[Resolvido!] TR/Spy.Banker.gen

[.nana 0]

Olá Pessoal,

 

Estou com um problemão...Peguei esse TR/Spy.Banker.gen e não entendo muito dessas coisas...

Já tentei de tudo para remover, o Bankerfix e etc...Uso o avira no meu PC. Já movi para quarentena mas ele continua a acusar o vírus (ou seja lá o que for) sempre quando tento compilar meu programa no delphi ou C#.

 

Por favor me ajudem...

[wings 22]

*Baixe o HijackThis e salve-o no desktop

*Execute-o

*Clique em [Do a system scan and save a logfile].

*Cole o relatório

[.nana 0]

Obrigada por responder wings...^^

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:21:00, on 23/7/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ralink\Common\RaUI.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\LogWatNT.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\ARQUIV~1\MI6841~1\MSSQL\binn\sqlservr.exe

C:\Arquivos de programas\Ralink\Common\RaRegistry.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\dllhost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\isqlw.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

c:\arquivos de programas\avira\antivir desktop\avcenter.exe

C:\Documents and Settings\Usuario\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terratv.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Arquivos de programas\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Arquivos de programas\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Arquivos de programas\pdfforge Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\Ralink\Common\RaUI.exe

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Arquivos de programas\Ralink\Common\RaRegistry.exe

[wings 22]

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe

*Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa.

*Cole o relatório criado em C:\Ad-Report-CLEAN.log

[.nana 0]

======= REPORT FROM AD-REMOVER 2.0.0.1,D | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 21/07/10 at 14:00

Contact: AdRemover.contact[AT]gmail.com

website: http://pagesperso-orange.fr/NosTools/ad_remover.html

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 13:31:53 on 23/07/2010, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

Usuario@CLARY ( )

 

============== ACTION(S) ==============

 

Service: "Application Updater" Service stopped and deleted

 

0,Folder deleted: C:\Arquivos de programas\Application Updater

0,Folder deleted: C:\Documents and Settings\Usuario\Dados de aplicativos\pdfforge

0,Folder deleted: C:\Arquivos de programas\pdfforge Toolbar

0,Folder deleted: C:\Documents and Settings\Usuario\Dados de aplicativos\Search Settings

3,File deleted: C:\WINDOWS\Installer\19c12be.msi

 

(!) -- Temporary files deleted.

 

 

1,Key deleted: HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}

1,Key deleted: HKLM\Software\Classes\CLSID\{FEF0DA24-395C-4110-A540-2BFD2CF1869B}

0,Key deleted: HKLM\Software\Application Updater

0,Key deleted: HKLM\Software\pdfforge

0,Key deleted: HKLM\Software\Search Settings

0,Key deleted: HKCU\Software\pdfforge

0,Key deleted: HKCU\Software\Search Settings

0,Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings

 

0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}

 

 

============== ADDITIONNAL SCAN ==============

 

** Internet Explorer Version [8.0.6001.18702] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 27 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 13 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 23/07/2010 (897 Byte(s))

 

End at: 13:40:28, 23/07/2010

 

============== E.O.F ==============

[wings 22]

1.

*Execute novamente o AD-Remover

*Clique em [uninstall]

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[.nana 0]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4341

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

23/7/2010 16:53:35

mbam-log-2010-07-23 (16-53-35).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 241803

Tempo decorrido: 2 hora(s), 36 minuto(s), 24 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 2

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\System Volume Information\_restore{1C276626-123F-479D-9E38-97AEA973CE83}\RP144\A0080273.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C276626-123F-479D-9E38-97AEA973CE83}\RP144\A0080277.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

[wings 22]

*Baixe o DDS e salve-o no desktop

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio > clique na opção "Avira Guard enable".

*Duplo clique em dds e aguarde. Salve os relatórios no desktop

*Cole o relatório criado em DDS.txt

[.nana 0]

DDS (Ver_10-03-17.01) - NTFSx86

Run by Usuario at 8:24:31,57 on seg 26/07/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1983.1261 [GMT -3:00]

 

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ralink\Common\RaUI.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\LogWatNT.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\ARQUIV~1\MI6841~1\MSSQL\binn\sqlservr.exe

C:\Arquivos de programas\Ralink\Common\RaRegistry.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Usuario\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uWindow Title =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [Google Update] "c:\documents and settings\usuario\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [VTTimer] VTTimer.exe

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun

mRun: [VX1000] c:\windows\vVX1000.exe

mRun: [LifeCam] "c:\arquivos de programas\microsoft lifecam\LifeExp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ralink~1.lnk - c:\arquivos de programas\ralink\common\RaUI.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\servic~1.lnk - c:\arquivos de programas\microsoft sql server\80\tools\binn\sqlmangr.exe

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-22 64288]

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2010-7-22 11608]

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2010-3-19 3026]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2010-7-22 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2010-7-22 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-22 60936]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\lavasoft\ad-aware\AAWService.exe [2010-2-5 1352832]

R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2000-6-8 50176]

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\arquivos de programas\ralink\common\RaRegistry.exe [2010-1-21 185632]

R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2010-1-21 19072]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

 

=============== Created Last 30 ================

 

2010-07-23 16:59:25 0 d-----w- c:\docume~1\usuario\dadosd~1\Malwarebytes

2010-07-23 16:58:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-23 16:58:26 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2010-07-23 16:58:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-23 16:58:25 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-07-23 12:55:24 0 d-----w- C:\LinhaDefensiva

2010-07-23 12:36:39 178597 ----a-w- C:\51942_bankerfix_30.exe

2010-07-22 21:02:15 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-07-22 16:03:59 0 d-----w- c:\docume~1\usuario\dadosd~1\Avira

2010-07-22 15:19:36 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-07-22 15:19:23 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Avira

2010-07-22 15:19:23 0 d-----w- c:\arquivos de programas\Avira

2010-07-22 13:39:11 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-07-22 13:39:07 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-22 13:21:20 0 dc-h--w- c:\docume~1\alluse~1\dadosd~1\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-07-22 13:20:35 0 d-----w- c:\arquivos de programas\Lavasoft

2010-07-21 18:24:42 0 d-----w- c:\windows\system32\NtmsData

2010-07-16 18:35:05 0 d-----w- c:\arquivos de programas\Free Screen Video Capture by Topviewsoft

2010-07-12 16:13:24 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-07-12 16:13:24 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-12 13:58:04 0 d-----w- C:\Clock 2010

2010-07-12 13:45:00 0 d-----w- C:\Instalador C#

2010-06-30 18:07:44 0 d-----w- c:\docume~1\alluse~1\dadosd~1\PreEmptive Solutions

2010-06-30 18:02:40 0 d-----w- c:\arquivos de programas\CE Remote Tools

2010-06-30 18:02:40 0 d-----w- c:\arquivos de programas\arquivos comuns\Merge Modules

2010-06-30 17:26:01 0 d-----w- c:\arquivos de programas\VS 2008

2010-06-30 16:02:49 0 d-----w- C:\crystalreportviewers12

2010-06-29 14:40:08 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Microsoft Visual Studio

2010-06-29 13:47:36 0 d-----w- c:\arquivos de programas\Microsoft Help Viewer

2010-06-29 13:47:35 0 d-----w- c:\arquivos de programas\Microsoft Visual Studio 10.0

2010-06-29 13:29:21 0 d-----w- c:\arquivos de programas\VS 2010

2010-06-28 13:39:37 165 ----a-w- c:\windows\system32\spupdsvc.inf

2010-06-28 13:38:49 4445184 -c----w- c:\windows\system32\dllcache\msi.dll

 

 

==================== Find3M ====================

 

2010-07-22 17:17:49 3741082 ----a-r- c:\arquivos de programas\ComboFix.exe

2010-06-29 18:20:14 548500 ----a-w- c:\windows\system32\perfh016.dat

2010-06-29 18:20:14 102556 ----a-w- c:\windows\system32\perfc016.dat

2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-31 20:02:42 1722880 ----a-w- c:\arquivos de programas\ZuneDesktopTheme.msi

2010-05-19 18:38:21 17776464 ----a-w- c:\arquivos de programas\PDFCreator-0_9_9_setup.exe

2010-05-06 10:34:18 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:02:58 1860480 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 18:38:30 4605633 ----a-w- c:\arquivos de programas\JVCSv2.45ClientSetup.exe

2010-03-24 18:03:52 42281152 ----a-w- c:\arquivos de programas\avira_antivir_personal_en.exe

2010-01-21 18:00:47 2815724 ----a-w- c:\arquivos de programas\wrar391br.exe

2009-10-01 19:53:39 9069504 ----a-w- c:\arquivos de programas\mssefullinstall-x86fre-pt-br-xp.exe

2005-09-15 12:22:18 1172280 ----a-w- c:\arquivos de programas\isetup-5.1.5.exe

 

============= FINISH: 8:25:49,34 ===============

[.nana 0]

Olá wings,

 

O Avira está detectando esse vírus em um arquivo...

eu coloquei para verificar no www.virustotal.com

e de 42 antivirus só o Avira detectou.

Acho que pode ser falso positivo.

[wings 22]

Tem certeza que o arquivo era esse mesmo?

 

Caso tenha certeza, é bem provável que trata-se de um falso positivo.

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.