/results.php?f=4&a=pcmega1&q={searchTerms}",

Deleted : "homepage": "hxxp://start.funmoods.com/?f=1&a=pcmega1",

 

*************************

 

AdwCleaner[s1].txt - [10856 octets] - [07/05/2012 15:00:53]

 

########## EOF - C:\AdwCleaner[s1].txt - [10985 octets] ##########

[DigRam 144]

Boa Tarde! s.menezes

 

|- Restou postar o link ao relatório do ZHPDiag.

 

Abraços!

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.