Linha Defensiva | Remova Vírus | BankerFix | Fórum | Sobre
Mal funcionamento

TÓPICO: 107139 | ARQUIVO DO FÓRUM CASOS RESOLVIDOS
pid&pik
Meu computador tem apresentado problemas constantes de funcionamento pode ser ação de virus?

Segue o hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6:58:53 PM, on 11/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\WINDOWS\system32\bndmss.exe
C:\Arquivos de programas\LANDesk\Shared Files\residentagent.exe
C:\Arquivos de programas\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Arquivos de programas\LANDesk\LDClient\tmcsvc.exe
C:\Arquivos de programas\LANDesk\LDClient\vulScan.exe
C:\Arquivos de programas\LANDesk\LDClient\LDIScn32.EXE
C:\ARQUIV~1\LANDesk\LDClient\issuser.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
C:\Arquivos de programas\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Arquivos de programas\LANDesk\LDClient\collector.exe
C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\TO74B9.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
C:\Arquivos de programas\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe
C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe
C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe
C:\DOCUME~1\AUDREY~1.NET\CONFIG~1\Temp\983.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Microsoft ActiveSync\Wcescomm.exe
C:\ARQUIV~1\MI3AA1~1\rapimgr.exe
C:\ARQUIV~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\DOCUME~1\AUDREY~1.NET\CONFIG~1\Temp\RtkBtMnt.exe
C:\Arquivos de programas\Minimodem USB\Minimodem USB.exe
C:\Arquivos de programas\Java\jre1.5.0_07\bin\jucheck.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Arquivos de programas\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Arquivos de programas\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Arquivos de programas\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Arquivos de programas\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Arquivos de programas\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\DOCUME~1\AUDREY~1.NET\CONFIG~1\Temp\983.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [13CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0950\vsse33.exe
O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [12CFG214-K641-24SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ultra.corp
O17 - HKLM\Software\..\Telephony: DomainName = ultra.corp
O17 - HKLM\System\CCS\Services\Tcpip\..\{173AB335-46DF-472C-8AEB-03CA152E6A77}: NameServer = 189.40.224.5 10.223.246.102
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ultra.corp
O17 - HKLM\System\CS1\Services\Tcpip\..\{173AB335-46DF-472C-8AEB-03CA152E6A77}: NameServer = 189.40.224.5 10.223.246.102
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ultra.corp
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Windows Network Data Management System Service (BNDMSS) - Unknown owner - C:\WINDOWS\system32\bndmss.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Arquivos de programas\LANDesk\Shared Files\residentagent.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Arquivos de programas\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Multidifusão dirigida da LANDesk (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Arquivos de programas\LANDesk\LDClient\tmcsvc.exe
O23 - Service: Serviço de controle remoto da LANDesk (ISSUSER) - LANDesk Software, Ltd. - C:\ARQUIV~1\LANDesk\LDClient\issuser.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Arquivos de programas\LANDesk\LDClient\softmon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\OfficeScan Client\tmlisten.exe

Muito obrigado,

Audrey
JoseMelo
Seja bem-vindo(a) à Linha Defensiva

Meu nome é José Melo,

Para que possamos ter sucesso ao final dos procedimentos, sugiro que siga estritamente o que lhe for proposto e não use qualquer ferramenta ou programa, que não seja os aqui recomendados;
Não desinstale nenhuma ferramenta que esteja sendo usada, até a finalização dos procedimentos;
Qualquer dúvida quanto a qualquer procedimento aqui indicado, não hesite em perguntar aqui no tópico ou via Mensagem Pessoal;
Caso tenha um tópico em andamento em outro fórum, recomendo que o abandone para que os procedimentos não sejam conflitantes;
Se preferir receber por e-mail um aviso toda vez que houver resposta no seu tópico, clique em
Imagem postada pelo usuário
no alto da página.
Se tiver mais de um antivírus instalado, mantenha somente um para evitar conflitos e lentidão ao sistema. Faça o mesmo para antispyware com proteção residente.

- Faça o download do Malwarebytes Anti-Malware
http://www.besttechie.net/tools/mbam-setup.exe
  • Faça a instalação dando um duplo clique em "mbam-setup.exe";
  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
  • Marque "Verificação Completa" e depois clique em Verificar;
  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";
  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
  • Copie e cole o conteúdo desse log na sua próxima resposta.
- Gere novo log do HijackThis e cole na sua resposta.
pid&pik
Apos utilizar o Malwarebyte, segue o relatorio.



Malwarebytes' Anti-Malware 1.41
Versão do banco de dados: 3201
Windows 5.1.2600 Service Pack 2

11/20/2009 11:17:43 AM
mbam-log-2009-11-20 (11-17-43).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 156352
Tempo decorrido: 30 minute(s), 47 second(s)

Processos da Memória infectados: 2
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 4
Valores do Registro infectados: 4
Ítens do Registro infectados: 0
Pastas infectadas: 2
Arquivos infectados: 100

Processos da Memória infectados:
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\983.exe (Trojan.Proxy) -> Unloaded process successfully.
C:\WINDOWS\system32\bndmss.exe (Backdoor.Bot) -> Unloaded process successfully.

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bndmss (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\bndmss (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bndmss (Backdoor.Bot) -> Delete on reboot.

Valores do Registro infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg914-k641-26sf-n32p (Worm.Autorun.cool.gif -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-24sf-n85p (Trojan.Buzus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully.

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.

Arquivos infectados:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe (Generic.Bot.H) -> Delete on reboot.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\983.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe (Worm.Autorun.cool.gif -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configurações locais\Temp\008.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configurações locais\Temp\287.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configurações locais\Temp\308.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configurações locais\Temp\312.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\WHAFC5YV\vs8[1].exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\bv2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\bvd32.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\clf32.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\lis32.exe (Trojan.LDPinch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\wiit32.exe (Worm.Palevo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\wsk32.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\873.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\881.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\030.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\043.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\153.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\192.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\259.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\479.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\640.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\504.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\550.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\570.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\639.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\278.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\294.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\335.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temp\430.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Audrey.Netto\Configurações locais\Temporary Internet Files\Content.IE5\CMXVPK2M\vs8[1].exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2849864880-2896087569-357155658-1997\winmap32.exe (Worm.Palevo) -> Delete on reboot.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP239\A0072501.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP239\A0072597.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP239\A0072414.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP239\A0072448.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP239\A0072484.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP239\A0072537.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP239\A0072554.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP239\A0072630.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP240\A0072661.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP240\A0072692.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP240\A0072720.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP240\A0072735.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP240\A0072752.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP240\A0072773.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP240\A0072788.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP240\A0072854.exe (Trojan.Slenugga) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP241\A0072956.exe (Trojan.Slenugga) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP241\A0072987.exe (Trojan.Slenugga) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP241\A0073022.exe (Trojan.Slenugga) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP241\A0073088.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP241\A0073141.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP241\A0073172.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP241\A0073189.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP241\A0073225.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP242\A0073241.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP243\A0073269.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP243\A0073315.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP244\A0073344.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP248\A0073600.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP248\A0073634.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP248\A0073674.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP250\A0074761.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP250\A0074779.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP250\A0074805.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP250\A0074723.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP250\A0074850.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP250\A0074864.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP250\A0074890.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0075896.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0075915.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0075934.exe (Worm.Kolab) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0075967.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0075996.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076022.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076049.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076105.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076133.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076173.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076191.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076209.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076233.exe (Trojan.Slenugga) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076264.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076288.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP252\A0076312.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP253\A0076333.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP253\A0076381.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP253\A0076352.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP254\A0076614.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A3F41129-FC0F-467F-947E-F6AEDC76E650}\RP254\A0076631.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\winx.log (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bndmss.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\systemos1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\systemos2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Muito obrigado,

Audrey
JoseMelo
- Faça o download do ComboFix de sUBs e salve-o no desktop;
OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)
  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo clique no ComboFix.exe;
  • Na próxima janela clique em Executar, aceite o contrato e aguarde até que o relatório seja gerado;
    OBS: Caso não queira que seja instalado o console de recuperação do Windows, clique em "Não" e depois concorde que a verificação prossiga.
    Ao ser instalado o console, na inicialização do sistema será apresentada a tela para seleção dos sistemas operacionais.

    Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br
  • Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento;
  • O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";
  • Anexe o ComboFix.txt à sua resposta conforme as instruções abaixo
    http://www.linhadefensiva.org/forum/index.php?showtopic=595
pid&pik
Boa tarde,

Apos utilizar o ComboxFix, segue o relatorio anexo.


Muito obrigado,

Audrey
Anexo: Combofix_relatorio.txt
JoseMelo
- Ok, o log está limpo smile.gif

- Digite no Executar combofix /uninstall e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção da ferramenta;

- Instale o SP3:
http://www.microsoft.com/downloads/details...08-1e1555d4f3d4

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:
  • Clique em Salvar e quando terminado o download, faça a instalação;
  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados
- Desative e ative novamente a Restauração do Sistema

- Leitura recomendada:
http://www.linhadefensiva.org/forum/index....showtopic=75646

- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

- Se não tiver mais problema, clique no botão
Imagem postada pelo usuário
e diga que o seu caso foi resolvido.
TrisTa
Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.
©2005-2010 Linha Defensiva. Todos os Direitos Reservados.

Invision Power Board © 2001-2010 Invision Power Services, Inc.
Adaptado por Shaun Harrison
Traduzido e modificado por Fantome e David, Lafter
Alteração para arquivamento por Altieres Rohr