Problema resolvido. Os logs:
Ad Report:
.
======= LOGFILE OF AD-REMOVER 1.1.4.6_F | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 14.12.2009 at 21:50
Contact:
AdRemover.contact@gmail.com
Website:
http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 8:13:22, qua 16/12/2009 | Normal Boot | Option: SCAN
Executed from: C:\Arquivos de programas\Ad-Remover\
Operating system: Microsoft® Windows XP™ Service Pack 2 versÆo 5.1.2600
Computer Name: PC-02 | Current user: Foto Avenida
.
============== FOUND ELEMENT(S) ==============
.
C:\Arquivos de programas\Mozilla FireFox\Components\AskSearch.js
C:\Arquivos de programas\AskSearch
.
HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
HKLM\software\AskBarDis
.
============== Added scan ==============
.
.
* Mozilla FireFox Version 3.5.5 [pt-BR] *
.
ProfilePath: oiwx1iqh.default (Foto Avenida)
.
(FOTOAV~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Foto Avenida\Desktop
(FOTOAV~1, prefs.js) Browser.search.defaultenginename, MyStart Search
(FOTOAV~1, prefs.js) Browser.search.selectedEngine, MyStart Search
(FOTOAV~1, prefs.js) Browser.startup.homepage, hxxp://www.google.com
.
(FOTOAV~1, prefs.js) FOUND - Extensions.snipit.chromeURL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q={searchTerms}&crm= 1
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://mystart.incredimail.com/
Search Page: &hxxp://home.microsoft.com/intl/br/access/allinone.asp
Use Search Asst: no
Enable Browser Extensions: yes
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Desktop\Pc2\Programas\P.C-S.p.y-K.e.y.l.0.g.g.e.r.v2.48_\PC.Spy.Keylogger.v2.48.Wi nALL.Incl.Patcher-ELYSiUM\Destructor.nfo
C:\Documents and Settings\Desktop\Pc2\Programas\P.C-S.p.y-K.e.y.l.0.g.g.e.r.v2.48_\PC.Spy.Keylogger.v2.48.Wi nALL.Incl.Patcher-ELYSiUM\pc.spy.keylogger.v2.48.patcher-Elysiyum.exe
.
===================================
.
517 Byte(s) - C:\Ad-Report-SCAN[1].log
2781 Byte(s) - C:\Ad-Report-SCAN[2].log
.
539 File(s) - C:\DOCUME~1\FOTOAV~1\CONFIG~1\Temp
14 File(s) - C:\WINDOWS\Temp
129 File(s) - C:\WINDOWS\Prefetch
.
3 File(s) - C:\Arquivos de programas\Ad-Remover\BACKUP
0 File(s) - C:\Arquivos de programas\Ad-Remover\QUARANTINE
.
End at: 8:22:08 | qua 16/12/2009 - SCAN[2]
.
============== E.O.F ==============
.
Malwarebytes:
Malwarebytes' Anti-Malware 1.42
Versão do banco de dados: 3372
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
16/12/2009 09:06:00
mbam-log-2009-12-16 (09-06-00).txt
Tipo de Verificação: Completa (C:\|X:\|)
Objetos verificados: 215179
Tempo decorrido: 40 minute(s), 9 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 1
Ítens do Registro infectados: 3
Pastas infectadas: 0
Arquivos infectados: 14
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)
Valores do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
Ítens do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
C:\Arquivos de programas\WinLogon\svchost.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\ROOT\Drive.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\ROOT\svchost.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP332\A0099832.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP332\A0099833.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP332\A0099844.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP332\A0099845.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP333\A0099847.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP333\A0099848.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP333\A0099932.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP334\A0100153.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP334\A0100154.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
X:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP250\A0054879.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
hijackthis:
Malwarebytes' Anti-Malware 1.42
Versão do banco de dados: 3372
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
16/12/2009 09:06:00
mbam-log-2009-12-16 (09-06-00).txt
Tipo de Verificação: Completa (C:\|X:\|)
Objetos verificados: 215179
Tempo decorrido: 40 minute(s), 9 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 1
Ítens do Registro infectados: 3
Pastas infectadas: 0
Arquivos infectados: 14
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)
Valores do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
Ítens do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
C:\Arquivos de programas\WinLogon\svchost.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\ROOT\Drive.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\ROOT\svchost.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP332\A0099832.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP332\A0099833.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP332\A0099844.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP332\A0099845.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP333\A0099847.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP333\A0099848.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP333\A0099932.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP334\A0100153.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP334\A0100154.exe (Trojan.VkHost) -> Quarantined and deleted successfully.
X:\System Volume Information\_restore{3AE7D514-A6EC-4E19-89DD-CAEBD94A38AC}\RP250\A0054879.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Agradeço a ajuda de todos, salvaram minha vida e meu tempo aqui kkkk
Djoni, valeu pelos programas, e wolf, seguirei sua recomendação e trocarei o antivirus.
Problema: c:\ROOT\System.exe (Resolvido)
. Nós temos 673.879 usuários, convidamos você fazer parte de nossa comunidade também! Se ainda não encontrou o que procura use nossa pesquisa. Esperamos que aprecie nosso trabalho.
Problema: c:\ROOT\System.exe (Resolvido)
