Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Lucas Raal

[Arquivado] Vírus enviando e-mail?

Recommended Posts

O avast toda hora apita avisando o seguinte:

 

Há excessivos e-mails idênticos para o tempo fixado

 

 

Remetente: =?koi8-r?B?Iu/v7yDg7ukt9PLl6uQi?= <prioritizeco15@rotero.com>

Recipiente: <citrix@acropolis.ru>

Assunto: ðÒÅÄÌÁÇÁÅÍ : ÓÕÈÏÅ ÍÏÌÏËÏ, ÓÐÒÜÄ É ÄÒÕÇÕÀ ÍÏÌÏÞÎÕÀ ÐÒÏÄÕËÃÉÀHá excessivos e-mails idênticos para o tempo fixado

 

 

Remetente: =?koi8-r?B?Iu/v7yDg7ukt9PLl6uQi?= <ovalss01@rotex.com>

Recipiente: <citrix@acropolis.ru>; sultant@klg.zemser.ru

 

e também deixa duas opções: Continuar ou Não enviar!

 

 

Meu log do HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:12:44, on 24/6/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS.0\System32\smss.exe

C:\WINDOWS.0\system32\winlogon.exe

C:\WINDOWS.0\system32\services.exe

C:\WINDOWS.0\system32\lsass.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS.0\Explorer.EXE

C:\WINDOWS.0\system32\LEXBCES.EXE

C:\WINDOWS.0\system32\LEXPPS.EXE

C:\WINDOWS.0\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS.0\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS.0\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\WINDOWS.0\system32\cmpe.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS.0\system32\nvsvc32.exe

C:\WINDOWS.0\system32\svchost.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS.0\system32\wscntfy.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS.0\system32\wbem\wmiapsrv.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\ARQUIV~1\FREEDO~1\fdm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\CCleaner\ccleaner.exe

c:\spywarebegone-fs\freescan.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Downloads\Software\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 1.2.3.4 13iii.com

O1 - Hosts: 1.2.3.4 2-spyware.com

O1 - Hosts: 1.2.3.4 247fixes.com

O1 - Hosts: 1.2.3.4 360.cn

O1 - Hosts: 1.2.3.4 360.com

O1 - Hosts: 1.2.3.4 360safe.cn

O1 - Hosts: 1.2.3.4 360safe.com

O1 - Hosts: 1.2.3.4 4-gsmteam.com

O1 - Hosts: 1.2.3.4 51nb.com

O1 - Hosts: 1.2.3.4 Merijn.org

O1 - Hosts: 1.2.3.4 abgenis.net

O1 - Hosts: 1.2.3.4 acs.pandasoftware.com

O1 - Hosts: 1.2.3.4 acs.pandasoftware.com

O1 - Hosts: 1.2.3.4 ad-aware-se.uptodown.com

O1 - Hosts: 1.2.3.4 ad13.geekstogo.com

O1 - Hosts: 1.2.3.4 aknow.prevx.com

O1 - Hosts: 1.2.3.4 alabamawomen.org

O1 - Hosts: 1.2.3.4 alerta-antivirus.inteco.es

O1 - Hosts: 1.2.3.4 alerta-antivirus.inteco.es

O1 - Hosts: 1.2.3.4 alerta-antivirus.red.es

O1 - Hosts: 1.2.3.4 alfrasha.maktoob.com

O1 - Hosts: 1.2.3.4 analysis.seclab.tuwien.ac.at

O1 - Hosts: 1.2.3.4 andymanchesta.com

O1 - Hosts: 1.2.3.4 andymanchesta.com

O1 - Hosts: 1.2.3.4 angui123.cn

O1 - Hosts: 1.2.3.4 anti-virus-softwarereview.

O1 - Hosts: 1.2.3.4 toptenreviews.com

O1 - Hosts: 1.2.3.4 antirootkit.com

O1 - Hosts: 1.2.3.4 antitrick.com

O1 - Hosts: 1.2.3.4 antivir.es

O1 - Hosts: 1.2.3.4 antivirus.about.com

O1 - Hosts: 1.2.3.4 antivirus.comodo.com

O1 - Hosts: 1.2.3.4 ar.answers.yahoo.com

O1 - Hosts: 1.2.3.4 arenajunkies.com

O1 - Hosts: 1.2.3.4 ariefew.com

O1 - Hosts: 1.2.3.4 arswp.com

O1 - Hosts: 1.2.3.4 askmehelpdesk.com

O1 - Hosts: 1.2.3.4 atazita.blogspot.com

O1 - Hosts: 1.2.3.4 auditmypc.com

O1 - Hosts: 1.2.3.4 avast-home.uptodown.com

O1 - Hosts: 1.2.3.4 avast.com

O1 - Hosts: 1.2.3.4 avg-antivirus.net

O1 - Hosts: 1.2.3.4 avast.com

O1 - Hosts: 1.2.3.4 avg-antivirus.net

O1 - Hosts: 1.2.3.4 avg.vo.llnwd.net

O1 - Hosts: 1.2.3.4 avira.com

O1 - Hosts: 1.2.3.4 avp.com

O1 - Hosts: 1.2.3.4 avpclub.ddns.info

O1 - Hosts: 1.2.3.4 avsoft.ru

O1 - Hosts: 1.2.3.4 babooforum.com.br

O1 - Hosts: 1.2.3.4 baike.360.cn

O1 - Hosts: 1.2.3.4 baike.360.com

O1 - Hosts: 1.2.3.4 bakunos.com

O1 - Hosts: 1.2.3.4 bb1.th3kings.net

O1 - Hosts: 1.2.3.4 bbs.360safe.cn

O1 - Hosts: 1.2.3.4 bbs.360safe.cn

O1 - Hosts: 1.2.3.4 bbs.360safe.com

O1 - Hosts: 1.2.3.4 bbs.360safe.com

O1 - Hosts: 1.2.3.4 bbs.cfan.com.cn

O1 - Hosts: 1.2.3.4 bbs.duba.net

O1 - Hosts: 1.2.3.4 bbs.ikaka.com

O1 - Hosts: 1.2.3.4 bbs.kafan.cn

O1 - Hosts: 1.2.3.4 bbs.kafan.com

O1 - Hosts: 1.2.3.4 bbs.kaspersky.com.cn

O1 - Hosts: 1.2.3.4 bbs.kpfans.com

O1 - Hosts: 1.2.3.4 bbs.s-sos.net

O1 - Hosts: 1.2.3.4 bbs.taisha.org

O1 - Hosts: 1.2.3.4 bbs.winzheng.com

O1 - Hosts: 1.2.3.4 beniono.wordpress.com

O1 - Hosts: 1.2.3.4 beta.eset.com

O1 - Hosts: 1.2.3.4 betterantivirus.com

O1 - Hosts: 1.2.3.4 bitdefender.com

O1 - Hosts: 1.2.3.4 bitdefender.es

O1 - Hosts: 1.2.3.4 bleedingthreats.net

O1 - Hosts: 1.2.3.4 bleepingcomputer.com

O1 - Hosts: 1.2.3.4 blindedbytech.com

O1 - Hosts: 1.2.3.4 blog.hispasec.com

O1 - Hosts: 1.2.3.4 blog.rnsafe.com

O1 - Hosts: 1.2.3.4 blog.threatfire.com

O1 - Hosts: 1.2.3.4 blogs.icerocket.com

O1 - Hosts: 1.2.3.4 blogschapines.com

O1 - Hosts: 1.2.3.4 blokvesti.net

O1 - Hosts: 1.2.3.4 board.softpedia.com

O1 - Hosts: 1.2.3.4 blokvesti.net

O1 - Hosts: 1.2.3.4 board.softpedia.com

O1 - Hosts: 1.2.3.4 boardreader.com

O1 - Hosts: 1.2.3.4 box.net

O1 - Hosts: 1.2.3.4 bub.th3kings.net

O1 - Hosts: 1.2.3.4 ca.com

O1 - Hosts: 1.2.3.4 cairopt.net

O1 - Hosts: 1.2.3.4 cairopt.net

O1 - Hosts: 1.2.3.4 castlecops.com

O1 - Hosts: 1.2.3.4 castlecrops.com

O1 - Hosts: 1.2.3.4 cddchiangmai.net

O1 - Hosts: 1.2.3.4 cddchiangmai.net

O1 - Hosts: 1.2.3.4 cert.inteco.es

O1 - Hosts: 1.2.3.4 cfan.com.cn

O1 - Hosts: 1.2.3.4 changedetection.com

O1 - Hosts: 1.2.3.4 changelog.fr

O1 - Hosts: 1.2.3.4 chkrootkit.org

O1 - Hosts: 1.2.3.4 cisrt.org

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [AGCore\Cleanup] "C:\Documents and Settings\Administrador\Configurações locais\Temp\AGCore_Win32MiscCleanup_DELETE_ME.bat"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\herss.exe

O4 - HKCU\..\Run: [bMIMZMHMFM] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Ig1.exe

O4 - HKCU\..\Run: [gbpkm] C:\Documents and Settings\Administrador\mk11.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{63B31630-16BD-4FFE-944F-BCBC0CBFA482}: NameServer = 200.149.55.142 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS.0\system32\cmpe.exe

O23 - Service: Google Update Service (gupdate1caf0b7cb091272) (gupdate1caf0b7cb091272) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS.0\system32\LEXBCES.EXE

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS.0\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

 

--

End of file - 13541 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite....

 

 

1.

*Baixe o HostsXpert e salve-o no desktop

*Extraia para o desktop e execute-o.

*Clique em > [Restore Microsoft's Hosts File]

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite....

 

 

1.

*Baixe o HostsXpert'>http://www.funkytoad.com/download/HostsXpert.zip"]HostsXpert e salve-o no desktop

*Extraia para o desktop e execute-o.

*Clique em > [Restore Microsoft's Hosts File]

 

2.

*Baixe o MalwareBytes'>http://www.malwarebytes.org/mbam/program/mbam-setup.exe"]MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

 

Aqui vai o relatório gerado pelo Anti-Malware:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4237

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

25/6/2010 13:02:51

mbam-log-2010-06-25 (13-02-51).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 248612

Tempo decorrido: 1 hora(s), 9 minuto(s), 7 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 6

Valores de Registro Infectados: 3

Itens de Dados no Registro Infectados: 1

Pastas Infectadas: 3

Arquivos Infectados: 68

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\FlySky (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmimzmhmfm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

C:\Documents and Settings\All Users\Dados de aplicativos\15974374 (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.

C:\WINDOWS.0\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

 

Arquivos Infectados:

C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe28 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe29 (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe30 (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe33 (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe35 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{75C73D51-7581-4D31-B60A-E9F37806E5AF}\RP229\A0419544.exe (Adware.Casino) -> Quarantined and deleted successfully.

C:\WINDOWS.0\pss\ihaupd32.exeStartup (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS.0\pss\zqosys32.exeStartup (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS.0\Temp\msn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS.0\Fonts\windef.Log (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS.0\system32\ctfmon.exe26 (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS.0\system32\ctfmon.exe27 (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\degcjebi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\aaehbifc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\afeieggd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\agjeabha.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\ahacfhbh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\baagcdag.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\bfjefgda.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\bjbajahf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\cebffdah.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\cigaagbh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\dcagiagd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\ijcegahe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\jadjbhci.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\jeacedai.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\jgiiebjh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\jiabjbjg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\reader_s.exe30 (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\eaageafb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\eadeaagd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\ebgbdagd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\edbecahe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\egcijbjh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\ejgbfieb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\fejagbbi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\ffabibbb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\gaiefahg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\gbijifca.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\gcdcjagd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\gdghghfc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\gebgjebi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\gfighefc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\ggcjjbjg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\gjjhfdda.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\hdiijbig.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\hjabjgeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Meus documentos\Camtasia\TechSmith.Camtasia.Studio.v6.0.1.Incl.Keymaker-ZWT www.thegenius.us - Up Zike\keygen.exe (Backdoor.RBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\15974374\15974374.exe34 (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\15974374\15974374.exe39 (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\AISUFU6C\ms[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\DO2NYNLY\d[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\DO2NYNLY\w[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\DO2NYNLY\w[2].bin (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\DO2NYNLY\w[3].bin (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\UTEPC525\w[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\Y5GZAF65\so[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\15974374\15974374 (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS.0\system32\lowsec\user(2)(2).ds (Stolen.data) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Windows Media Player\sistemsph.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Windows Media Player\sistemsph2.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Windows Media Player\skin.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS.0\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS.0\system32\secupdat.dat (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS.0\Temp\wpv441245771011.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS.0\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o USBFix e salve-o no desktop

*Conecte o Pendrive no PC

*Duplo clique em UsbFix

*Clique em [Pesquisa] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

recovery-console-prompt.jpg

 

*Clique em [sIM] para continuar.

 

recovery-console-installed.jpg

 

*Aguarde a conclusão de todas as etapas

 

etapas.jpg

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.