Ir para conteúdo

Foto

Janelas do navegador não param de abrir


  • Por favor, faça o login para responder
3 respostas neste tópico

#1
T22SBC

T22SBC

    Novato

  • Novato
  • Pip
  • 6 posts
O Problema e o seguinte: Acabo de ligar o PC e ja abrem janelas do Navegador padrão sem parar (alternei entre IE 7(que e o que veio com WINDOWS VISTA)o IE 8 beta, que estou usando como padrão no momento e o Google Chrome que uso de vez em quando, pensando que fosse problema do navegador, mas já acredito que não é)

-Detalhe 1: Além de não precisar fazer nada pra acontecer isso (acontece de uma hora pra outra e não sei por que)Se eu pressionar: Ctrl, Del, a tecla de aspas(a que fica embaixo da tecla Esc), o tracinho que tem depois da tecla 0 também abre uma janela do navegador

-Detalhe 2: Eu uso o antivírus Avira - versão gratuita, mas já alternei com o Avast 4.8, esse indicou processo oculto na memória e indicou scan no boot na próxima vez que reiniciasse, porém nesse scan no boot, não detectou nada. Uso o Malwarebyte em modo de segurança e o mesmo não encontra nada, Quando eu uso o HijackThis, coloco o log dele pra análise no site Hijackthis.de, e me mostra todas as entradas do meu registro limpas.

Eu fiz um log pelo Combo Fix no modo de segurança, se alguém souber algo de como eu devo proceder daqui em diante ficaria agradecido ^_^

ComboFix 09-01-08.01 - Tassio 2009-01-12 1:36:07.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Starter 6.0.6001.1.1252.1.1046.18.2047.1674 [GMT -2:00]
Executando de: c:\users\Tassio\Downloads\ComboFix.exe
.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-12 to 2009-01-12 ))))))))))))))))))))))))))))
.

Nenhum ficheiro/arquivo criado durante este período

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 14:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 14:24 0 ----a-w C:\ntuser.dat
2009-01-11 14:21 --------- d-----w c:\users\Tassio\AppData\Roaming\Comodo
2009-01-11 14:11 --------- d-----w c:\program files\Anti-Spam Filter
2009-01-10 18:06 --------- d-----w c:\program files\Avira
2009-01-10 18:06 --------- d-----w c:\progra~2\Avira
2009-01-10 14:08 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-10 14:08 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-08 15:43 --------- d-----w c:\program files\Marcos Velasco Security
2009-01-08 15:36 --------- d-----w c:\users\Tassio\AppData\Roaming\GlarySoft
2009-01-08 15:32 --------- d-----w c:\program files\Glary Utilities
2009-01-08 14:11 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-01-07 13:11 --------- d-----w c:\program files\GameVicio
2009-01-07 13:00 --------- d-----w c:\program files\Electronic Arts
2009-01-05 23:32 --------- d-----w c:\users\Tassio\AppData\Roaming\DMCache
2009-01-05 16:42 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-04 20:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 20:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-04 04:24 --------- d-----w c:\users\Tassio\AppData\Roaming\Snapfish
2009-01-04 03:47 --------- d-----w c:\users\Tassio\AppData\Roaming\Any Video Converter
2009-01-03 02:31 --------- d-----w c:\program files\USB Vibration Joystick
2008-12-31 16:14 --------- d-----w c:\program files\Alwil Software
2008-12-29 18:25 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-29 16:42 --------- d-----w c:\users\Tassio\AppData\Roaming\Apple Computer
2008-12-29 16:42 --------- d-----w c:\program files\iTunes
2008-12-29 16:42 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-29 16:41 --------- d-----w c:\program files\iPod
2008-12-29 16:41 --------- d-----w c:\program files\Common Files\Apple
2008-12-29 16:41 --------- d-----w c:\program files\Bonjour
2008-12-29 16:41 --------- d-----w c:\progra~2\Apple Computer
2008-12-29 16:40 --------- d-----w c:\program files\QuickTime
2008-12-29 16:38 --------- d-----w c:\program files\Apple Software Update
2008-12-29 16:38 --------- d-----w c:\progra~2\Apple
2008-12-29 15:33 174 --sha-w c:\program files\desktop.ini
2008-12-29 15:20 --------- d-----w c:\program files\Windows Sidebar
2008-12-29 15:20 --------- d-----w c:\program files\Windows Mail
2008-12-29 15:20 --------- d-----w c:\program files\Windows Calendar
2008-12-29 15:19 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-29 15:19 --------- d-----w c:\program files\Windows Defender
2008-12-29 14:52 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-29 14:52 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-28 19:33 --------- d-----w c:\program files\McAfee
2008-12-28 02:37 --------- d-----w c:\progra~2\NVIDIA
2008-12-27 17:09 --------- d-----w c:\program files\Google
2008-12-27 17:05 --------- d-----w c:\progra~2\Microsoft Help
2008-12-27 13:00 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-12-27 12:55 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-12-27 12:55 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-27 12:55 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-12-27 12:55 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-27 12:55 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-12-27 12:55 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-12-27 12:55 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-12-27 12:55 2,048 ----a-w c:\windows\System32\tzres.dll
2008-12-27 12:55 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-12-27 12:55 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-12-27 12:52 2,927,104 ----a-w c:\windows\explorer.exe
2008-12-27 12:49 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-12-27 12:48 988,216 ----a-w c:\windows\System32\winload.exe
2008-12-27 12:48 927,288 ----a-w c:\windows\System32\winresume.exe
2008-12-27 12:48 615,992 ----a-w c:\windows\System32\se.dll
2008-12-27 12:48 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-12-27 12:48 40,960 ----a-w c:\windows\System32\srclient.dll
2008-12-27 12:48 378,368 ----a-w c:\windows\System32\srcore.dll
2008-12-27 12:48 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-12-27 12:48 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-12-27 12:48 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-12-27 12:46 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2008-12-27 12:46 98,816 ----a-w c:\windows\System32\mfps.dll
2008-12-27 12:46 94,720 ----a-w c:\windows\System32\logagent.exe
2008-12-27 12:46 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2008-12-27 12:46 24,576 ----a-w c:\windows\System32\mfpmp.exe
2008-12-27 12:46 2,868,736 ----a-w c:\windows\System32\mf.dll
2008-12-27 12:46 2,048 ----a-w c:\windows\System32\mferror.dll
2008-12-24 03:54 --------- d-----w c:\progra~2\Kodak
2008-12-24 03:09 --------- d-----w c:\program files\Kodak
2008-12-19 18:36 --------- d-----w c:\program files\Assistente Tecnico Speedy
2008-12-19 18:20 --------- d-----w c:\program files\Telefonica
2008-12-19 15:14 155,995 ----a-w c:\windows\Java\Packages\YOR13RBF.ZIP
2008-12-15 02:08 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-14 05:00 2,048 ----a-w c:\windows\System32\msxml6r.dll
2008-12-14 05:00 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2008-12-12 14:24 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-12-12 14:24 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-07 05:00 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2008-12-07 05:00 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2008-12-07 05:00 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2008-12-03 05:00 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-11-30 05:59 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-30 05:59 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-11-30 05:59 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-11-21 02:51 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-11-21 02:51 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-11-21 02:51 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-11-21 02:51 43,544 ----a-w c:\windows\System32\wups2.dll
2008-11-21 02:51 34,328 ----a-w c:\windows\System32\wups.dll
2008-11-21 02:51 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-11-21 02:51 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-11-21 02:50 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-11-21 02:50 162,064 ----a-w c:\windows\System32\wuwebv.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-25 212992]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" [2007-05-11 1183744]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"LXCYCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-666947313-3984222628-2617784464-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BCAF45CF-E80B-4846-8543-D92E08922F5B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BFDDF73D-A92C-4ED5-BF6F-53ABF35F1982}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2B246E23-A93E-4993-AF62-50161CF40B8E}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EBB5A3B7-8B17-460E-987C-4DC1561F8B44}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7C6ECB3D-8B15-4537-AA7B-F1946370CF3C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2A88F719-D8C1-44AF-B22B-E41692825453}"= UDP:c:\users\Tassio\Saved Games\Jogos para PC\Sega Rally - Revo\SEGA Rally.exe:SEGA Rally
"{D8866C0C-3DCF-4A95-8E3F-B08EB329BD67}"= TCP:c:\users\Tassio\Saved Games\Jogos para PC\Sega Rally - Revo\SEGA Rally.exe:SEGA Rally
"{D23B9805-1C9B-4145-B3A7-E12CBDB9475A}"= UDP:c:\users\Tassio\Saved Games\Jogos para PC\Sega Rally - Revo\SEGA Rally_SSE1.exe:SEGA Rally
"{BA222607-7591-4193-BFF5-06AB0E2758D2}"= TCP:c:\users\Tassio\Saved Games\Jogos para PC\Sega Rally - Revo\SEGA Rally_SSE1.exe:SEGA Rally
"TCP Query User{2C5A2701-5565-4169-A57F-4277DDCC2FC5}c:\\users\\tassio\\saved games\\jogos para pc\\out run 2006 - coast 2 coast\\or2006c2c.exe"= UDP:c:\users\tassio\saved games\jogos para pc\out run 2006 - coast 2 coast\or2006c2c.exe:or2006c2c.exe
"UDP Query User{272762F1-4526-4079-A08A-8F61CC0827C5}c:\\users\\tassio\\saved games\\jogos para pc\\out run 2006 - coast 2 coast\\or2006c2c.exe"= TCP:c:\users\tassio\saved games\jogos para pc\out run 2006 - coast 2 coast\or2006c2c.exe:or2006c2c.exe
"{FDB2F52F-B774-4763-A3EE-EBE66206A160}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CF5A3F1D-15FE-49E3-BF11-2045FD5A266C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E54EAF02-8D0A-4B0E-82F6-DC8F411E685F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{67BCD4EC-3897-4DBF-A1F9-80C5CFE4B34E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [2008-10-15 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [2008-10-15 52224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [2008-09-22 43520]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S4 0137371231681840mcinstcleanup;McAfee Application Installer Cleanup (0137371231681840);c:\users\Tassio\AppData\Local\Temp\013737~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\Tassio\AppData\Local\Temp\013737~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 0303161230492828mcinstcleanup;McAfee Application Installer Cleanup (0303161230492828); [x]
S4 BT848;CxVCap, WDM Video Capture;c:\windows\System32\drivers\cxvcap.sys [2008-10-15 56704]
S4 CXTUNER;CxTuner, WDM TvTuner;c:\windows\System32\drivers\cxtuner.sys [2008-10-15 26752]
S4 CXXBAR;CxBar, WDM Crossbar;c:\windows\System32\drivers\cxxbar.sys [2008-10-15 9728]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA depois BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8741ec85-c856-11dd-a374-001d7d89c31a}]
\shell\AutoRun\command - J:\RunGame.exe
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Scan Suplementar -------
.
uStart Page = about:blank
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 01:41:34
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1????????????????????????????????????????????????????????
LXCYCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2009-01-12 1:43:58
ComboFix-quarantined-files.txt 2009-01-12 03:43:44
ComboFix2.txt 2009-01-08 18:49:01
ComboFix3.txt 2009-01-05 22:57:42
ComboFix4.txt 2008-12-12 02:40:43

Pré-execução: O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application.
Pós execução: 47,244,144,640 bytes disponíveis

216 --- E O F --- 2009-01-08 18:08:02

#2
T22SBC

T22SBC

    Novato

  • Novato
  • Pip
  • 6 posts
ah! desculpa!

Acabei de me cadastrar, e dei uma olhada em alguns tópicos pra ver se eu encontrava alguém com o mesmo problema que o meu, mas a princípio não encontrei, por isso fiz este, s já tiver algum tópico com problema idêntico é só me dizer e apagar este ok?

#3
Anthmann

Anthmann

    Banido

  • Banido
  • PipPipPipPip
  • 2.566 posts
  • Local:PORTUGAL
Olá, T22SBC. As boas vindas ao fórum do LD! :)

Suponho que o problema é malware. Antes do mais, evite usar o combofix, é perigoso usá-lo sem supervisão. Baixe o hijackthis (baixaki) e poste o log nesta secção do fórum: http://www.linhadefe...hp?showforum=11 . Por favor não poste logs neste tópico.

Boa sorte, e boa continuação! :legal:
Remoção Gratuita de Malware do LD: 1º PASSO - INSTRUÇÕES <-- link || 2º PASSO - SECÇÃO DE REMOÇÃO GRATUITA DE MALWARE <-- link
Por favor clique em REPORTAR para a Moderação fechar o seu tópico, quando o achar resolvido.
http://deriel.com/ (Otimizado para IE, nos outros fica uma... miséria...)
Spam e etc: http://www.deriel.com/emails/ips.txt
Imagem Postada
Link --> http://periciaeseguranca.blogspot.com/
http://www.animalwheeling.com/
http://www.jpbar.blogspot.com/

#4
T22SBC

T22SBC

    Novato

  • Novato
  • Pip
  • 6 posts
Ah ok!

Vou postar um log do Hijackthis lá. Obrigado! ^_^




0 usuário(s) está(ão) lendo este tópico

0 membros, 0 visitantes, 0 membros anônimos