[Arquivado] Problema com Virus

GustavohP · Abril 11, 2010

Ola Pessoal do iMaster

Esse eh meu primeiro topico aki

pena que seja para pedir ajuda sobre virus :(

Bom, esses tempos mandei formatar meu pc em um lugar meio ruim, e o cara instalou o antivirus Solo

gostei q ele eh leve, mas eh mto ruim, ultimamente ele tem pegado esse virus: Backdoor.Mazben.Ax

nao importa quantas vezes eu delete ele, toda vez ele volta

e outra coisa chata tbm eh que nao consigo instalar otro antivirus, nao consigo entrar em modo seguro, varios programas de remoção de virus nao roda, nem programas de reparação no sistema e registro

ta impossivel mexer no pc, cada dia que passa ele fica mais lento

Alguem pode me ajudar ?

Obrigado Fico no Aguardo!

DigRam · Abril 12, 2010

Ola Pessoal do iMaster

Esse eh meu primeiro topico aki

pena que seja para pedir ajuda sobre virus :(

Bom, esses tempos mandei formatar meu pc em um lugar meio ruim, e o cara instalou o antivirus Solo

gostei q ele eh leve, mas eh mto ruim, ultimamente ele tem pegado esse virus: Backdoor.Mazben.Ax

nao importa quantas vezes eu delete ele, toda vez ele volta

e outra coisa chata tbm eh que nao consigo instalar otro antivirus, nao consigo entrar em modo seguro, varios programas de remoção de virus nao roda, nem programas de reparação no sistema e registro

ta impossivel mexer no pc, cada dia que passa ele fica mais lento

Alguem pode me ajudar ?

Obrigado Fico no Aguardo!

//////////////\/\\\\\\\\\\\\\\

Boa Noite! GustavohP

<!> Poste o log do HijackThis,segundo este Tutorial.

< Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! >

<!> Caso tenha dificuldades,leia o seguinte Tutorial:

< Como abrir um Tópico,em Segurança & Malwares >

Abraços!

GustavohP · Abril 12, 2010

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:47:27, on 12/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\explorer.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\SRNMIC~1\SOLOSENT.EXE

C:\SRNMIC~1\SOLOCFG.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\GUSTAV~1\CONFIG~1\Temp\winbmsnpk.exe

C:\DOCUME~1\GUSTAV~1\CONFIG~1\Temp\yhthpy.exe

C:\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [soloSentry] C:\SRNMIC~1\SOLOSENT.EXE

O4 - HKLM\..\Run: [soloSchedule] C:\SRNMIC~1\SOLOCFG.EXE

O4 - HKLM\..\Run: [soloSysCheck] C:\SRNMIC~1\SYSCHECK.COM

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) - http://www.psapoll.com/CopyGuardIE.cab

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VideoAcceleratorService - Unknown owner - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe (file missing)

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--

End of file - 6911 bytes

Ta ai!

DigRam · Abril 13, 2010

Boa Tarde! GustavohP

<@> Baixe: < > Link!

<@> < Link - 2 >

<@> < Link - 3 >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2010-xx-xx (00-00-00).txt + HijackThis,atualizado.

Abraços!

GustavohP · Abril 13, 2010

Log do HiJackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:14:31, on 13/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\DOCUME~1\GUSTAV~1\CONFIG~1\Temp\sxoehu.exe

C:\DOCUME~1\GUSTAV~1\CONFIG~1\Temp\vbxb.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE