Espírita
Cyber Highlander
Registrado
9.6K Mensagens
2.1K Curtidas
faça o download do HostsXpert:
http://www.funkytoad.com/download/HostsXpert.zip
* Extraia o arquivo
* Execute-o
* Clique em Restore Ms Hosts
* Clique em Make Hosts Read-only.
Faça o download do Malwarebytes:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
Instale o aplicativo, atualiza-o e efetue uma verificação completa.
Quando terminar o scan., se algum "malware" foi detectado., clique em
(Exibir resultado), e depois clique em (remover selecionados).
Abrirá um Relatório automatico, Copia e cole aqui.
As infecções serão enviadas para quarentena., e alguns tipos poderão exigir a reinicialização do sistema.
luiz_fcn
Membro Senior
Registrado
425 Mensagens
3 Curtidas
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Versão da Base de Dados: 5947
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
16/6/2011 13:57:01
mbam-log-2011-06-16 (13-57-01).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Objetos escaneados: 196438
Tempo decorrido: 57 minuto(s), 54 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 1
Itens de Dados no Registro Infectados: 2
Pastas Infectadas: 0
Arquivos Infectados: 0
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
Itens de Dados no Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\WINDOWS\eksplorasi.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
(Não foram detectados ítens maliciosos)
Sonho meu...só falta a grana
Core 2 Duo E7200
GigaByte G31M-ES2C
2GB DDR2-800 Kingston
9600gt 512mb - DDR3
HD: 500GB 7200rpm 32mb buffers - SATA2
OCZ400SXS
Espírita
Cyber Highlander
Registrado
9.6K Mensagens
2.1K Curtidas
Execute o Malwarebytes->Aba quarentena....clique em apagar tudo.
* Novo Log do Hijackthis.
luiz_fcn
Membro Senior
Registrado
425 Mensagens
3 Curtidas
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:22:07, on 16/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\ARQUIV~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\sysx\sysxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=205173c800000000000000142a1b1204&tlver=1.4.19.19&affID=17159
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=205173c800000000000000142a1b1204&tlver=1.4.19.19&affID=17159
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luiz Felipe\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [sysxr] C:\sysx\sysxr.cpl
O4 - HKCU\..\Run: [sysxy] C:\sysx\sysxy.exe
O4 - HKCU\..\Run: [sysxp] C:\sysx\sysxp.cpl
O4 - HKCU\..\Run: [sysz] C:\sysx\sysz.cpl
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Arquivos%20de%20programas/Dream%20Day%20First%20Home/Images/stg_drm.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Arquivos%20de%20programas/Dream%20Day%20First%20Home/Images/armhelper.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Nokia - (no file)
--
End of file - 6974 bytes
Sonho meu...só falta a grana
Core 2 Duo E7200
GigaByte G31M-ES2C
2GB DDR2-800 Kingston
9600gt 512mb - DDR3
HD: 500GB 7200rpm 32mb buffers - SATA2
OCZ400SXS
Espírita
Cyber Highlander
Registrado
9.6K Mensagens
2.1K Curtidas
hijackthis-> do a system scan only. Selecione os itens:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP...19&affID=17159
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=205173c800000 000000000142a1b1204&tlver=1.4.19.19&affID=17159
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKCU\..\Run: [sysxy] C:\sysx\sysxy.exe
O4 - HKCU\..\Run: [sysxp] C:\sysx\sysxp.cpl
O4 - HKCU\..\Run: [sysz] C:\sysx\sysz.cpl
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Arquivos%20de%20programas/Dream%20Day%20First%20Home/Images/stg_drm.o cx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Arquivos%20de%20programas/Dream%20Day%20First%20Home/Images/armhelper .ocx
clique fix checked.
* acesse o site descrito abaixo e efetue uma verificação online:
http://www.eset.com/us/online-scanner
** http://www.caixadedicas.com/2008/09/tutorial-do-antivirus-nod32-online.html **
luiz_fcn
Membro Senior
Registrado
425 Mensagens
3 Curtidas
pronto!
segue a copia do log gerado:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=5439c076e8a70b4c897da0e658c7a036
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-16 07:19:34
# local_time=2011-06-16 04:19:34 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777191 100 0 33995472 33995472 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=46800
# found=8
# cleaned=8
# scan_time=4106
C:\Arquivos de programas\Java\jre6\bin\tmp_F458GB4C.phx probably a variant of Win32/Inject.BUPTKVP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive-484.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Luiz Felipe\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\w2h99tmv.default\Cache\2AA9BA22d01 a variant of Win32/TrojanDownloader.Banload.QBR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Luiz Felipe\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\w2h99tmv.default\Cache(2)\7EE2AFB3d01 a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Luiz Felipe\Desktop\ENILSON (F)\autorun.inf Win32/AutoRun.Agent.YO.Gen worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Luiz Felipe\Desktop\ENILSON (F)\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx a variant of Win32/Conficker.X worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\sysx\sysxp.cpl probably a variant of Win32/Spy.Banker.VWF trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
D:\Bruno\Aplicativos\fsSetup129.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
Sonho meu...só falta a grana
Core 2 Duo E7200
GigaByte G31M-ES2C
2GB DDR2-800 Kingston
9600gt 512mb - DDR3
HD: 500GB 7200rpm 32mb buffers - SATA2
OCZ400SXS
Espírita
Cyber Highlander
Registrado
9.6K Mensagens
2.1K Curtidas
