[Resolvido] Virus

Alex_Menezes · Maio 26, 2008

Galera,

Estou com um problema no Win 2000 Prof é o seguinte em off-line toda hora ficar colocando uma mensagem que não foi possível conectar com a Internet mensagem do I.E 6,quando eu me conecto passado algum tempo não consigo mais trabalhar com o Windows Explorer o mesmo fica abrindo e fechando o mesmo acontece com a área de trablaho fica abrindo e fechando.

Por favor se alguém puder me ajudar,desde já agradeço !

Obrigado!

Silas Martins · Maio 26, 2008

Execute as instruções contidas Aqui

Flávio Guimarães Caetano · Maio 26, 2008

Olá Alex! Poste um log do programa HijackThis na sua próxima resposta conforme instruções que você encontra no link abaixo:

http://forum.imasters.com.br/index.php?showtopic=165906

Ficamos no aguardo de sua resposta com o log do HijackThis.

Alex_Menezes · Maio 26, 2008

Segue o log Flávio!

Logfile of HijackThis v1.99.1

Scan saved at 09:22:26, on 26/5/2008

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\ibmpmsvc.exe

C:\WINNT\System32\Ati2evxx.exe

C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Program Files\Siemens\HiPath 4000 Expert Access\ComWinSvc.exe

C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe

C:\WINNT\system32\regsvc.exe

C:\Arquivos de programas\Trend Micro\RUBotted\TMRUBotted.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINNT\system32\stisvc.exe

c:\arquivos de programas\lenovo\system update\suservice.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

C:\WINNT\system32\UTSCSI.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Ati2evxx.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\ARQUIV~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

C:\ARQUIV~1\ThinkPad\UTILIT~1\NPDTray.exe

C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe

C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINNT\WinLogT.exe

C:\Arquivos de programas\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\Arquivos de programas\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\WINNT\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Siemens\HiPath 4000 Expert Access\comwinsvr.exe

C:\Arquivos de programas\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\Arquivos de programas\Google\Web Accelerator\googlewebaccclient.exe

C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe

C:\WINNT\explorer.exe

C:\WINNT\system32\msiexec.exe

C:\Documents and Settings\Administrador\Meus documentos\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: (no name) - {B6E95516-27C0-443D-9BA9-ABD8C12BAE16} - C:\WINNT\system32\qoMcabaw.dll

O2 - BHO: G-Buster Browser Defense BMB - {C41A1C0E-EA6C-11D4-B1B8-444553540001} - C:\WINNT\Downloaded Program Files\gbiehbmb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: (no name) - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - (no file)

O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [synTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\ARQUIV~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [TPHOTKEY] C:\ARQUIV~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [NPDTRAY] C:\ARQUIV~1\ThinkPad\UTILIT~1\NPDTray.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [WinLogT] C:\WINNT\WinLogT.exe

O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Arquivos de programas\Trend Micro\RUBotted\TMRUBottedTray.exe"

O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] spool32.exe

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ComWin-Frame] C:\Program Files\Siemens\HiPath 4000 Expert Access\comwinsvr.exe /hidemainform

O4 - HKCU\..\Run: [iDMan] C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [Performance Center] C:\Arquivos de programas\Ascentive\Performance Center\ApcMain.exe -m

O4 - HKCU\..\Run: [internetVelocity] C:\Arquivos de programas\InternetVelocity\InternetVelocity.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccWarden.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Download all links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Escorted Browsing - {7DCCBC1A-BD11-45A2-9FBB-3704AEAD5A39} - c:\rrclient\TPushURL.dll

O9 - Extra 'Tools' menuitem: Escorted Browsing - {7DCCBC1A-BD11-45A2-9FBB-3704AEAD5A39} - c:\rrclient\TPushURL.dll

O9 - Extra button: Send This Page - {8EDE61C0-56A4-422E-9F35-7760A2298EF6} - c:\rrclient\TPushURL.dll

O9 - Extra 'Tools' menuitem: Send This Page - {8EDE61C0-56A4-422E-9F35-7760A2298EF6} - c:\rrclient\TPushURL.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Arquivos de programas\Lenovo\PkgMgr\PkgMgr.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - (no file)

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0695F163-77CC-11D3-9480-0080C85A6BC8} (NetTrader.NetTraderQuotes) - https://homebroker.shopinvest.com.br/BradHB...e/NetTrader.CAB

O16 - DPF: {4B1A4A31-8845-11D5-9769-00B0D071D434} (Avaya ICM Client) - http://icm.bradesco.com.br/icm/caller.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188760359111

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} -

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://201.65.37.40/activex/AMC.cab

O16 - DPF: {E281E771-5E4C-11D5-B3E8-0040C7A63343} (StopX Control) - http://www.centraldejogos.com.br/StopWeb/StopWeb.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399001} (GbPluginObj Class) - https://bdu.bmb.com.br/plugin/GbPluginBmb.cab

O16 - DPF: {EB68B96F-F024-467B-AA8A-F1D1ADB27A5B} (melhores.DezMelhores) - http://www.shopinvest.com.br/acoes/telaope.../10melhores.CAB

O20 - Winlogon Notify: GbPluginBmb - C:\WINNT\Downloaded Program Files\gbiehbmb.dll

O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll

O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll

O20 - Winlogon Notify: qoMcabaw - C:\WINNT\SYSTEM32\qoMcabaw.dll

O20 - Winlogon Notify: tpfnf2 - C:\WINNT\SYSTEM32\notifyf2.dll

O20 - Winlogon Notify: tphotkey - C:\WINNT\SYSTEM32\tphklock.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Arquivos de programas\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: ComWin Service (ComWinService) - Unknown owner - C:\Program Files\Siemens\HiPath 4000 Expert Access\ComWinSvc.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ProCenterClientInstall - Unknown owner - c:\rrclient\tcisrvc.exe

O23 - Service: RdnaoFlSvc - Unknown owner - C:\Arquivos de programas\rnamfler\naofsvc.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\RUBotted\TMRUBotted.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\arquivos de programas\lenovo\system update\suservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINNT\system32\UTSCSI.EXE

:thumbsup:

Olá Alex! Poste um log do programa HijackThis na sua próxima resposta conforme instruções que você encontra no link abaixo:
http://forum.imasters.com.br/index.php?showtopic=165906

Ficamos no aguardo de sua resposta com o log do HijackThis.