[Arquivado] Log do HijackThis

[Willian Oliveira 0]

Bom dia a todos do fórum,

Assim, uso o avast dai hoje ao iniciar o pc, ele disse que eu estava com um virus na memoria.

Tipo: C:\mranjm.exe

Rootkit: Processo Oculto

Outro problema que encontro é que meu MSN entra e depois da um erro e fecha.

o erro é o seguinte:

Windows Live Communications Plalform

Assinatura de erro

AppName: wlcomn.exe AppVer: 14.0.8064.206 ModNome: cvasds0.dll

ModVer: 0.0.0.0 Offset: 000205e5

 

Andei olhando pelo forum e fiz o log do hijackthis e ae segue ele:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:06:56, on 28/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Nova pasta\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Willian Oliveira\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\WILLIA~1\CONFIG~1\Temp\herss.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE2AC613-61C4-4A00-B7BA-E47728441A05}: NameServer = 201.10.1.2,201.10.120.3

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4694 bytes

 

 

Espero que Ajudem

[Power Max 54]

:thumbsup: Olá Willian! Seja bem-vindo ao Fórum Imasters.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do USBFix e salve-o no desktop (área de trabalho):

http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

● Dê um duplo clique no ícone do programa e instale-o clicando em (Next > Aceite o contrato > Next > Next > clique em Sim > clique em Start > Exit);

● Será criado um novo ícone do Usbfix em seu desktop. Dê um duplo clique neste novo ícone para executá-lo;

● Tecle P (para selecionar o idioma português) e pressione a tecla Enter, ou caso você prefira um outro idioma tecle a letra correspondente a este idioma e pressione a tecla Enter, como é mostrado na tela inicial do Usbfix.

● Insira o pen drive ou outra mídia removível que você suspeite que possa estar infectada na porta USB do PC (caso você tenha alguma mídia), tecle 2 e pressione a tecla Enter > Clique em Ok > clique em Ok novamente.

● Será apresentado uma mensagem que seu computador será desligado. Aguarde e espere-o reiniciar;

● O PC será reiniciado. Mantenha o pen drive (ou outra mídia removível) no local. Não remova!!

● Ao reiniciar o PC a ferramenta será executada automaticamente. Apenas aguarde, sem mover o mouse ou usar o teclado. Seja paciente, o escaneamento pode demorar.

● Será aberto o log no bloco de notas automaticamente. O log também estará em C:\UsbFix.txt

 

OBS: Se após reiniciar o seu desktop sumir, tecle Ctrl + Alt + Delete para rodar o gerenciador de tarefas. Clique em Arquivo > Executar nova tarefa, digite: explorer.exe e clique em OK.

__________________________________

 

Faça também o seguinte:

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o log que estará em C:\UsbFix.txt e um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir estes procedimentos acima.

 

Ficamos no aguardo de sua resposta.

 

:seta:

[Willian Oliveira 0]

Vamos la entao

Segue o log do usbfix

 

############################## | UsbFix V6.037 |

 

User : Willian Oliveira (Administradores) # COMPUTADOR

Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8

Start at: 10:02:54 | 29/9/2009

Website : http://pagesperso-orange.fr/NosTools/index.html

 

Intel® Core2 Quad CPU Q6600 @ 2.40GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 7.0.5730.13

Windows Firewall Status : Enabled

AV : avast! antivirus 4.8.1356 [VPS 090928-0] 4.8.1356 [ Enabled | Updated ]

AV : ESET NOD32 sistema antivírus 2.70 2.70 [ Enabled | (!) Outdated ]

 

C:\ -> Disco fixo local # 298,08 Go (289,92 Go free) # NTFS

D:\ -> Disco fixo local # 465,75 Go (361,38 Go free) [Documentos] # NTFS

E:\ -> Disco removível # 493,27 Mo (367,96 Mo free) # FAT32

I:\ -> Disco CD-ROM

 

############################## | Processos activos |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\DOCUME~1\WILLIA~1\CONFIG~1\Temp\cvasds0.dll

Supprimido ! C:\DOCUME~1\WILLIA~1\CONFIG~1\Temp\cvasds1.dll

Supprimido ! C:\DOCUME~1\WILLIA~1\CONFIG~1\Temp\herss.exe

C:\autorun.inf -> ficheiro chamado : "C:\mranjm.exe" ( Presente ! )

Supprimido ! C:\mranjm.exe

Supprimido ! C:\autorun.inf

D:\autorun.inf -> ficheiro chamado : "D:\mranjm.exe" ( Presente ! )

Supprimido ! D:\mranjm.exe

Supprimido ! D:\0xuc.com

Supprimido ! D:\3yalgc.exe

Supprimido ! D:\autorun.inf

Supprimido ! D:\desktop.ini

Supprimido ! D:\lhh3v.exe

Supprimido ! D:\qcod.exe

Supprimido ! D:\w9uxx92.exe

Supprimido ! D:\yudald.bat

E:\autorun.inf -> ficheiro chamado : "E:\mranjm.exe" ( Presente ! )

Supprimido ! E:\mranjm.exe

Supprimido ! E:\autorun.inf

 

################## | Registro # Chaves Run infectieuses |

 

Supprimido ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"

 

################## | Registro # Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{8342e0ac-ac52-11de-8856-001cc03ea1c6}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{afc5c9a2-abce-11de-884d-001cc03ea1c6}\Shell\AutoRun\Command

 

################## | Listing |

 

[27/09/2009 22:22|--a------|0] C:\AUTOEXEC.BAT

[27/09/2009 22:18|---hs----|211] C:\boot.ini

[14/04/2008 08:00|-rahs----|4952] C:\Bootfont.bin

[27/09/2009 22:22|--a------|0] C:\CONFIG.SYS

[27/09/2009 22:22|-rahs----|0] C:\IO.SYS

[27/09/2009 22:33|--a------|197] C:\lan.log

[27/09/2009 22:22|-rahs----|0] C:\MSDOS.SYS

[14/04/2008 08:00|-rahs----|47564] C:\NTDETECT.COM

[14/04/2008 08:00|-rahs----|251696] C:\ntldr

[?|?|?] C:\pagefile.sys

[27/09/2009 22:37|--a------|87] C:\realtek.log

[27/09/2009 22:37|--a------|155] C:\RHDSetup.log

[29/09/2009 10:05|--a------|3566] C:\UsbFix.txt

[?|?|?] D:\Aquarismo Online [AqOL] Ver F¢rum - Montagem e Manuten‡Æo de Aqu rios de µgua Doce.URL

[?|?|?] D:\Aquarismo Online [AqOL] Ver T¢pico - Montando um aqu rio com plantas..URL

[?|?|?] D:\Aquarismo Online [AqOL] Ver T¢pico - Projeto de Novo Aqua 300L c Sump e Overflow Box.URL

[27/09/2009 14:55|--a------|164] D:\Fazendo um Carpete de Riccia.URL

[04/07/2009 19:29|-rahs----|0] D:\khu

[27/09/2009 14:55|--a------|62] D:\MBREDA - Loja Virtual.URL

[10/12/2008 17:08|--a------|30777704] D:\Placar_1925_Dez2008.pdf

[27/09/2009 14:55|--a------|101] D:\Redirect Games - Baixar Games Completos, ISO, RIP, Games para Download, Patches, Cracks Pro Evolution Soccer - PC - 3 Partes.URL

[27/09/2009 14:55|--a------|100] D:\Revista Placar - Grandes ReportagensÿÿGREMIO COPERO.URL

[27/09/2009 14:55|--a------|135] D:\R dio Atlƒntida FM.URL

 

################## | Vaccinação |

 

# C:\autorun.inf -> Folder created by UsbFix.

# D:\autorun.inf -> Folder created by UsbFix.

# E:\autorun.inf -> Folder created by UsbFix.

 

################## | Upload |

 

Favor enviar o arquivo : C:\DOCUME~1\WILLIA~1\Desktop\UsbFix_Upload_Me_COMPUTADOR.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php

Obrigado pela sua contribuição .

 

 

Do malwarebytes

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2870

Windows 5.1.2600 Service Pack 3 (Safe Mode)

 

29/9/2009 12:26:11

mbam-log-2009-09-29 (12-26-11).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 203093

Tempo decorrido: 26 minute(s), 36 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 8

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\UsbFix\Quarantine\D\3yalgc.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\UsbFix\Quarantine\D\lhh3v.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\UsbFix\Quarantine\D\qcod.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.

C:\UsbFix\Quarantine\D\yudald.bat.UsbFix (Trojan.GameThief) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{A31120FC-B50E-4479-9EF0-F3C9BB9EEFB3}\RP11\A0012885.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{A31120FC-B50E-4479-9EF0-F3C9BB9EEFB3}\RP11\A0012956.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{A31120FC-B50E-4479-9EF0-F3C9BB9EEFB3}\RP11\A0012957.exe (Worm.Magania) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{A31120FC-B50E-4479-9EF0-F3C9BB9EEFB3}\RP11\A0012959.bat (Trojan.GameThief) -> Quarantined and deleted successfully.

 

e do hijachkthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:47:20, on 29/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Mobile PhoneTools\mPhonetools.exe

C:\Documents and Settings\Willian Oliveira\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Willian Oliveira\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Willian Oliveira\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Willian Oliveira\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Willian Oliveira\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Willian Oliveira\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

D:\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Willian Oliveira\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F433BFF-5326-4CE1-829E-63608B87F1C8}: NameServer = 200.169.116.23 200.169.119.22

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE2AC613-61C4-4A00-B7BA-E47728441A05}: NameServer = 201.10.1.2,201.10.120.3

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5814 bytes

 

 

Kra tae, assim foi detectado virus nesse usbfix, ele crio um zip na area de trabalho e la tinha trojan :S

o que faço agora?

o msn ta funcionando OK

e nao deu mais os erros de virus na memoria ram

mais to com medo desses trojan que foi detectado

Ajuda ae :D

[Bruna Marcela 0]

Estou com o mesmo problema. No meu caso, o mranjm.exe foi detectado pelo USB Firewall nos dois dispositivos (camera card e pen drive) que conectei ao computador. Porém acho que liberei o autorun de um desses dispositivos e acredito que tenha executado o virus, pois apareceram varios arquivos estranhos no meu usuario (como ntuser.dat, por exemplo). Executei primeiro o Combo fix, depois o usbfix e por ultimo o malwarebytes. Seguem os logs. Espero ansiosamente por uma ajuda de vocês!!!!!

 

Grata,

 

Bruna Marcela.

 

 

COMBOFIX:

 

ComboFix 09-09-27.05 - Bruna Marcela 28/09/2009 17:54.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.55.1046.18.3002.1910 [GMT -3:00]

Executando de: c:\users\Bruna Marcela\Downloads\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2565894505-2914316380-879554357-500

c:\$recycle.bin\S-1-5-21-3375890411-3288990355-2692903690-500

c:\program files\Mx One

c:\program files\Mx One\info.ini

c:\program files\Mx One\mogtr.exe

c:\program files\Mx One\mxone.ini

c:\program files\Mx One\update.exe

c:\program files\Search Settings

c:\windows\Installer\179c9b.msi

c:\windows\Installer\1bc75.msi

c:\windows\Installer\1bc79.msi

c:\windows\Installer\1bc7d.msi

c:\windows\Installer\1bc81.msi

c:\windows\Installer\1bc85.msi

c:\windows\system32\oem7.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_.norton2009Reset

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-28 to 2009-09-28 ))))))))))))))))))))))))))))

.

 

2009-09-27 20:32 . 2009-09-27 20:32 -------- d-----w- c:\windows\system32\ca-ES

2009-09-27 20:32 . 2009-09-27 20:32 -------- d-----w- c:\windows\system32\eu-ES

2009-09-27 20:32 . 2009-09-27 20:32 -------- d-----w- c:\windows\system32\vi-VN

2009-09-27 19:46 . 2009-04-11 06:28 355328 ----a-w- c:\windows\system32\WSDApi.dll

2009-09-27 19:46 . 2009-02-18 18:39 779136 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2009-09-27 19:46 . 2009-02-18 18:39 41344 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2009-09-27 19:46 . 2009-02-18 18:39 35680 ----a-w- c:\windows\system32\TsWpfWrp.exe

2009-09-27 19:46 . 2009-02-18 18:39 323952 ----a-w- c:\windows\system32\PresentationHost.exe

2009-09-27 19:44 . 2009-04-11 06:28 867328 ----a-w- c:\windows\system32\wmpmde.dll

2009-09-27 19:43 . 2009-04-11 06:28 177664 ----a-w- c:\windows\system32\WSDMon.dll

2009-09-27 19:42 . 2009-04-11 06:28 677376 ----a-w- c:\windows\system32\imapi2fs.dll

2009-09-27 19:21 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2009-09-27 19:21 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-09-27 19:21 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-27 19:21 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-09-27 19:21 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-09-27 19:21 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll

2009-09-27 19:21 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll

2009-09-27 19:21 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

2009-09-27 18:52 . 2009-09-27 18:52 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-27 18:49 . 2009-09-27 18:50 -------- d-----w- c:\windows\system32\EventProviders

2009-09-25 13:55 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll

2009-09-24 19:03 . 2009-09-24 19:03 -------- d-----w- c:\program files\CCleaner

2009-09-24 19:02 . 2009-09-24 19:02 -------- d-----w- c:\program files\Marcos Velasco Security

2009-09-24 18:32 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-09-24 18:32 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-09-24 18:32 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-09-24 18:32 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-09-24 18:32 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-09-24 18:32 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-09-24 18:32 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-09-24 18:32 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-09-24 18:32 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-09-24 18:32 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe

2009-09-24 18:32 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll

2009-09-24 18:31 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll

2009-09-24 18:30 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-09-24 18:22 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll

2009-09-24 18:22 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-09-24 18:22 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-09-24 18:22 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2009-09-24 18:22 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll

2009-09-24 18:22 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll

2009-09-24 18:21 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-09-24 18:21 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll

2009-09-24 18:21 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-09-24 18:21 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-09-24 18:21 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-09-24 18:21 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll

2009-09-24 18:21 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll

2009-09-24 18:21 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll

2009-09-24 18:21 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe

2009-09-24 18:21 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe

2009-09-24 18:21 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll

2009-09-24 18:16 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-09-24 18:16 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-09-24 18:16 . 2009-04-11 06:28 53248 ----a-w- c:\windows\system32\tsgqec.dll

2009-09-24 18:16 . 2009-04-11 06:28 136192 ----a-w- c:\windows\system32\aaclient.dll

2009-09-24 11:36 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-24 11:36 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-24 11:36 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-24 11:36 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-24 11:36 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-24 11:35 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-24 11:35 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-09-21 15:08 . 2009-09-21 15:25 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\Corel

2009-09-17 16:19 . 2009-09-17 16:19 -------- d-----w- c:\users\Bruna Marcela\Office Genuine Advantage

2009-09-15 18:11 . 2009-09-15 18:11 -------- d-----w- c:\users\Public\Office Genuine Advantage

2009-09-15 18:08 . 2009-09-21 17:01 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\Any Video Converter

2009-09-15 18:08 . 2009-09-15 18:08 -------- d-----w- c:\program files\Any Video Converter

2009-09-15 18:03 . 2009-09-15 18:03 -------- d-----w- c:\programdata\DVD Shrink

2009-09-15 12:03 . 2009-09-15 12:03 -------- d-----w- c:\program files\VDOWNLOADER

2009-09-10 01:32 . 2009-09-10 01:32 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-09-08 16:21 . 2009-09-09 02:40 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\uTorrent

2009-09-07 20:33 . 2009-09-08 13:39 -------- d-----w- c:\programdata\MyVirtualHome

2009-09-07 20:33 . 2009-09-08 13:39 -------- d-----w- c:\program files\MyVirtualHome

2009-09-07 16:12 . 2009-09-09 02:41 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2009-09-07 16:12 . 2009-09-07 16:12 -------- d-----w- c:\program files\DVDVideoSoft

2009-09-05 12:46 . 2009-09-12 19:31 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\HpUpdate

2009-09-02 19:25 . 2009-09-05 12:43 -------- d-----w- c:\users\Bruna Marcela\RAMALHO - GOLDFRAPP

2009-08-31 23:53 . 2009-08-31 23:53 -------- d-----w- c:\program files\Synaptics

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-28 21:07 . 2009-06-02 07:05 634222 ----a-w- c:\windows\system32\prfh0416.dat

2009-09-28 21:07 . 2009-06-02 07:05 121888 ----a-w- c:\windows\system32\prfc0416.dat

2009-09-28 17:10 . 2009-09-28 17:10 -------- d-----w- c:\program files\Lexmark 1200 Series

2009-09-28 17:08 . 2009-07-02 19:43 106944 ----a-w- c:\users\Bruna Marcela\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-27 20:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar

2009-09-27 20:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar

2009-09-27 20:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration

2009-09-27 20:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-09-27 20:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery

2009-09-27 20:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender

2009-09-27 20:28 . 2009-09-27 20:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf

2009-09-27 19:35 . 2009-08-27 20:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-09-27 18:51 . 2009-06-02 04:13 -------- d-----w- c:\program files\Java

2009-09-25 13:50 . 2009-06-02 03:57 -------- d-----w- c:\programdata\Microsoft Help

2009-09-24 21:48 . 2009-08-27 20:36 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-24 18:57 . 2009-08-13 15:30 -------- d-----w- c:\program files\Windows Installer Clean Up

2009-09-24 18:56 . 2009-07-02 23:22 -------- d-----w- c:\program files\MSECache

2009-09-24 18:45 . 2009-07-06 20:23 -------- d-----w- c:\program files\Norton Internet Security

2009-09-24 11:15 . 2009-06-02 03:20 -------- d-----w- c:\programdata\Norton

2009-09-24 11:15 . 2009-06-02 03:45 -------- d-----w- c:\program files\Microsoft Works

2009-09-24 11:15 . 2009-07-06 20:24 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-09-24 11:15 . 2009-07-02 20:59 -------- d-----w- c:\program files\eMule

2009-09-24 11:14 . 2009-06-02 04:16 -------- d-----w- c:\program files\HP

2009-09-24 11:14 . 2009-06-02 04:00 -------- d-----w- c:\program files\Common Files\Adobe

2009-09-21 21:56 . 2009-08-11 02:16 6080 ----a-w- c:\users\Bruna Marcela\AppData\Local\d3d9caps.dat

2009-09-18 11:56 . 2009-07-09 03:11 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\Skype

2009-09-18 11:56 . 2009-07-14 02:29 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\skypePM

2009-09-17 15:27 . 2009-09-16 14:07 -------- d-----w- c:\program files\Google

2009-09-17 14:29 . 2009-09-17 14:29 -------- d-----w- c:\programdata\Yahoo! Companion

2009-09-17 14:07 . 2009-09-17 01:49 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\Nero

2009-09-17 01:32 . 2009-09-17 01:05 -------- d-----w- c:\program files\Common Files\Nero

2009-09-17 01:11 . 2009-09-17 01:05 -------- d-----w- c:\programdata\Nero

2009-09-16 19:08 . 2009-09-16 19:08 -------- d-----w- c:\program files\Yahoo!

2009-09-16 16:00 . 2009-09-16 16:00 -------- d-----w- c:\programdata\WindowsSearch

2009-09-16 14:09 . 2009-09-16 14:09 -------- d-----w- c:\program files\Common Files\Real

2009-09-16 14:09 . 2009-09-16 14:09 -------- d-----w- c:\program files\Real

2009-09-08 13:39 . 2009-06-02 03:18 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-05 13:30 . 2009-07-02 21:27 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\CyberLink

2009-08-29 00:27 . 2009-09-24 18:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-29 00:14 . 2009-09-24 18:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-13 15:10 . 2009-07-02 19:43 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\hewlett-packard

2009-08-13 15:02 . 2009-06-02 03:18 -------- d-----w- c:\programdata\Hewlett-Packard

2009-08-13 14:57 . 2009-08-13 14:55 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\muvee Technologies

2009-08-13 14:55 . 2009-08-13 14:55 -------- d-----w- c:\programdata\muvee Technologies

2009-08-13 01:16 . 2009-07-03 21:08 -------- d-----w- c:\programdata\eMule

2009-08-13 00:35 . 2009-08-12 22:12 -------- d-----w- c:\programdata\SpeedBit

2009-08-10 18:41 . 2009-08-06 14:28 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\Free Download Manager

2009-08-05 15:55 . 2009-07-29 01:34 -------- d-----w- c:\program files\PDF Editor 2

2009-08-05 15:54 . 2009-08-04 23:55 -------- d-----w- c:\program files\Firebird 2.0

2009-08-05 13:56 . 2009-08-05 13:03 -------- d-----w- c:\programdata\Activ Software

2009-08-03 18:07 . 2009-08-03 18:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 18:07 . 2009-08-03 18:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 18:07 . 2009-08-03 18:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-21 21:52 . 2009-09-24 18:13 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-09-24 18:13 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-09-24 18:13 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-09-24 18:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-15 12:40 . 2009-09-24 18:13 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-07-15 12:39 . 2009-09-24 18:13 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-15 12:39 . 2009-09-24 18:13 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-07-15 12:39 . 2009-09-24 18:13 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-07-14 02:29 . 2009-07-14 02:29 56 ---ha-w- c:\programdata\ezsidmv.dat

2009-07-06 20:24 . 2009-07-06 20:24 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-07-06 20:24 . 2009-07-06 20:24 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2009-07-04 13:28 . 2009-07-02 21:47 96 --sh--w- c:\windows\SCC21B33F.tmp

2009-07-04 13:09 . 2009-07-04 13:09 952 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-07-02 21:59 . 2009-07-02 21:59 0 ----a-w- c:\windows\nsreg.dat

2009-06-02 07:25 . 2009-06-02 07:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-09 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-09 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-09 154136]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 217088]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-26 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-27 149280]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"USBFW"="c:\program files\Net Studio\USB FireWall\USB FireWall.exe" [2008-09-01 1330688]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):00,50,26,3c,b2,3f,ca,01

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{42C57809-5C44-43B5-88AC-512EAD322193}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{365F5476-3770-4FAB-9EDF-B7663FAABDBD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{126123D0-CD30-4B2F-8631-6B3EE67827FE}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{64356B39-8484-4C0A-AEA9-D5B679F1C7D4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{E7450822-176F-4B14-8B42-709BF0B09CA3}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{5BF755E3-784C-4D6E-B3F2-91D3937AB334}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BBD5E2FE-EE41-4BE2-A170-6F1B47426F98}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{316408B3-9E3C-425C-AD97-0B95EAF21803}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{B580332B-10A9-4235-851F-A69B914D2995}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{8AC235A2-5CE1-4D74-AA7C-C0D967E60D24}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{4A703967-7C31-49EA-A64A-90918D44CF34}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"TCP Query User{4AFFAE5E-93C7-453F-91BC-BC0FA0B31DD2}c:\\program files\\microsoft office\\office12\\winword.exe"= UDP:c:\program files\microsoft office\office12\winword.exe:Microsoft Office Word

"UDP Query User{3E86406F-B1EB-4F48-8DEF-B9410C7916C9}c:\\program files\\microsoft office\\office12\\winword.exe"= TCP:c:\program files\microsoft office\office12\winword.exe:Microsoft Office Word

"{9EEBE430-E0BA-44F1-B703-16630A5AAB3C}"= UDP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System

"{291960B9-68FB-4538-BE87-C1D07D52DDB9}"= TCP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System

 

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1000000.07D\SymEFA.sys [06/07/2009 17:24 309296]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [24/09/2009 08:36 114768]

R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1000000.07D\ccHPx86.sys [06/07/2009 17:24 362544]

R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSVix86.sys [06/07/2009 17:24 289840]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe [02/06/2009 02:32 77824]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [24/09/2009 08:36 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [24/09/2009 08:35 53328]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [02/06/2009 01:16 365952]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [24/09/2009 18:45 1153368]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [28/04/2008 22:54 54784]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [15/07/2008 05:20 112128]

R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [21/07/2008 07:53 100184]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1000000.07D\BHDrvx86.sys [06/07/2009 17:24 254512]

S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [06/07/2009 17:24 115560]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [06/07/2009 15:44 55280]

S3 fsssvc;Windows Live Proteção para a Família;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1000000.07D\symndisv.sys [06/07/2009 17:24 40496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-09-28 c:\windows\Tasks\User_Feed_Synchronization-{A734DB46-0FB2-44B1-A2A9-EC90ADAD4A57}.job

- c:\windows\system32\msfeedssync.exe [2009-09-24 20:13]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=91&bd=Presario&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=91&bd=Presario&pf=cnnb

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: {FE17C6F6-2B76-4A43-B657-BDEFF6582ADD} = 200.223.0.84,200.222.0.34

FF - ProfilePath - c:\users\Bruna Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\4wqypct6.default\

FF - prefs.js: browser.startup.homepage - www.globo.com

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-28 18:22

Windows 6.0.6002 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\wlanext.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\System32\agrsmsvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\lxczcoms.exe

c:\windows\System32\PSIService.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-09-28 18:25 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-09-28 21:25

 

Pré-execução: 54.740.869.120 bytes disponíveis

Pós execução: 54.310.739.968 bytes disponíveis

 

325 --- E O F --- 2009-09-28 15:02

 

 

 

 

 

 

 

 

 

 

USBFIX:

 

 

############################## | UsbFix V6.037 |

 

User : Bruna Marcela (Administradores) # CASA

Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8

Start at: 12:50:21 | 29/09/2009

Website : http://pagesperso-orange.fr/NosTools/index.html

 

Pentium® Dual-Core CPU T4200 @ 2.00GHz

Microsoft® Windows Vista™ Home Basic (6.0.6002 32-bit) # Service Pack 2

Internet Explorer 8.0.6001.18813

Windows Firewall Status : Enabled

 

C:\ -> Local Fixed Disk # 140,23 Go (49,78 Go free) # NTFS

D:\ -> Local Fixed Disk # 8,82 Go (1,63 Go free) [RECOVERY] # NTFS

E:\ -> CD-ROM Disc # 2,97 Go (0 Mo free) [bRUNA] # CDFS

F:\ -> Removable Disk # 969,72 Mo (853,69 Mo free) [sONYDSC-W55] # FAT

G:\ -> Removable Disk

 

############################## | Processos activos |

 

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\LogonUI.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\lxczcoms.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\PSIService.exe

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\runonce.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\autorun.inf

Supprimido ! D:\autorun.inf

Supprimido ! D:\desktop.ini

 

################## | Registro # Chaves Run infectieuses |

 

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

 

################## | Registro # Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{19683104-6a72-11de-9e28-0025b3a0f252}\Shell\AutoRun\Command

 

################## | Listing |

 

[18/09/2006 18:43|--a------|24] C:\autoexec.bat

[11/04/2009 03:36|-rahs----|333257] C:\bootmgr

[28/09/2009 18:25|--a------|25709] C:\ComboFix.txt

[18/09/2006 18:43|--a------|10] C:\config.sys

[02/07/2009 19:27|-rahs----|0] C:\IO.SYS

[02/07/2009 19:27|-rahs----|0] C:\MSDOS.SYS

[27/06/2009 07:19|--a------|432128] C:\Mx One.exe

[29/04/2007 14:11|--ah-----|9662] C:\mxone.ico

[06/07/2009 18:10|--ahs----|12] C:\mxone.ini

[?|?|?] C:\pagefile.sys

[29/09/2009 12:55|--a------|3773] C:\UsbFix.txt

[02/07/2009 16:37|---hs----|13] D:\BLOCK.RIN

[03/10/2006 20:02|---hs----|438328] D:\bootmgr

[10/09/2002 13:14|---hs----|8134] D:\Folder.htt

[29/09/2009 12:50|--ahs----|210] D:\MASTER.LOG

[12/09/2008 14:18|---hs----|156098] D:\protect.arabic

[15/09/2008 13:06|---hs----|151163] D:\protect.bulgarian

[12/09/2008 14:22|---hs----|149947] D:\protect.chinese hong kong

[12/09/2008 14:30|---hs----|150503] D:\protect.chinese simplified

[12/09/2008 14:30|---hs----|149947] D:\protect.chinese traditional

[12/09/2008 14:31|---hs----|149591] D:\protect.czech

[12/09/2008 14:31|---hs----|148911] D:\protect.danish

[12/09/2008 14:32|---hs----|148212] D:\protect.dutch

[12/09/2008 14:32|---hs----|148950] D:\protect.ed

[12/09/2008 14:32|---hs----|148952] D:\protect.english

[12/09/2008 14:32|---hs----|148000] D:\protect.finnish

[12/09/2008 14:33|---hs----|147655] D:\protect.french

[12/09/2008 14:33|---hs----|147825] D:\protect.german

[12/09/2008 14:33|---hs----|152670] D:\protect.greek

[12/09/2008 14:34|---hs----|155060] D:\protect.hebrew

[12/09/2008 14:34|---hs----|148303] D:\protect.hungarian

[12/09/2008 14:35|---hs----|147443] D:\protect.italian

[12/09/2008 14:35|---hs----|151323] D:\protect.japanese

[12/09/2008 14:35|---hs----|158134] D:\protect.korean

[12/09/2008 14:36|---hs----|147950] D:\protect.norwegian

[12/09/2008 14:36|---hs----|149293] D:\protect.polish

[12/09/2008 14:36|---hs----|148077] D:\protect.portuguese

[12/09/2008 14:36|---hs----|148808] D:\protect.portuguese brazilian

[15/09/2008 13:06|---hs----|152201] D:\protect.romanian

[12/09/2008 14:37|---hs----|148947] D:\protect.russian

[12/09/2008 14:37|---hs----|149967] D:\protect.slovak

[12/09/2008 14:37|---hs----|147739] D:\protect.spanish

[12/09/2008 14:38|---hs----|148308] D:\protect.swedish

[12/09/2008 14:38|---hs----|149334] D:\protect.turkish

[ |-r-h-----|0] F:\MEMSTICK.IND

[ |-r-h-----|0] F:\MSTK_PRO.IND

[16/09/2007 12:30|--ah-----|128] F:\.SonyVID

[19/12/2007 14:21|--ah-----|296] F:\WMPInfo.xml

 

################## | Vaccinação |

 

# C:\autorun.inf -> Folder created by UsbFix.

# D:\autorun.inf -> Folder created by UsbFix.

# F:\autorun.inf -> Folder created by UsbFix.

 

################## | Upload |

 

Favor enviar o arquivo : C:\Users\BRUNAM~1\Desktop\UsbFix_Upload_Me_Casa.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.037 ! |

 

 

 

 

MALWAREBYTES:

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2871

Windows 6.0.6002 Service Pack 2 (Safe Mode)

 

29/09/2009 13:59:28

mbam-log-2009-09-29 (13-59-28).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 293280

Tempo decorrido: 44 minute(s), 17 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Users\Bruna Marcela\Downloads\mxone - antivirus para disp usb.exe (Rogue.MxOneAntivirus) -> Quarantined and deleted successfully.

[Power Max 54]

Estou com o mesmo problema. No meu caso, o mranjm.exe foi detectado pelo USB Firewall nos dois dispositivos (camera card e pen drive) que conectei ao computador. Porém acho que liberei o autorun de um desses dispositivos e acredito que tenha executado o virus, pois apareceram varios arquivos estranhos no meu usuario (como ntuser.dat, por exemplo). Executei primeiro o Combo fix, depois o usbfix e por ultimo o malwarebytes. Seguem os logs. Espero ansiosamente por uma ajuda de vocês!!!!!

 

Grata,

 

Bruna Marcela.

:thumbsup: Olá Bruna Marcela! Seja bem-vinda ao Fórum Imasters.

 

Para que possamos auxiliá-la na solução do seu problema é preciso que você crie um tópico próprio para você. Para isto vá no endereço abaixo:

http://forum.imasters.com.br/index.php?/forum/77-seguranca-malwares/

 

Quando você acessar o endereço acima, clique no botão Novo tópico > aí é só dar um título para o seu tópico e postar estes logs do Hijackthis, Combofix e Usbfix e conte neste seu tópico os problemas que estão acontecendo com o seu PC. Aí é só ir seguindo as dicas que os analistas irão te passar.

__________________________________

 

o msn ta funcionando OK

e nao deu mais os erros de virus na memoria ram

:thumbsup: Olá William!

 

Fico feliz que os problemas do seu PC estão sendo resolvidos.

 

Kra tae, assim foi detectado virus nesse usbfix, ele crio um zip na area de trabalho e la tinha trojan :S

mais to com medo desses trojan que foi detectado

o que faço agora?

Pode ficar tranquilo, pois este programa Usbfix é totalmente seguro. Isto é um falso-positivo do antivirus, é um engano por parte dele. Isto acontece muito nestas ferramentas de remoção de virus como o Combofix, Usbfix, Smitfraudfix, etc, que mesmo sendo muito seguras, os antivirus costumam dizer que há virus nelas, mas como lhe disse pode ficar sossegado pois elas são totalmente seguras.

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.