Ir para conteúdo

Foto

Avast detecta virus em tudo


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
19 respostas neste tópico

#1
padaria

padaria

    Novato

  • Novato
  • Pip
  • 29 posts
De uns dias atras, meu avast esta detectando virus em tudo, ele moveu tudo pra quarentene, utorrent, msn, hijack, tudo, gostaria de ter o auxilio de vocês nessa enpreitada para solucionar meu problema.
o log do hijack esta ai
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:51:38, on 12/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugin-container.exe
C:\Users\Victor\Desktop\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost name resolution is handled within dns itself.
O1 - Hosts: ::1 localhost
O1 - Hosts: 78.46.17.80 l2authd.lineage2.com
O1 - Hosts: 78.46.17.80 l2patcher.lineage2.com
O1 - Hosts: 78.46.17.80 nprotect.lineage2.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: EZ Macros.lnk = C:\Program Files\American Systems\EZ Macros\EZMacros.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7691 bytes

#2
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.186 posts
padaria,

Peço a você, por gentileza, que poste um novo Log do Hijackthis.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#3
padaria

padaria

    Novato

  • Novato
  • Pip
  • 29 posts
esta ai.....
o que o avast diz q tem nos meus arquivos é Win32:Jeefo

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:55:18, on 12/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugin-container.exe
C:\Users\Victor\Desktop\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost name resolution is handled within dns itself.
O1 - Hosts: ::1 localhost
O1 - Hosts: 78.46.17.80 l2authd.lineage2.com
O1 - Hosts: 78.46.17.80 l2patcher.lineage2.com
O1 - Hosts: 78.46.17.80 nprotect.lineage2.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: EZ Macros.lnk = C:\Program Files\American Systems\EZ Macros\EZMacros.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7629 bytes

Editado por padaria, 12 outubro 2010 - 14:02.


#4
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.186 posts
padaria,

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.
NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#5
padaria

padaria

    Novato

  • Novato
  • Pip
  • 29 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da Base de Dados: 4805

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/10/2010 15:30:51
mbam-log-2010-10-12 (15-30-51).txt

Tipo de Verificação: Verificação Rápida
Objetos escaneados: 156759
Tempo decorrido: 6 minuto(s), 10 segundo(s)

Processos de Memória Infectados: 1
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 1
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 1

Processos de Memória Infectados:
C:\Windows\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager (Trojan.Agent) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.



hijack

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:35:17, on 12/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugin-container.exe
C:\Users\Victor\Desktop\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost name resolution is handled within dns itself.
O1 - Hosts: ::1 localhost
O1 - Hosts: 78.46.17.80 l2authd.lineage2.com
O1 - Hosts: 78.46.17.80 l2patcher.lineage2.com
O1 - Hosts: 78.46.17.80 nprotect.lineage2.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: EZ Macros.lnk = C:\Program Files\American Systems\EZ Macros\EZMacros.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7691 bytes

#6
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.186 posts
padaria,

Baixe o Kaspersky AVP Tool de um desses 2 links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

Salve-o em sua área de trabalho.

Execute o arquivo e vá seguindo os prompts. Quando terminar, entre na pasta Virus Removal Tool, que foi criada no mesmo diretório onde você salvou o arquivo de instalação.

Para abrir o programa, faça duplo clique sobre o atalho
Imagem Postada

Marque a caixa ao lado de:
  • Meu Computador
  • Disco local (C:)
Marque também todas as unidades que aparecem abaixo de Disco Local, caso houver.

Clique no botão
Imagem Postada

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.
Clique em Skip (queremos apenas o log).

Obs: Talvez seja necessário clicar em Skip várias vezes, caso o programa encontre vários arquivos, portanto seja paciente.

Enquanto durar o exame, o botão Scan será substituído por um quadrado vermelho, com a mensagem Stop Scan

Quando o exame terminar, o botão Scan aparecerá novamente.

Caso a ferramenta tenha encontrado algo, este botão
Imagem Postada
ficará vermelho
Imagem Postada

Quando terminar, clique no botão Report, no rodapé da janela.

Clique no sinal + ao lado do último Autoscan da lista (o mais recente)

Imagem Postada

Clique uma vez sobre Task Started para selecionar a linha, segure a tecla shift pressionada e depois clique uma vez sobre Task Completed

Clique com o direito sobre a seleção, depois clique em Copy

Vá em Iniciar > Executar e digite notepad

Quando o bloco de notas abrir, clique com o direito em qualquer lugar vazio e escolha a opção colar
Salve o log com o nome log.txt, em algum local de fácil acesso.

Copie todo o conteúdo deste log e cole na sua próxima resposta.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#7
padaria

padaria

    Novato

  • Novato
  • Pip
  • 29 posts
o log está muito grande e não da para anexar
Dividi ele em partes.. acho que estou com muitos problemas nesse computador :(

Editado por padaria, 12 outubro 2010 - 23:17.


#8
padaria

padaria

    Novato

  • Novato
  • Pip
  • 29 posts
12/10/2010 17:09:42 Task started
12/10/2010 17:11:59 Detected: Virus.Win32.Hidrag.a C:\Arquivos de Programas\HijackThis\HijackThis.exe
12/10/2010 17:12:15 Untreated: Virus.Win32.Hidrag.a C:\Arquivos de Programas\HijackThis\HijackThis.exe Skipped by user
12/10/2010 17:12:20 Detected: Virus.Win32.Hidrag.a C:\Arquivos de Programas\Microsoft SDKs\Windows\v7.1\Setup\WindowsSdkVer.exe
12/10/2010 17:12:20 Untreated: Virus.Win32.Hidrag.a C:\Arquivos de Programas\Microsoft SDKs\Windows\v7.1\Setup\WindowsSdkVer.exe Skipped by user
12/10/2010 17:12:22 Detected: Virus.Win32.Hidrag.a C:\Arquivos de Programas\Microsoft SDKs\Windows\v7.1\Setup\SDKSetup.exe
12/10/2010 17:12:22 Untreated: Virus.Win32.Hidrag.a C:\Arquivos de Programas\Microsoft SDKs\Windows\v7.1\Setup\SDKSetup.exe Skipped by user
12/10/2010 17:22:02 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\patcher_update.exe
12/10/2010 17:22:02 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\patcher_update.exe Skipped by user
12/10/2010 17:22:03 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\TempRealCharacterBuilderUpdater.exe
12/10/2010 17:22:03 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\TempRealCharacterBuilderUpdater.exe Skipped by user
12/10/2010 17:25:07 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR01.159\Patch\main.exe
12/10/2010 17:25:07 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR01.159\Patch\main.exe Skipped by user
12/10/2010 17:25:08 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\UDK-ca22915a-82f0-49ec-a009-ce8fb6e1ed13\Binaries\UnSetup.exe
12/10/2010 17:25:08 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\UDK-ca22915a-82f0-49ec-a009-ce8fb6e1ed13\Binaries\UnSetup.exe Skipped by user
12/10/2010 17:25:09 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR08.105\Patch\main.exe
12/10/2010 17:25:09 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR08.105\Patch\main.exe Skipped by user
12/10/2010 17:25:09 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR05.869\Patch\main.exe
12/10/2010 17:25:09 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Local\Temp\Rar$DR05.869\Patch\main.exe Skipped by user
12/10/2010 17:26:25 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
12/10/2010 17:26:25 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe Skipped by user
12/10/2010 17:32:33 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\patcher_update.exe
12/10/2010 17:32:33 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\patcher_update.exe Skipped by user
12/10/2010 17:32:34 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\TempRealCharacterBuilderUpdater.exe
12/10/2010 17:32:34 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\TempRealCharacterBuilderUpdater.exe Skipped by user
12/10/2010 17:34:12 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR01.159\Patch\main.exe
12/10/2010 17:34:12 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR01.159\Patch\main.exe Skipped by user
12/10/2010 17:34:22 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\UDK-ca22915a-82f0-49ec-a009-ce8fb6e1ed13\Binaries\UnSetup.exe
12/10/2010 17:34:22 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\UDK-ca22915a-82f0-49ec-a009-ce8fb6e1ed13\Binaries\UnSetup.exe Skipped by user
12/10/2010 17:34:24 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR05.869\Patch\main.exe
12/10/2010 17:34:24 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR08.105\Patch\main.exe
12/10/2010 17:34:24 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR08.105\Patch\main.exe Skipped by user
12/10/2010 17:34:24 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Configurações locais\Temp\Rar$DR05.869\Patch\main.exe Skipped by user
12/10/2010 17:34:55 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Dados de aplicativos\BSplayer\Haali media splitter\gdsmux.exe
12/10/2010 17:34:55 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Dados de aplicativos\BSplayer\Haali media splitter\gdsmux.exe Skipped by user
12/10/2010 17:39:16 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\82199-AutoClick.exe
12/10/2010 17:39:16 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\82199-AutoClick.exe Skipped by user
12/10/2010 17:39:17 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\drivermax.exe
12/10/2010 17:39:17 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\drivermax.exe Skipped by user
12/10/2010 17:39:41 Detected: Trojan-PSW.Win32.QQShou.afk C:\Documents and Settings\Victor\Desktop\Injector dll+Injector Mod+Rmver.rar/Injector dll+Injector Mod+Rmver/Inject Mod e Dll.exe
12/10/2010 17:39:51 Untreated: Trojan-PSW.Win32.QQShou.afk C:\Documents and Settings\Victor\Desktop\Injector dll+Injector Mod+Rmver.rar/Injector dll+Injector Mod+Rmver/Inject Mod e Dll.exe Write not supported
12/10/2010 17:41:32 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\MousePointClicker.exe
12/10/2010 17:41:32 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\MousePointClicker.exe Skipped by user
12/10/2010 17:42:31 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Patch.rar/Patch/main.exe
12/10/2010 17:42:31 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Patch.rar/Patch/main.exe Write not supported
12/10/2010 17:44:22 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Capcom_by_rafaloko\Capcom\Capcom.exe
12/10/2010 17:44:22 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Capcom_by_rafaloko\Capcom\Capcom.exe Skipped by user
12/10/2010 17:45:01 Detected: Trojan-PSW.Win32.QQShou.afk C:\Documents and Settings\Victor\Desktop\Injector dll+Injector Mod+Rmver\Injector dll+Injector Mod+Rmver\Inject Mod e Dll.exe
12/10/2010 17:45:03 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\eMule\LinkCreator.exe
12/10/2010 17:45:06 Untreated: Trojan-PSW.Win32.QQShou.afk C:\Documents and Settings\Victor\Desktop\Injector dll+Injector Mod+Rmver\Injector dll+Injector Mod+Rmver\Inject Mod e Dll.exe Skipped by user
12/10/2010 17:45:06 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\eMule\LinkCreator.exe Skipped by user
12/10/2010 17:46:49 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\WKIDS - Clássicos Favoritos das Virtudes\unins000.exe
12/10/2010 17:46:49 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\WKIDS - Clássicos Favoritos das Virtudes\unins000.exe Skipped by user
12/10/2010 17:46:52 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\WKIDS - Clássicos Favoritos das Virtudes\Clássicos Favoritos das Virtudes.exe
12/10/2010 17:46:52 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Mariana Arquivos\WKIDS - Clássicos Favoritos das Virtudes\Clássicos Favoritos das Virtudes.exe Skipped by user
12/10/2010 17:46:59 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Nova pasta (2)\sXeInjectedSetup.11.0.exe
12/10/2010 17:46:59 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\Nova pasta (2)\sXeInjectedSetup.11.0.exe Skipped by user
12/10/2010 17:47:00 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\rb3e_src_bin_v0.2.1.0\bin\Redblade3e.exe
12/10/2010 17:47:00 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\rb3e_src_bin_v0.2.1.0\bin\Redblade3e.exe Skipped by user
12/10/2010 17:47:03 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\Installer.exe
12/10/2010 17:47:03 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\Installer.exe Skipped by user
12/10/2010 17:47:14 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\tibia850.exe
12/10/2010 17:47:14 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\tibia850.exe Skipped by user
12/10/2010 17:47:15 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\TibiaMaps.exe
12/10/2010 17:47:15 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\TibiaMaps.exe Skipped by user
12/10/2010 17:47:16 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\TibiaMCV.exe
12/10/2010 17:47:16 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\tibia\TibiaMCV.exe Skipped by user
12/10/2010 17:48:07 Detected: Trojan.Win32.Midgare.asqk C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\L33T_Menu_v1.6.dll
12/10/2010 17:48:22 Untreated: Trojan.Win32.Midgare.asqk C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\L33T_Menu_v1.6.dll Skipped by user
12/10/2010 17:48:28 Detected: Trojan.Win32.Midgare.arze C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\L33T_WC_Menu_v1.3.dll
12/10/2010 17:48:33 Untreated: Trojan.Win32.Midgare.arze C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\L33T_WC_Menu_v1.3.dll Skipped by user
12/10/2010 17:48:37 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\mbam-setup-1.46_baixaki.exe
12/10/2010 17:48:37 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\mbam-setup-1.46_baixaki.exe Skipped by user
12/10/2010 17:48:40 Detected: Backdoor.Win32.Hupigon.mbmq C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\Web Cheats Injetor.exe
12/10/2010 17:48:40 Untreated: Backdoor.Win32.Hupigon.mbmq C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\Web Cheats Injetor.exe Skipped by user
12/10/2010 17:48:40 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\wrar393br.exe
12/10/2010 17:48:40 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\wrar393br.exe Skipped by user
12/10/2010 17:48:43 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\Nova pasta\rrpg.exe
12/10/2010 17:48:43 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Desktop\VovoTURBO_by_Alonso_UpBy_M.santana\Nova pasta\rrpg.exe Skipped by user
12/10/2010 18:01:05 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\gifs\orbit.exe
12/10/2010 18:01:05 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\gifs\orbit.exe Skipped by user
12/10/2010 18:03:09 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\DDI_CB.exe
12/10/2010 18:03:09 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\DDI_CB.exe Skipped by user
12/10/2010 18:03:09 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\DM-HSS-1.47-install-anchorfree-76-conduit.exe
12/10/2010 18:03:09 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\DM-HSS-1.47-install-anchorfree-76-conduit.exe Skipped by user
12/10/2010 18:03:33 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\wlsetup-web.exe
12/10/2010 18:03:33 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\junho\wlsetup-web.exe Skipped by user
12/10/2010 18:05:40 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\outubro\hijackthis_sfx.exe
12/10/2010 18:05:40 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\outubro\hijackthis_sfx.exe Skipped by user
12/10/2010 18:05:49 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\setembro\eMule0.50a-Installer.exe
12/10/2010 18:05:49 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\setembro\eMule0.50a-Installer.exe Skipped by user
12/10/2010 18:06:03 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\setembro\Mp3EditorforFree.exe
12/10/2010 18:06:03 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\Downloads\torrents\setembro\Mp3EditorforFree.exe Skipped by user
12/10/2010 18:12:15 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\temp\TeamViewer\Version5\TeamViewer_.exe
12/10/2010 18:12:15 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Victor\temp\TeamViewer\Version5\TeamViewer_.exe Skipped by user
12/10/2010 18:12:17 Detected: Virus.Win32.Hidrag.a C:\Downloads\CheatEngine561.exe
12/10/2010 18:12:17 Untreated: Virus.Win32.Hidrag.a C:\Downloads\CheatEngine561.exe Skipped by user
12/10/2010 18:12:17 Detected: Virus.Win32.Hidrag.a C:\Downloads\kitsusaga_us_downloader.exe
12/10/2010 18:12:17 Untreated: Virus.Win32.Hidrag.a C:\Downloads\kitsusaga_us_downloader.exe Skipped by user
12/10/2010 18:13:12 Detected: Virus.Win32.Hidrag.a C:\Downloads\PhysX_9.10.0513_SystemSoftware.exe
12/10/2010 18:13:12 Untreated: Virus.Win32.Hidrag.a C:\Downloads\PhysX_9.10.0513_SystemSoftware.exe Skipped by user
12/10/2010 18:13:31 Detected: Virus.Win32.Hidrag.a C:\Downloads\setup_av_free.exe
12/10/2010 18:13:31 Untreated: Virus.Win32.Hidrag.a C:\Downloads\setup_av_free.exe Skipped by user
12/10/2010 18:16:50 Detected: Virus.Win32.Hidrag.a C:\DriveKey\HijackThis.exe
12/10/2010 18:16:50 Untreated: Virus.Win32.Hidrag.a C:\DriveKey\HijackThis.exe Skipped by user
12/10/2010 18:17:19 Detected: Virus.Win32.Hidrag.a C:\DriveKey\HPUSBFW.EXE
12/10/2010 18:17:19 Untreated: Virus.Win32.Hidrag.a C:\DriveKey\HPUSBFW.EXE Skipped by user
12/10/2010 18:17:19 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\CAV.exe
12/10/2010 18:17:19 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\CAV.exe Skipped by user
12/10/2010 18:17:22 Detected: Virus.Win32.Hidrag.a C:\Downloads\Mudrake_Full_Sem_Som.exe
12/10/2010 18:17:22 Untreated: Virus.Win32.Hidrag.a C:\Downloads\Mudrake_Full_Sem_Som.exe Skipped by user
12/10/2010 18:17:24 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\NGM.exe
12/10/2010 18:17:24 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\NGM.exe Skipped by user
12/10/2010 18:17:27 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\NMService.exe
12/10/2010 18:17:27 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\NMService.exe Skipped by user
12/10/2010 18:17:36 Detected: Virus.Win32.Hidrag.a C:\Downloads\wesnoth-1.9.1-win32.exe
12/10/2010 18:17:36 Untreated: Virus.Win32.Hidrag.a C:\Downloads\wesnoth-1.9.1-win32.exe Skipped by user
12/10/2010 18:17:51 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\AhnRpt.exe
12/10/2010 18:17:51 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\AhnRpt.exe Skipped by user
12/10/2010 18:17:54 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\HsLogMgr.exe
12/10/2010 18:17:54 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\HsLogMgr.exe Skipped by user
12/10/2010 18:17:54 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\HSUpdate.exe
12/10/2010 18:17:54 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\HSUpdate.exe Skipped by user
12/10/2010 18:18:08 Detected: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\Update\autoup.exe
12/10/2010 18:18:08 Untreated: Virus.Win32.Hidrag.a C:\Level Up! Games\Combat Arms\HShield\Update\autoup.exe Skipped by user
12/10/2010 18:19:04 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\3DVision_195.62.exe
12/10/2010 18:19:04 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\3DVision_195.62.exe Skipped by user
12/10/2010 18:19:07 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\hdaudio_1.00.00.63_xp_vista_win7.exe
12/10/2010 18:19:07 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\hdaudio_1.00.00.63_xp_vista_win7.exe Skipped by user
12/10/2010 18:19:29 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\NvCplSetupEng.exe
12/10/2010 18:19:29 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\NvCplSetupEng.exe Skipped by user
12/10/2010 18:19:48 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\setup.exe
12/10/2010 18:19:48 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\setup.exe Skipped by user
12/10/2010 18:19:54 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\PhysX_9.09.0814_SystemSoftware.exe
12/10/2010 18:19:54 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English\PhysX_9.09.0814_SystemSoftware.exe Skipped by user
12/10/2010 18:19:55 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\3DVision_196.21.exe
12/10/2010 18:19:56 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\3DVision_196.21.exe Skipped by user
12/10/2010 18:19:58 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\hdaudio_1.00.00.63_xp_vista_win7.exe
12/10/2010 18:19:58 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\hdaudio_1.00.00.63_xp_vista_win7.exe Skipped by user
12/10/2010 18:20:10 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\NvCplSetupEng.exe
12/10/2010 18:20:10 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\NvCplSetupEng.exe Skipped by user
12/10/2010 18:20:14 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\hdaudio_1.0.9.1_xp_vista_win7.exe
12/10/2010 18:20:14 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\hdaudio_1.0.9.1_xp_vista_win7.exe Skipped by user
12/10/2010 18:20:16 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\3DVision_197.45.exe
12/10/2010 18:20:16 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\3DVision_197.45.exe Skipped by user
12/10/2010 18:20:20 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\PhysX_9.09.1112_SystemSoftware.exe
12/10/2010 18:20:20 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7_64\English\PhysX_9.09.1112_SystemSoftware.exe Skipped by user
12/10/2010 18:20:23 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\NvCplSetupEng.exe
12/10/2010 18:20:23 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\NvCplSetupEng.exe Skipped by user
12/10/2010 18:20:31 Detected: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\setup.exe
12/10/2010 18:20:31 Untreated: Virus.Win32.Hidrag.a C:\NVIDIA\DisplayDriver\197.45\WinVista_Win7_64\English\setup.exe Skipped by user
12/10/2010 18:20:31 Detected: Virus.Win32.Hidrag.a C:\Program Files\HijackThis\HijackThis.exe
12/10/2010 18:20:31 Untreated: Virus.Win32.Hidrag.a C:\Program Files\HijackThis\HijackThis.exe Skipped by user
12/10/2010 18:20:31 Detected: Virus.Win32.Hidrag.a C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\WindowsSdkVer.exe
12/10/2010 18:20:31 Untreated: Virus.Win32.Hidrag.a C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\WindowsSdkVer.exe Skipped by user
12/10/2010 18:20:32 Detected: Virus.Win32.Hidrag.a C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\SDKSetup.exe
12/10/2010 18:20:32 Untreated: Virus.Win32.Hidrag.a C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\SDKSetup.exe Skipped by user
12/10/2010 18:20:33 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\adma\Google Book Downloader\GBDownloader.exe
12/10/2010 18:20:33 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\adma\Google Book Downloader\GBDownloader.exe Skipped by user
12/10/2010 18:20:34 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe
12/10/2010 18:20:34 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe Skipped by user
12/10/2010 18:20:35 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
12/10/2010 18:20:35 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe Skipped by user
12/10/2010 18:20:35 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
12/10/2010 18:20:35 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe Skipped by user
12/10/2010 18:20:36 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe
12/10/2010 18:20:36 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe Skipped by user
12/10/2010 18:21:06 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe
12/10/2010 18:21:06 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe Skipped by user
12/10/2010 18:21:08 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\AxBx\Clean Virus MSN\CleanVirusMSN.exe
12/10/2010 18:21:08 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\AxBx\Clean Virus MSN\CleanVirusMSN.exe Skipped by user
12/10/2010 18:21:14 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe
12/10/2010 18:21:14 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe Skipped by user
12/10/2010 18:21:16 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\Tutorial.exe
12/10/2010 18:21:16 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\Tutorial.exe Skipped by user
12/10/2010 18:21:18 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\unins000.exe
12/10/2010 18:21:18 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\unins000.exe Skipped by user
12/10/2010 18:21:19 Detected: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\unins001.exe
12/10/2010 18:21:19 Untreated: Virus.Win32.Hidrag.a C:\Program Files (x86)\Cheat Engine\unins001.exe Skipped by user

#9
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.186 posts
padaria,

Observações:

1 - É possível que seja necessário executar este procedimento mais de uma vez para garantir que os arquivos infectados tenham sido removidos.

2 - Talvez a ferramenta não consiga restaurar todos os arquivos infectados, o que nos leva para uma formatação necessária. É aconselhável que salve seus documentos, fotos, músicas, vídeos e etc... MENOS ARQUIVOS .EXE e proceda com a formatação.

3 - Por segurança, realize os backups citados acima antes de executar a ferramenta.

4 - Após executar o procedimento abaixo, se ainda for prosseguir com as análises, poste um novo log do Hijackthis.



Baixe Dr.WebCureIt em um PC limpo e grave-a em um CD-RW:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).
  • Execute o arquivo drweb-cureit.exe, clique em Iniciar e deixe que ele faça uma verificação expressa no seu pc (express scan).
  • Ele vai escanear os arquivos que estão rodando na memória e quando ele encontrar algo, clique no botão yes para permitir que ele recupere o arquivo infectado.(Esse é um exame rápido)
  • De volta à janela principal, marque a opção Verificação Completa.
  • Clique na seta verde para iniciar o exame, conforme a imagem abaixo:
Imagem Postada
  • Se ele perguntar se você deseja curar/mover o arquivo, clique em Sim para todos.
  • Caso o programa não possa curá-los, ele irá movê-los para a pasta Quarentena, no diretório do DoctorWeb.
  • Feito isto, vá no menu superior e clique na opção Ficheiros > Guardar listas de arquivos
  • Salve a lista na sua área de trabalho. A lista será salva como DrWeb.csv
  • Feche o programa.
  • Reinicie seu computador para que o programa termine de deletar/mover os arquivos que estavam sendo usados.


Talvez já seja melhor fazer os backups e formatar em virtude da quantidade de arquivos de programas já comprometidos pelo malware.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#10
padaria

padaria

    Novato

  • Novato
  • Pip
  • 29 posts
Ciro, como eu imaginava, resultaria em formatação mesmo, tenho um hd externo para backup, será que os arquivos exe que estao dentro dele tambem esta infectados?
se eu fizer um backup de meus arquivos, menos os exe, não correrei o risco de infectar-me novamente quando copiar estes arquivos novamente para o pc?
Aguardo e agradeço a atenção desprendida

#11
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.186 posts
padaria,

Ciro, como eu imaginava, resultaria em formatação mesmo, tenho um hd externo para backup, será que os arquivos exe que estao dentro dele tambem esta infectados?


Se ele está sempre conectado ao PC, sim, é possível que os arquivos .exe contidos nele já estejam comprometidos.

se eu fizer um backup de meus arquivos, menos os exe, não correrei o risco de infectar-me novamente quando copiar estes arquivos novamente para o pc?


O malware afeta a arquivos executáveis, então uma foto ou uma música não oferecerão riscos de nova infecção no futuro.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#12
padaria

padaria

    Novato

  • Novato
  • Pip
  • 29 posts
estou no trabalho e estou baixando a ferramenta que me indicou, mas de qualquer forma, farei o backup antes e executarei as tarefas indicadas, assim que tiver novidades posto aqui.
obrigado mesmo

#13
padaria

padaria

    Novato

  • Novato
  • Pip
  • 29 posts
Cara, esse webcureit aí, é d+...
limpo aparentemente tudo os exe, o avast está ate funcionando de novo ^^
o log do hijack está aí

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:02:04, on 14/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\Victor\Desktop\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: EZ Macros.lnk = C:\Program Files\American Systems\EZ Macros\EZMacros.exe
O4 - Startup: setup_9.0.0.722_12.10.2010_18-36.lnk = Victor\Desktop\Virus Removal Tool\setup_9.0.0.722_12.10.2010_18-36\startup.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7390 bytes

#14
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.186 posts
padaria,

A verificação foi repetida mais de uma vez para verificar se realmente todos os arquivos foram limpos/removidos?


Baixe OTL by OldTimer, e salve na sua área de trabalho.

Feche todas as janelas e execute a ferramenta.

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em
Imagem Postada
.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs
msconfig
safebootminimal
safebootnetwork
drivers32 /all
%systemroot%\system32\drivers\*.* /90
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*. /mp /s
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy



Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a ) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#15
padaria

padaria

    Novato

  • Novato
  • Pip
  • 29 posts
os dois logs estao no arquivo zipado.
o forum não aceitava meu arquivo rar e nem me deixava postar os log pois era muito grande peço desculpa pelos posts seguidos.

Arquivo(s) anexado(s)


Editado por padaria, 14 outubro 2010 - 21:25.


#16
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.186 posts
padaria,

Selecione estas linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar:


:OTL
DRV - [2010/07/17 20:01:31 | 000,011,008 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\ActUsb.sys -- (ActUsb)
[2010/10/04 21:16:26 | 000,004,966 | ---- | M] () -- C:\ProgramData\qcshnlgj.fwn
[2010/09/10 23:58:49 | 000,004,996 | ---- | M] () -- C:\ProgramData\cmxvgkig.mem
[2010/09/10 23:38:03 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\PJGuard.dll
[2010/07/17 20:01:31 | 000,011,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\ActUsb.sys
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:93DF240E

:Commands
[createrestorepoint]
[purity]
[emptytemp]


Execute o OTL.exe

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em
Imagem Postada
.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão
Imagem Postada

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

Poste também um novo log do Hijackthis.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#17
padaria

padaria

    Novato

  • Novato
  • Pip
  • 29 posts
All processes killed
========== OTL ==========
Service ActUsb stopped successfully!
Service ActUsb deleted successfully!
C:\Windows\SysWOW64\drivers\ActUsb.sys moved successfully.
C:\ProgramData\qcshnlgj.fwn moved successfully.
C:\ProgramData\cmxvgkig.mem moved successfully.
C:\Windows\SysWOW64\PJGuard.dll moved successfully.
File C:\Windows\SysWow64\drivers\ActUsb.sys not found.
ADS C:\ProgramData\TEMP:93DF240E deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: adm

User: All Users

User: AppData

User: Convidado
->Temp folder emptied: 53243 bytes
->Temporary Internet Files folder emptied: 295943 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Victor
->Temp folder emptied: 2602814953 bytes
->Temporary Internet Files folder emptied: 29589613 bytes
->Java cache emptied: 32267212 bytes
->FireFox cache emptied: 85175446 bytes
->Opera cache emptied: 5909927 bytes
->Flash cache emptied: 86464151 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 311296 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103431833 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68006 bytes
RecycleBin emptied: 1509994 bytes

Total Files Cleaned = 2.811,00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10152010_184814

Files\Folders moved on Reboot...
C:\Users\Victor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
-----------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:56:43, on 15/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 4\plugin-container.exe
C:\Users\Victor\Desktop\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: EZ Macros.lnk = C:\Program Files\American Systems\EZ Macros\EZMacros.exe
O4 - Startup: setup_9.0.0.722_12.10.2010_18-36.lnk = Victor\Desktop\Virus Removal Tool\setup_9.0.0.722_12.10.2010_18-36\startup.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7587 bytes

#18
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.186 posts
padaria,

Para finalizar:
  • Execute o OTL.exe
    Clique no botão
    Imagem Postada
    .

    Permita que seu computador seja reiniciado.

  • Imagem Postada
    Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java Runtime Environment (JRE) 6u22.
    • Procure onde está escrito "Java Platform, Standard Edition".
    • Clique no botão Download JRE.
    • Em Plataform: selecione Windows.
    • Marque a caixa I agree to the Java SE Runtime Environment 6u22 with JavaFX License Agreement..
    • Clique em Continue.
    • Clique no link para download Windows Offline Installation e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-6u22-windows-i586.exe para instalar a mais nova versão.

  • Imagem Postada
    Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.

  • Para manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.

  • Visite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.


  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/

  • Se não há mais nenhum problema relacionado a malwares, clique no botão
    Imagem Postada
    e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#19
padaria

padaria

    Novato

  • Novato
  • Pip
  • 29 posts
valeu Ciro.. tudo de bom pra você viu...
abraço

#20
Astromech

Astromech

    Moderador

  • Moderador
  • 2.047 posts
Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.