Logo Hardware.com.br
matheusgunner
matheusgunne... Membro Senior Registrado
335 Mensagens 3 Curtidas

Vírus trojan!

#1 Por matheusgunne... 04/04/2010 - 21:58
olá meu Avira está em alerta o tempo todo indicando que há algum trojan.

segue um log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:15, on 4/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
C:\WINDOWS\Java.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cmpe.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Arquivos de programas\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\W2.exe
C:\WINDOWS\W2.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matheus\Meus documentos\Programas\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Manager 1] C:\WINDOWS\Java.exe
O4 - HKLM\..\Run: [Microsoft Manager 2] C:\WINDOWS\W2.exe
O4 - HKLM\..\Run: [Microsoft Manager 3] C:\WINDOWS\W3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matheus\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Matheus\Dados de aplicativos\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 8786 bytes
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#2 Por brando lee
04/04/2010 - 22:08
1) Desative temporariamente a proteção resitente do seu antivírus, no lado do Relógio.

2) Baixe o programa ComboFix e salve-o no desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

3) Feche o Internet Explorer e os Programas que tiverem abertos por exemplo ((Windows Live Mensseger MSN))

4) Duplo-clique no arquivo ((Combofix.exe)) e aguarde o início

5) Abrirá algumas janelas pequenas clique sempre em ((sim))

6) Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado, pois seu desktop ficará em branco!!...

7) Ao final do procedimento, o programa será fechado automaticamente e será mostrado um relatório

8) Copia e Cole o relatório aqui no seu Tópico, criado em C:\combofix.txt
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


matheusgunner
matheusgunne... Membro Senior Registrado
335 Mensagens 3 Curtidas
#3 Por matheusgunne...
07/04/2010 - 21:37
ta ai




ComboFix 10-04-06.05 - Matheus 07/04/2010 21:23:23.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.958.618 [GMT -3:00]
Executando de: c:\documents and settings\Matheus\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matheus\Dados de aplicativos\Desktopicon
c:\documents and settings\Matheus\Dados de aplicativos\Desktopicon\config.ini
c:\documents and settings\Matheus\Dados de aplicativos\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Matheus\Dados de aplicativos\Desktopicon\mc.ico
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\wpcap.dll
c:\windows\W3.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_SSHNAS
-------\Service_NPF
-------\Service_SSHNAS


(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-08 to 2010-04-08 ))))))))))))))))))))))))))))
.

2010-04-06 19:54 . 2010-04-06 19:54 -------- d-----w- c:\arquivos de programas\CursoMontagem
2010-04-05 01:14 . 2010-04-05 01:14 -------- d-----w- c:\arquivos de programas\Activision
2010-04-03 22:27 . 2010-04-03 22:27 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2010-04-03 02:14 . 2003-04-18 23:29 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-04-03 02:14 . 2003-04-18 23:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-03-31 11:11 . 2010-03-31 11:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-03-30 23:26 . 2010-03-30 23:26 159744 ----a-w- c:\windows\Java.exe
2010-03-28 15:30 . 2010-03-28 15:41 -------- d-----w- c:\documents and settings\Matheus\Dados de aplicativos\GetRightToGo
2010-03-23 06:34 . 2010-03-24 21:30 -------- d-----w- c:\documents and settings\Matheus\Dados de aplicativos\Winamp
2010-03-22 18:28 . 2010-03-22 18:28 30080 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-22 18:27 . 2010-03-22 18:27 -------- d-----w- c:\arquivos de programas\Safari
2010-03-22 18:26 . 2010-03-22 18:26 -------- d-----w- c:\arquivos de programas\Bonjour
2010-03-22 16:59 . 2010-03-22 17:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-12 14:12 . 2010-03-12 14:12 -------- d-----w- c:\documents and settings\Matheus\Dados de aplicativos\AnvSoft
2010-03-10 16:12 . 2010-03-10 16:12 -------- d-----w- c:\documents and settings\Matheus\fontconfig
2010-03-10 16:11 . 2010-03-11 00:12 -------- d-----w- c:\documents and settings\Matheus\.smplayer
2010-03-10 10:16 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 00:30 . 2010-02-25 12:37 -------- d-----w- c:\documents and settings\Matheus\Dados de aplicativos\Dropbox
2010-04-08 00:29 . 2010-02-18 15:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai
2010-04-08 00:29 . 2009-07-16 14:12 -------- d-----w- c:\documents and settings\Matheus\Dados de aplicativos\WTablet
2010-04-07 22:37 . 2009-02-25 16:37 -------- d-----w- c:\documents and settings\Matheus\Dados de aplicativos\uTorrent
2010-04-06 20:16 . 2009-02-28 09:28 -------- d-----w- c:\arquivos de programas\eMule
2010-04-06 20:15 . 2010-02-13 21:02 -------- d-----w- c:\arquivos de programas\Winamp
2010-03-31 11:39 . 2009-02-25 16:17 -------- d-----w- c:\arquivos de programas\PluginLetras
2010-03-31 11:11 . 2010-03-31 11:11 503808 ----a-w- c:\documents and settings\Matheus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47532bfd-n\msvcp71.dll
2010-03-31 11:11 . 2010-03-31 11:11 499712 ----a-w- c:\documents and settings\Matheus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47532bfd-n\jmc.dll
2010-03-31 11:11 . 2010-03-31 11:11 348160 ----a-w- c:\documents and settings\Matheus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47532bfd-n\msvcr71.dll
2010-03-31 11:10 . 2010-03-31 11:10 61440 ----a-w- c:\documents and settings\Matheus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1eec7343-n\decora-sse.dll
2010-03-31 11:10 . 2010-03-31 11:10 12800 ----a-w- c:\documents and settings\Matheus\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1eec7343-n\decora-d3d.dll
2010-03-31 11:10 . 2009-02-28 10:03 -------- d-----w- c:\arquivos de programas\Java
2010-03-22 18:27 . 2009-06-12 11:40 -------- d-----w- c:\documents and settings\Matheus\Dados de aplicativos\Apple Computer
2010-03-22 18:19 . 2010-02-07 14:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple
2010-03-22 17:50 . 2010-02-11 14:07 -------- d-----w- c:\arquivos de programas\Last.fm
2010-03-22 16:59 . 2009-06-12 11:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer
2010-03-11 20:01 . 2009-06-18 12:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2010-03-11 18:22 . 2010-03-02 09:10 69632 ----a-w- c:\windows\system32\MSJCE.dll
2010-03-10 17:38 . 2010-02-07 16:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-03-09 07:28 . 2009-02-28 10:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 18:00 . 2010-02-07 00:34 -------- d-----w- c:\documents and settings\Matheus\Dados de aplicativos\Lightcomm
2010-03-04 07:00 . 2010-03-04 07:00 79144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-03 20:25 . 2009-02-25 16:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-03-03 19:33 . 2010-03-03 19:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ALM
2010-03-03 19:28 . 2010-03-03 19:28 -------- d-----w- c:\arquivos de programas\Adobe Media Player
2010-03-03 19:24 . 2010-03-03 19:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR
2010-03-02 10:05 . 2009-06-09 21:01 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab
2010-03-02 09:10 . 2010-03-02 09:10 -------- d-----w- c:\arquivos de programas\Programas RFB
2010-03-01 02:50 . 2010-03-01 02:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared
2010-03-01 02:47 . 2009-02-25 16:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk
2010-03-01 02:46 . 2009-02-25 16:47 -------- d-----w- c:\arquivos de programas\Autodesk
2010-02-27 19:33 . 2010-02-27 19:33 -------- d-----w- c:\arquivos de programas\VS Revo Group
2010-02-27 18:31 . 2010-02-27 18:08 -------- d-----w- c:\arquivos de programas\DAEMON Tools Pro
2010-02-27 18:30 . 2009-06-11 03:45 -------- d-----w- c:\arquivos de programas\VDOWNLOADER
2010-02-27 18:28 . 2009-08-16 13:56 -------- d-----w- c:\arquivos de programas\NaxDown
2010-02-27 18:12 . 2010-02-27 18:08 -------- d-----w- c:\documents and settings\Matheus\Dados de aplicativos\DAEMON Tools Pro
2010-02-27 18:09 . 2009-07-10 20:32 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-27 18:08 . 2010-02-27 18:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Pro
2010-02-26 11:45 . 2010-02-25 12:37 91696 ----a-w- c:\documents and settings\Matheus\Dados de aplicativos\Dropbox\bin\Uninstall.exe
2010-02-26 11:44 . 2010-02-26 11:44 13264416 ----a-w- c:\documents and settings\Matheus\Dados de aplicativos\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Matheus\Dados de aplicativos\Dropbox\bin\Dropbox.exe
2010-02-25 06:17 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 22:37 . 2009-02-25 16:06 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-02-18 13:16 . 2010-02-18 13:16 -------- d-----w- c:\arquivos de programas\Poladroid
2010-02-13 21:03 . 2010-02-13 21:03 -------- d-----w- c:\arquivos de programas\Winamp Detect
2010-02-12 14:46 . 2010-02-12 14:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 14:46 . 2010-02-12 14:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-11 14:08 . 2010-02-11 14:08 96 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm\Client\uninst2.bat
2010-02-11 14:08 . 2010-02-11 14:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm
2010-02-11 14:08 . 2010-02-11 14:08 683801 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm\Client\UninstWMP\unins000.exe
2010-02-09 23:57 . 2010-02-09 23:57 -------- d-----w- c:\documents and settings\Matheus\Dados de aplicativos\BSplayer Pro
2010-02-09 23:57 . 2010-02-09 23:57 -------- d-----w- c:\arquivos de programas\Webteh
2010-02-07 19:27 . 2010-02-07 17:00 -------- d-----w- c:\arquivos de programas\Microsoft Works
2010-02-07 16:58 . 2010-02-07 16:58 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2010-02-07 14:54 . 2010-02-07 14:53 -------- d-----w- c:\arquivos de programas\QuickTime
2010-02-07 06:15 . 2010-02-07 06:13 -------- d-----w- c:\arquivos de programas\Megacubo
2010-02-07 06:14 . 2010-02-07 06:14 -------- d-----w- c:\arquivos de programas\Orban
2010-02-03 12:58 . 2006-03-02 12:00 83620 ----a-w- c:\windows\system32\perfc016.dat
2010-02-03 12:58 . 2006-03-02 12:00 478376 ----a-w- c:\windows\system32\perfh016.dat
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matheus\Dados de aplicativos\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matheus\Dados de aplicativos\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Matheus\Dados de aplicativos\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Google Update"="c:\documents and settings\Matheus\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-12-11 135664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" [2006-10-10 176128]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"lxczbmgr.exe"="c:\arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]
"desp2k"="c:\arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-11-11 417792]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Microsoft Manager 1"="c:\windows\Java.exe" [2010-03-30 159744]

c:\documents and settings\Matheus\Menu Iniciar\Programas\Inicializar\
Dropbox.lnk - c:\documents and settings\Matheus\Dados de aplicativos\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Matheus\\Dados de aplicativos\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe"=
"c:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe"=
"c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Arquivos de programas\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/7/2009 17:32 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/3/2006 09:00 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [26/7/2009 20:50 108289]
R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [5/2/2010 17:39 61440]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\arquivos de programas\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/3/2009 17:36 86016]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [16/7/2009 11:11 2749736]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [16/7/2009 11:11 15656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-04-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

2010-04-07 c:\windows\Tasks\User_Feed_Synchronization-{A610DD6D-3D89-4D68-B48C-5599280EFE7D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matheus\Dados de aplicativos\Mozilla\Firefox\Profiles\1h87ca8l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.uol.com.br
FF - component: c:\documents and settings\Matheus\Dados de aplicativos\Mozilla\Firefox\Profiles\1h87ca8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Emurayden PSX Emulator - (no file)
HKLM-Run-Microsoft Manager 2 - c:\windows\W2.exe
HKLM-Run-Microsoft Manager 3 - c:\windows\W3.exe
AddRemove-Adobe Acrobat Connect Add-in - c:\documents and settings\Matheus\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 21:29
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys spqa.sys >>UNKNOWN [0x8598E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75b4f28
\Driver\ACPI -> ACPI.sys @ 0xf733ccb8
\Driver\atapi -> atapi.sys @ 0xf72d1b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf71dabb0
PacketIndicateHandler -> NDIS.sys @ 0xf71e7a21
SendHandler -> NDIS.sys @ 0xf71c587b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(500)
c:\windows\system32\WININET.dll
c:\documents and settings\Matheus\Dados de aplicativos\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\VTTimer.exe
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\arquivos de programas\Bonjour\mDNSResponder.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-04-07 21:36:13 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-04-08 00:36
ComboFix2.txt 2009-06-13 13:27

Pré-execução: 2.342.981.632 bytes disponíveis
Pós execução: 3.105.959.936 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A4D4B81A1C48D861296CA3AB62713B37
Asus M4A785TD-M EVO 2x2 markvision 2GB Corsair 450w HD Samsung Sata II 500gb AMD athlon ii x4 3.2 ghz Sapphire ATI Radeon HD7750 1GB OC GDDR5
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#4 Por brando lee
07/04/2010 - 22:49
1) Baixe essa ferramenta ((Malwarebytes)), no link abaixo
http://www.baixaki.com.br/download/malwarebytes-anti-malware.htm

2) Instale-o , quando termina executa-o seleciona ((scan completo))
e clique em ((verificar agora))

3) Quando termina o scam clique em ((Exibir resultado)) , e se detectou algum vírus clique em ((remover selecionados)) Abrirá um Relatório log automatico, Copia e cole aqui.


4) Esses vírus serão mandado para quarentena, ele pedira pra renicia o pc abrirá uma janela pequena clique em ((sim)) pra reniciar o pc e completar a remoção dos vírus.
Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".


Removendo vírus pelo bloco de notas!


© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal