[Arquivado] &nbspPc Com Virus ( analise de log )

RhuanAlmeida · Março 12, 2011

Galera Acho Q meu pc tah com virus , ele trava as vezes qnd eu abro as pastas alguem ajuda ae ? tah ai o log vlws :D

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:44:49, on 12/03/2011

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18565)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Rhuan Almeida\Desktop\WYD\WYD.exe

C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe

C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe

C:\Windows\explorer.exe

C:\Users\Rhuan Almeida\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.positivoinformatica.com.br

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.positivoinformatica.com.br

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~1\GbPlugin\gbiehUni.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O15 - Trusted Zone: http://www.bancoreal.com.br

O15 - Trusted Zone: http://www.santander.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://bankline.itau.com.br/gbplugin2/cab/GbPluginUni.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~1\GbPlugin\gbiehUni.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--

End of file - 6363 bytes

Renato Utsch · Março 12, 2011

Olá!

Seja bem vindo à seção de remoção de malware do IMasters Fóruns.

Por favor, siga as instruções abaixo, na ordem pedida:

<< 1 >>

Temporariamente desative seus programas de proteção!

Faça o download do BankerFix e salve no desktop (área de trabalho).

Reinicie o computador em

Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)

Feche todos os programas abertos, menos o BankerFix.
Duplo clique em BankerFix.exe
Tenha certeza de que está conectado na internet e clique em OK.
Após a instalação, clique em OK para executar o BankerFix.
Aperte qualquer tecla na janela do BankerFix. Ele fará o resto.
Você receberá uma mensagem informando se foi encontrado algum problema.
Feche o BankerFix.
Vá em C:\Linha Defensiva\relatorio.txt. Copie todo o conteúdo do arquivo e poste em sua próxima mensagem.

<< 2 >>

Faça o Download do DDS e salve no Desktop (Área de trabalho).

Temporariamente desative os seus programas de proteção.
Duplo clique em dds.scr.
Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
Salve o resultado e cole-o no seu tópico.

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

Abraços :D

RhuanAlmeida · Março 12, 2011

Relatorio do Bunker.fix

------------------------------------------------------

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2011-03-12 - 17:44

-------------------------------------------------------

Lista de Definição: 2011-03-01-1 | CORE: 2010-12-28-6

=======================================================

----- Fim -------------------------

RELATORIO DDS

DDS (Ver_11-03-05.01) - NTFSx86

Run by Rhuan Almeida at 17:48:03,20 on 12/03/2011

Internet Explorer: 7.0.6001.18000

Microsoft® Windows Vista™ Business 6.0.6001.1.1252.55.1046.18.3327.2134 [GMT -3:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Users\Rhuan Almeida\Downloads\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.br/

uDefault_Page_URL = hxxp://www.positivoinformatica.com.br

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\progra~1\gbplugin\gbiehAbn.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\progra~1\gbplugin\gbiehUni.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [WinSys2] c:\windows\system32\startup.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: bancoreal.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: secureweb.com.br\www

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://bankline.itau.com.br/gbplugin2/cab/GbPluginUni.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GbPluginAbn - c:\progra~1\gbplugin\gbiehAbn.dll

Notify: GbPluginUni - c:\progra~1\gbplugin\gbiehUni.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\progra~1\gbplugin\gbiehUni.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\progra~1\gbplugin\gbiehAbn.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\rhuana~1\appdata\roaming\mozilla\firefox\profiles\um7nd38r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\rhuan almeida\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2011-2-28 45128]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsl18286d5f;MpKsl18286d5f;c:\programdata\microsoft\microsoft antimalware\definition updates\{287d8828-a6d2-4069-816d-ffa3ddbad925}\MpKsl18286d5f.sys [2011-3-12 28752]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2011-2-28 55576]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

S1 MpKslcc1b991c;MpKslcc1b991c;c:\programdata\microsoft\microsoft antimalware\definition updates\{287d8828-a6d2-4069-816d-ffa3ddbad925}\MpKslcc1b991c.sys [2011-3-12 28752]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-23 136176]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2011-2-23 41216]

.

=============== Created Last 30 ================

.

2011-03-12 20:44:38 -------- d-----w- C:\LinhaDefensiva

2011-03-12 20:37:52 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{287d8828-a6d2-4069-816d-ffa3ddbad925}\MpKsl18286d5f.sys

2011-03-12 20:16:59 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{287d8828-a6d2-4069-816d-ffa3ddbad925}\mpengine.dll

2011-03-10 02:35:12 -------- d-----w- c:\program files\Megacubo

2011-03-10 00:17:47 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-10 00:17:47 323072 ----a-w- c:\windows\system32\sbe.dll

2011-03-10 00:17:47 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-10 00:17:47 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-10 00:17:45 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-03-10 00:17:45 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-03-01 22:16:14 -------- d-----w- c:\program files\GbPlugin

2011-02-28 21:32:24 -------- d-----w- c:\users\rhuana~1\appdata\local\Adobe

2011-02-28 21:27:07 45128 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2011-02-28 03:11:11 -------- d-----w- c:\program files\Desliga Aí!

2011-02-28 02:15:12 -------- d-----w- c:\progra~2\NVIDIA Corporation

2011-02-28 02:14:54 -------- d-----w- c:\program files\NVIDIA Corporation

2011-02-28 02:10:38 -------- d-----w- C:\OnGame

2011-02-28 01:47:10 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2011-02-28 01:47:09 -------- d-----w- c:\program files\ffdshow

2011-02-26 17:53:12 -------- d-----r- c:\program files\Skype

2011-02-26 13:24:26 303616 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-26 13:24:26 17920 ----a-w- c:\windows\system32\netevent.dll

2011-02-26 13:24:26 145408 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-02-26 13:24:26 125952 ----a-w- c:\windows\system32\srvsvc.dll

2011-02-26 13:24:26 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-02-26 13:24:23 378368 ----a-w- c:\windows\system32\winhttp.dll

2011-02-26 13:24:14 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-02-26 02:58:46 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-02-26 02:58:46 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-02-26 02:58:46 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-02-26 02:58:46 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-02-26 02:58:46 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-02-26 00:37:48 -------- d-----w- c:\program files\common files\xing shared

2011-02-26 00:37:29 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-02-26 00:37:29 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-02-25 10:58:25 97800 ----a-w- c:\windows\system32\infocardapi.dll

2011-02-25 10:58:25 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2011-02-25 10:58:24 622080 ----a-w- c:\windows\system32\icardagt.exe

2011-02-25 10:58:24 37384 ----a-w- c:\windows\system32\infocardcpl.cpl

2011-02-25 10:58:24 11264 ----a-w- c:\windows\system32\icardres.dll

2011-02-25 10:58:22 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2011-02-25 10:54:03 158720 ----a-w- c:\windows\system32\mscorier.dll

2011-02-25 10:53:59 83968 ----a-w- c:\windows\system32\mscories.dll

2011-02-25 10:52:30 24064 ----a-w- c:\windows\system32\nshhttp.dll

2011-02-25 10:52:28 411136 ----a-w- c:\windows\system32\drivers\http.sys

2011-02-25 10:52:28 31232 ----a-w- c:\windows\system32\httpapi.dll

2011-02-25 10:52:13 231936 ----a-w- c:\windows\system32\msshsq.dll

2011-02-25 10:51:00 2048 ----a-w- c:\windows\system32\winrsmgr.dll

2011-02-24 16:33:37 -------- d-----w- c:\users\rhuana~1\appdata\local\Unity

2011-02-24 06:15:58 2868224 ----a-w- c:\windows\system32\mf.dll

2011-02-24 06:13:58 351232 ----a-w- c:\windows\system32\WSDApi.dll

2011-02-24 06:13:57 531968 ----a-w- c:\windows\system32\comctl32.dll

2011-02-24 06:13:55 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2011-02-24 06:13:55 31744 ----a-w- c:\windows\system32\msvidc32.dll

2011-02-24 06:13:55 22528 ----a-w- c:\windows\system32\msyuv.dll

2011-02-24 06:13:55 13312 ----a-w- c:\windows\system32\msrle32.dll

2011-02-24 06:13:55 11776 ----a-w- c:\windows\system32\tsbyuv.dll

2011-02-24 06:13:54 91136 ----a-w- c:\windows\system32\avifil32.dll

2011-02-24 06:13:54 82944 ----a-w- c:\windows\system32\mciavi32.dll

2011-02-24 06:13:54 65024 ----a-w- c:\windows\system32\avicap32.dll

2011-02-24 06:13:54 123904 ----a-w- c:\windows\system32\msvfw32.dll

2011-02-24 06:11:18 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2011-02-24 06:11:11 310784 ----a-w- c:\windows\system32\unregmp2.exe

2011-02-24 06:11:11 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe

2011-02-24 06:11:10 7680 ----a-w- c:\windows\system32\spwmp.dll

2011-02-24 06:11:10 4096 ----a-w- c:\windows\system32\msdxm.ocx

2011-02-24 06:11:10 4096 ----a-w- c:\windows\system32\dxmasf.dll

2011-02-24 06:11:10 107520 ----a-w- c:\program files\windows media player\wmpshare.exe

2011-02-24 06:11:10 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe

2011-02-23 17:26:20 8636 ----a-w- c:\windows\system32\modifype.exe

2011-02-23 17:26:20 69632 ----a-w- c:\windows\system32\moveex.exe

2011-02-23 17:26:19 517120 ----a-w- c:\windows\system32\CLWCP.exe

2011-02-23 17:02:58 -------- d-----w- c:\program files\Garena

2011-02-23 16:52:24 -------- d-----w- c:\program files\OnGame

2011-02-23 15:50:51 -------- d-----w- c:\progra~2\Messenger Plus!

2011-02-23 15:50:10 -------- d-----w- c:\program files\Yuna Software

2011-02-23 15:46:12 -------- d-----w- c:\users\rhuan almeida\Tracing

2011-02-23 15:44:56 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-02-23 15:44:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-02-23 15:43:36 -------- d-----w- c:\program files\Microsoft

2011-02-23 15:43:21 -------- d-----w- c:\program files\Windows Live SkyDrive

2011-02-23 15:42:50 -------- d-----w- c:\windows\PCHEALTH

2011-02-23 15:39:45 74520 ----a-w- c:\program files\common files\windows live\.cache\e5336a9a1cbd36f\DSETUP.dll

2011-02-23 15:39:45 484632 ----a-w- c:\program files\common files\windows live\.cache\e5336a9a1cbd36f\DXSETUP.exe

2011-02-23 15:39:45 1670936 ----a-w- c:\program files\common files\windows live\.cache\e5336a9a1cbd36f\dsetup32.dll

2011-02-23 15:33:56 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-02-23 15:33:32 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{d90253ac-3aba-4cfb-9d1d-76d769396fcd}\gapaengine.dll

2011-02-23 15:33:08 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-23 15:29:19 -------- d-----w- c:\program files\common files\Windows Live

2011-02-23 15:24:49 -------- d-----w- c:\users\rhuana~1\appdata\local\Mozilla

2011-02-23 15:24:46 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 11

2011-02-23 15:23:28 -------- d-----w- c:\program files\Microsoft Security Client

2011-02-23 15:19:20 -------- d-----w- c:\progra~2\Alwil Software

2011-02-23 15:12:36 171520 ----a-w- c:\windows\system32\wintrust.dll

2011-02-23 15:12:35 98304 ----a-w- c:\windows\system32\cabview.dll

2011-02-23 15:10:39 -------- d-----w- c:\users\rhuana~1\appdata\local\Google

2011-02-23 15:02:32 604776 ----a-w- c:\windows\system32\NVUNINST.EXE

2011-02-23 15:02:29 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

2011-02-23 15:02:29 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll

2011-02-23 15:02:28 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll

2011-02-23 15:02:28 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe

2011-02-23 15:02:28 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll

2011-02-23 15:02:27 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll

2011-02-23 15:02:22 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll

2011-02-23 15:02:21 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll

2011-02-23 14:59:21 2421760 ----a-w- c:\windows\system32\wucltux.dll

2011-02-23 14:43:48 558080 ----a-w- c:\windows\system32\MSMPEG2VDEC.DLL

2011-02-23 14:43:48 505856 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL

2011-02-23 14:43:48 386560 ----a-w- c:\windows\system32\MSMPEG2ADEC.DLL

2011-02-23 14:42:48 -------- d-sh--w- c:\windows\Installer

2011-02-23 14:32:30 -------- d-sh--w- C:\Boot

2011-02-23 14:32:25 7680 ------w- c:\windows\system32\drivers\ASACPI.sys

2011-02-23 14:32:23 41216 ------w- c:\windows\system32\drivers\ifxtpm.sys

2011-02-23 14:32:19 98816 ----a-r- c:\windows\system32\drivers\Rtlh86.sys

2011-02-23 14:32:11 45056 ------w- c:\windows\system32\drivers\HECI.sys

2011-02-23 14:32:09 12032 ------w- c:\windows\system32\drivers\nvsmu.sys

2011-02-23 14:31:44 -------- d-----w- c:\windows\POEMDRIVERS

2011-02-23 14:31:44 -------- d-----w- c:\windows\PANTHER

2011-02-23 14:31:44 -------- d-----w- c:\windows\DVDTEMPFOLDER

.

==================== Find3M ====================

.

2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:25:17 2038784 ----a-w- c:\windows\system32\win32k.sys

2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll

2010-12-20 15:40:24 833024 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-12-20 14:12:59 389632 ----a-w- c:\windows\system32\html.iec

2010-12-20 13:51:45 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2010-12-14 15:49:30 1169408 ----a-w- c:\windows\system32\sdclt.exe

.

============= FINISH: 17:48:33,30 ===============

Renato Utsch · Março 13, 2011

Olá!

Por favor, siga as instruções abaixo:

<< 1 >>

Faça o download do Malwarebytes Anti-Malware e salve no seu Desktop (Área de trabalho).

Tenha certeza de que está conectado na Internet.
Duplo clique em mbam-setup.exe.
Vá seguindo a instalação, sem alterar nenhuma configuração.
Quando a instalação chegar ao fim, lembre-se de marcar as opções:
Atualizar Malwarebytes' Anti-Malware
Executar Malwarebytes' Anti-Malware
Então, clique em Concluir.
O MBAM abrirá e você receberá um aviso quanto à atualização, antes de iniciar o scan. Se alguma atualização estiver disponível, ele irá baixá-la.
Na aba de Verificação:
- Marque Verificação Completa
- Clique em Verificar
[*]Quando a verificação terminar, uma mensagem aparecerá. Clique em OK para verificar a mensagem e continuar com o processo.

[*]Verifique se tudo o que foi encontrado está marcado e, então, clique em Remover.

[*]Após a remoção, um log será gerado e aberto.

[*]O log é salvo automaticamente, e pode ser acessado pela aba Logs.

[*]Copie e cole o log em sua próxima resposta.

<< 2 >>

Siga o tutorial abaixo e execute o Kaspersky Removal Tool. Depois poste o log gerado.

Tutorial do Kaspersky Virus Removal Tool

<< 3 >>

Poste um novo log do DDS.

Abraços :D

Mário Monteiro · Abril 13, 2011

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Entrar

Arquivado

[Arquivado] &nbspPc Com Virus ( analise de log )

Recommended Posts

RhuanAlmeida 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Renato Utsch 24

Compartilhar este post

Link para o post

Compartilhar em outros sites

RhuanAlmeida 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Renato Utsch 24

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

JAVASCRIPT - Comparar Data Digitada com Data Atual

Adiciona entrada em dicionario por variavel

PHP - Agradecimento e uma Dúvida

Este projeto é apoiado pelas empresas

Fóruns

Tempo Real

Informação importante