Olá pessoal, há duas semanas comprei um mini notebook da Acer, desinstalei o antivirus que veio nele e instalei o Avira; quando atualizei e fiz o primeiro escaneamento ele começou a acusar um Trojan em WINDOWS\Wplugin.dll.
Recentemente instalei o msn plus junto com um plugin que mostra na mensagem pessoal quem tá on line, com quem to conversando... é esse o problema?
Quando mando pra quarentena ou excluo, não abre nem o Windows live messenger, nem o google chrome e se ignoro, obviamente toda vez que ligo aparece a notificação do Avira...
Ai os log's do hijackthis e do Malwarebites' anti-malware
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:20:19, on 23/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Paty\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalwars.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Program Files\Puxa Rápido\IEBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O18 - Filter: x-sdch - (no CLSID) - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partner Service - Google Inc. - C:\Documents and Settings\All Users\Application Data\Partner\partner.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
--
End of file - 7212 bytes
Malwarebytes' Anti-Malware 1.36
Versão do banco de dados: 2161
Windows 5.1.2600 Service Pack 3
21/5/2009 04:34:31
mbam-log-2009-05-21 (04-34-31).txt
Tipo de Verificação: Completa (C:\|)
Objetos verificados: 129492
Tempo decorrido: 38 minute(s), 35 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 2
Chaves do Registro infectadas: 5
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 8
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
C:\Documents and Settings\Paty\Application Data\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
C:\Documents and Settings\All Users\Application Data\Partner\partner.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\Paty\Application Data\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP24\A0006788.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP25\A0006811.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP26\A0006966.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP28\A0007036.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\SERVICES.REG (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Agradeço a ajuda
- Home
- >
- Fórum
- >
- Windows, Softwa...
- >
- Segurança: deba...
- >
- Avira acusando virus dire...
Seu caso novamente:
https://www.hardware.com.br/comunidade/v-t/924977/
Olá oswaldobass
O Avira continua acusando?
O Malwarebytes identificou como Trojan...e aredito que o arquivo esteja realmente infectado...
Desinstale o mensager e instala novamente...
T+
Visite nosso FAQ
Testes & Comparações: Firewalls
Wings disse: Seu caso novamente:
https://www.hardware.com.br/comunidade/v-t/924977/
Nem lembrava que já tinha acontecido... to ficando velho kkkk
Olha só wings, esse pc veio com o mcafee instalado, tirei ele porque tinha acabado o período trial, agora ele não deixa instalar a não ser que compre...
Tem algum outro que faça o mesmo?
Obrigado
Diogo R. disse: Olá oswaldobass
O Avira continua acusando?
O Malwarebytes identificou como Trojan...e aredito que o arquivo esteja realmente infectado...
Desinstale o mensager e instala novamente...
T+
Continua sim Diogo, já reinstalei, usei uns programas pra limpar o registro e mesmo assim continuou, agora desinstalei o avira, to sem antivirus pra tentar resolver, depois coloco ele de novo
Mais alguma dica?
Obrigado pela ajuda
Tente remover as entradas no registro referentes ao McAfee.
Vá clicando em pesquisar .
Depois tente reinstalar o McAfee.
Continua sim Diogo
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Aguardo seu poste...
T+
Visite nosso FAQ
Testes & Comparações: Firewalls
Wings disse: Tente remover as entradas no registro referentes ao McAfee.
Vá clicando em pesquisar .
Depois tente reinstalar o McAfee.
Eu fiz isso, mas quando vou instalar aparece uma tela pra eu colocar um e-mail e senha, mesmo fazendo o cadastro no site ele não deixa insta;ar a não ser que compre... eu já exclui todas entradas no registro referentes ao mcafee.
Diogo R. disse: --------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
Primeiro exclui, quando vi que tinha dando problema, reinstalei e fiquei mandando pra quarentena, mas mesmo lá o aviso do avira continuava...
O erro é aqui ou o link está mesmo fora do ar?
Vou continuar tentando e posto quando conseguir baixar
Obrigado
Olá oswaldobass
O erro é aqui ou o link está mesmo fora do ar?
Vou continuar tentando e posto quando conseguir baixar
Obrigado
Infelizmente é aí...
Tente então:
Tente fazer o procedimento do Dr. Web CureIn
Aguardo seu poste...
T+
Visite nosso FAQ
Testes & Comparações: Firewalls
Consegui baixar, mas só uma versão não atualizada (23/03); a atualizada ainda continua como se estivesse fora do ar aqui... ai o log
mirc.exe C:\Protectorx Program.mIRC.60 Eliminado.
A0000323.exe C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP4 Program.mIRC.60 Eliminado.
A0002386.exe C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP5 Program.mIRC.60 Eliminado.
A0003399.exe C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP7 Program.mIRC.60 Eliminado.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:00, on 26/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Paty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\Paty\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalwars.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Program Files\Puxa Rápido\IEBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O18 - Filter: x-sdch - (no CLSID) - (no file)
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partner Service - Google Inc. - C:\Documents and Settings\All Users\Application Data\Partner\partner.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
--
End of file - 6876 bytes
Ok...
Pergunta...
Você já enviou o arquivo identificado como malware para o VirusTotal?
Se não, faça isso e cole o link do resultado aqui...
T+
Visite nosso FAQ
Testes & Comparações: Firewalls
resolvido rs
Aí está:
São 2 arquivos iguais em locais diferentes... o resultado foi igual pra os 2.
C:\Documents and Settings\Paty\Application Data\Wplugin.dll
C:\WINDOWS\Wplugin.dll
http://www.virustotal.com/pt/analisis/9c2726defa122089f8251fa104f76d66830f448774ab9bd634adbb6e492e3943-1241982888
Vamos lá...
*Baixe o MalwareBytes Anti-malware e salve-o no desktop:
*Instale o programa
*Ao finalizar, se alguma atualização existir o download será automático. Aguarde...
*Terminada a atualização o programa será aberto automaticamente. Feche-o.
*Reinicie o PC em Modo de Segurança (aperte F8 de forma intermitente durante a inicialização do PC e selecione "Modo Seguro)
*Execute o programa através do ícone criado no desktop e na aba [Verificação], selecione a opção [Verificação completa]
*Clique em [Verificar] e selecione as unidades a serem examinadas
*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [SIM] e finalmente clique em [OK]. Um relatório (mbam-log-ano-mês-data.txt) será apresentado.
*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. Caso não seja solicitado, reinicie o PC manualmente.
*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt
*Clique em [Abrir], copie, cole-o na sua próxima resposta
o avira é competente cara, mas com alguns arquivos ele é altamente chato, veja vc ele acusou o reboot ( arquivo que faz parte do cd da minha placa mae) peguei o mesm, mandei pra todos scaners on line, e nda, nao acusou nada, tirei o avira e instalei outro.
Wings disse: oswaldobass
*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt
*Clique em [Abrir], copie, cole-o na sua próxima resposta
Malwarebytes' Anti-Malware 1.37
Versão do banco de dados: 2182
Windows 5.1.2600 Service Pack 3
27/5/2009 11:47:27
mbam-log-2009-05-27 (11-47-27).txt
Tipo de Verificação: Completa (C:\|)
Objetos verificados: 120598
Tempo decorrido: 15 minute(s), 53 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 1
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 18
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP4\A0000312.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP5\A0001846.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP5\A0002244.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP5\A0002266.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP5\A0002305.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP5\A0002318.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP5\A0002334.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP5\A0002346.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP5\A0002359.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP5\A0002378.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP7\A0003380.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP7\A0003395.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP7\A0004405.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP7\A0004412.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP7\A0004427.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP7\A0004440.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d943bacc-c405-4ad7-b9af-994e097d0c0f}\RP7\A0004461.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.