Logo Hardware.com.br
anavalvano
anavalvano Novo Membro Registrado
1 Mensagem 0 Curtidas

problemas com hiddenext/crypta

#1 Por anavalvano 20/11/2010 - 17:23
ola,

não consigo remover o virus hiddenext/crypta

me ajudem...por favor

meu log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:24:37, on 20/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Fomine Net Send GUI\NetSendGUI.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin
C:\DOCUME~1\PICTUR~1\CONFIG~1\Temp\mtfsyx32.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\PICTUR~1\CONFIG~1\Temp\Vrm.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\DOCUME~1\PICTUR~1\CONFIG~1\Temp\Vrl.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\Vsoqoa.exe
C:\HijackThis\HiJackThis.exe
C:\Documents and Settings\Picturemaker1\ddaqaej7.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://notifier.avira.com/stats.php?id_not=11&url=https%3A%2F%2Favira.cleverbridge.com%2F30%2Fcookie%3Fx%2Dorigin%3Dnotifier%26x%2Dnotifier%3DCOMSPY_EN%26expiry%3D28%26redirectto%3Dhttps%253a%252f%252favira.cleverbridge.com%252f30%252f%253fscope%253dcheckout%2526cart%253ds360%2526x%2Dorigin%253dnotifier%2526x%2Dnotifier%253dCOMSPY_EN%2526enablecoupon%253dfalse
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Microsoft UneXpected] C:\DOCUME~1\PICTUR~1\CONFIG~1\Temp\mtfsyx32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft UneXpected] C:\DOCUME~1\PICTUR~1\CONFIG~1\Temp\mtfsyx32.exe
O4 - HKCU\..\Run: [HJRUDZ5DT2] C:\DOCUME~1\PICTUR~1\CONFIG~1\Temp\Vrl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O4 - Global Startup: Net Send GUI.lnk = C:\Arquivos de programas\Fomine Net Send GUI\NetSendGUI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{50CB8F32-7A0E-40BF-A1E9-0C35B31D1122}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{50CB8F32-7A0E-40BF-A1E9-0C35B31D1122}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{50CB8F32-7A0E-40BF-A1E9-0C35B31D1122}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
--
End of file - 4704 bytes
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#3 Por Espírita
20/11/2010 - 18:22
* acesse www.virustotal.com

* Envie os seguinte arquivos para análise:

C:\DOCUME~1\PICTUR~1\CONFIG~1\Temp\mtfsyx32.exe

C:\Documents and Settings\Picturemaker1\ddaqaej7.exe

C:\DOCUME~1\PICTUR~1\CONFIG~1\Temp\Vrm.exe

C:\DOCUME~1\PICTUR~1\CONFIG~1\Temp\Vrl.exe

C:\WINDOWS\Vsoqoa.exe

* Copie e cole em sua resposta os links contendo o resultado de cada verificação.
© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal