Ir ao conteúdo
  • Cadastre-se

Trojans que não consigo remover


arthurlcm

Posts recomendados

Tem dois trojans que o AVG identifica mas não consegue remover, sempre que remove eles são recriados.

DDS (Ver_09-07-30.01) - NTFSx86

Run by aRtHuR at 6:50:04,56 on ter 01/09/2009

Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uURLSearchHooks: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\arquivos de programas\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: : {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - c:\messengerplus\IEBrowserEvents.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\arquivos de programas\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

TB: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [swg] c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [Google Update] "c:\documents and settings\arthur\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

uRun: [Advanced SystemCare 3] "c:\arquivos de programas\iobit\advanced systemcare 3\AWC.exe" /startup

uRun: [uTorrent] "c:\arquivos de programas\utorrent\uTorrent.exe"

uRun: [wmplayer] c:\messengerplus\wmplayer.exe

mRun: [sRFirstRun] rundll32 srclient.dll,CreateFirstRunRp

mRun: [VTTimer] VTTimer.exe

mRun: [VTTrayp] VTtrayp.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [Windows Defender] "c:\arquivos de programas\windows defender\MSASCui.exe" -hide

mRun: [VMonitorVMUVC] "c:\arquivos de programas\vimicro corporation\vmuvc\VMonitor.exe" VMUVC

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\arquivos de programas\yahoo!\common\Yinsthelper.dll

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\arquiv~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-08-31 22:40 <DIR> a-d-h--- C:\MessengerPlus

2009-08-06 23:08 <DIR> --d----- c:\windows\system32\XPSViewer

2009-08-06 23:07 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-06 23:07 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-06 23:07 117,760 -------- c:\windows\system32\prntvpt.dll

2009-08-06 23:06 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-06 23:06 575,488 -------- c:\windows\system32\xpsshhdr.dll

2009-08-06 23:06 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll

2009-08-06 23:06 1,676,288 -------- c:\windows\system32\xpssvcs.dll

2009-08-06 23:06 <DIR> --d----- C:\58a69f969cd076bfd7

2009-08-04 20:51 <DIR> --d----- c:\arquivos de programas\uTorrent

2009-08-04 20:50 <DIR> --d----- c:\docume~1\arthur\dadosd~1\uTorrent

==================== Find3M ====================

2009-08-17 15:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-08-17 15:51 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-08-06 23:16 447,866 a------- c:\windows\system32\perfh016.dat

2009-08-06 23:16 72,818 a------- c:\windows\system32\perfc016.dat

2009-08-05 06:00 205,312 a------- c:\windows\system32\mswebdvd.dll

2009-07-17 16:03 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-03 13:59 915,456 a------- c:\windows\system32\wininet.dll

2009-06-25 05:27 732,672 a------- c:\windows\system32\lsasrv.dll

2009-06-25 05:27 147,456 a------- c:\windows\system32\schannel.dll

2009-06-25 05:27 136,192 a------- c:\windows\system32\msv1_0.dll

2009-06-25 05:27 56,832 a------- c:\windows\system32\secur32.dll

2009-06-25 05:27 54,272 a------- c:\windows\system32\wdigest.dll

2009-06-25 05:27 301,568 a------- c:\windows\system32\kerberos.dll

2009-06-16 11:39 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 11:39 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-15 07:44 77,824 a------- c:\windows\system32\telnet.exe

2009-06-15 07:44 81,408 a------- c:\windows\system32\tlntsess.exe

2009-06-10 11:14 85,504 a------- c:\windows\system32\avifil32.dll

2009-06-10 03:15 132,096 a------- c:\windows\system32\wkssvc.dll

2009-06-03 16:10 1,295,872 a------- c:\windows\system32\quartz.dll

============= FINISH: 6:50:26,93 ===============

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net

Rootkit scan 2009-09-01 21:36:13

Windows 5.1.2600 Service Pack 3

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 15, 00]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 15, 00]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 15, 00]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EB1A

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 15, 00]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 15, 00]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 15, 00]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EB8B

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 15, 00]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90ECB9

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 15, 00]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 15, 00]

.text C:\Documents and Settings\aRtHuR\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[992] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001CF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] ADVAPI32.dll!CryptDeriveKey 77F69FFD 7 Bytes JMP 28001000 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] ADVAPI32.dll!CryptDecrypt 77F6A129 7 Bytes JMP 28001060 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] USER32.dll!GetWindowLongW 7E3688A6 7 Bytes JMP 28006B00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 280046C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 28005EA0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 28006120 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 28006770 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 28003CF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 28005FE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 28006960 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28006310 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 28004FA0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] WS2_32.dll!closesocket 71A73E2B 5 Bytes JMP 2800BB90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] WS2_32.dll!send 71A74C27 5 Bytes JMP 2800B770 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] WS2_32.dll!WSARecv 71A74CB5 5 Bytes JMP 2800B550 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] WS2_32.dll!recv 71A7676F 5 Bytes JMP 2800B3B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] WS2_32.dll!WSASend 71A768FA 5 Bytes JMP 2800B950 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 5 Bytes JMP 28003440 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] ole32.dll!CoInitializeEx 774DEF7B 5 Bytes JMP 28002260 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 28002600 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] ole32.dll!CoRegisterClassObject 774F7E90 5 Bytes JMP 28002360 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] WININET.dll!InternetReadFile 3FA6654B 5 Bytes JMP 2800A3B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] WININET.dll!InternetCloseHandle 3FA69088 5 Bytes JMP 2800A560 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] WININET.dll!HttpOpenRequestA 3FA6D508 5 Bytes JMP 2800A220 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1776] WININET.dll!HttpSendRequestA 3FA7EE81 5 Bytes JMP 2800A490 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Obrigado!

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro arthurlcm

Se ainda precisar de ajuda por favor, refaça os logs pois preciso dos mesmos com datas atualizadas!

Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

Abraços :D

Link para o comentário
Compartilhar em outros sites

DDS (Ver_09-07-30.01) - NTFSx86

Run by aRtHuR at 6:50:04,56 on ter 01/09/2009

Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uURLSearchHooks: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\arquivos de programas\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: : {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - c:\messengerplus\IEBrowserEvents.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\arquivos de programas\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

TB: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [swg] c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [Google Update] "c:\documents and settings\arthur\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

uRun: [Advanced SystemCare 3] "c:\arquivos de programas\iobit\advanced systemcare 3\AWC.exe" /startup

uRun: [uTorrent] "c:\arquivos de programas\utorrent\uTorrent.exe"

uRun: [wmplayer] c:\messengerplus\wmplayer.exe

mRun: [sRFirstRun] rundll32 srclient.dll,CreateFirstRunRp

mRun: [VTTimer] VTTimer.exe

mRun: [VTTrayp] VTtrayp.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [Windows Defender] "c:\arquivos de programas\windows defender\MSASCui.exe" -hide

mRun: [VMonitorVMUVC] "c:\arquivos de programas\vimicro corporation\vmuvc\VMonitor.exe" VMUVC

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\arquivos de programas\yahoo!\common\Yinsthelper.dll

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\arquiv~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-08-31 22:40 <DIR> a-d-h--- C:\MessengerPlus

2009-08-06 23:08 <DIR> --d----- c:\windows\system32\XPSViewer

2009-08-06 23:07 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-06 23:07 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-06 23:07 117,760 -------- c:\windows\system32\prntvpt.dll

2009-08-06 23:06 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-06 23:06 575,488 -------- c:\windows\system32\xpsshhdr.dll

2009-08-06 23:06 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll

2009-08-06 23:06 1,676,288 -------- c:\windows\system32\xpssvcs.dll

2009-08-06 23:06 <DIR> --d----- C:\58a69f969cd076bfd7

2009-08-04 20:51 <DIR> --d----- c:\arquivos de programas\uTorrent

2009-08-04 20:50 <DIR> --d----- c:\docume~1\arthur\dadosd~1\uTorrent

==================== Find3M ====================

2009-08-17 15:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-08-17 15:51 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-08-06 23:16 447,866 a------- c:\windows\system32\perfh016.dat

2009-08-06 23:16 72,818 a------- c:\windows\system32\perfc016.dat

2009-08-05 06:00 205,312 a------- c:\windows\system32\mswebdvd.dll

2009-07-17 16:03 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-03 13:59 915,456 a------- c:\windows\system32\wininet.dll

2009-06-25 05:27 732,672 a------- c:\windows\system32\lsasrv.dll

2009-06-25 05:27 147,456 a------- c:\windows\system32\schannel.dll

2009-06-25 05:27 136,192 a------- c:\windows\system32\msv1_0.dll

2009-06-25 05:27 56,832 a------- c:\windows\system32\secur32.dll

2009-06-25 05:27 54,272 a------- c:\windows\system32\wdigest.dll

2009-06-25 05:27 301,568 a------- c:\windows\system32\kerberos.dll

2009-06-16 11:39 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 11:39 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-15 07:44 77,824 a------- c:\windows\system32\telnet.exe

2009-06-15 07:44 81,408 a------- c:\windows\system32\tlntsess.exe

2009-06-10 11:14 85,504 a------- c:\windows\system32\avifil32.dll

2009-06-10 03:15 132,096 a------- c:\windows\system32\wkssvc.dll

2009-06-03 16:10 1,295,872 a------- c:\windows\system32\quartz.dll

============= FINISH: 6:50:26,93 ===============

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net

Rootkit scan 2009-09-06 19:51:54

Windows 5.1.2600 Service Pack 3

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro arthurlcm

Faça download do Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

  • Instale o programa normalmente, seguindo todas as instruções.
  • Uma pasta chamada Virus Removal Tool será criada no desktop.
  • Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
  • Seja paciente, o scan pode demorar
  • Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
  • Após completar tudo, clique no botão Reports... e clique em Save to file.
  • Dê um nome para o arquivo e salve numa pasta de sua preferência.
  • Feche o resultado clicando no X da janela.
  • Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Poste o conteúdo desse arquivo em sua próxima resposta e aguarde.

Abraços :D

Link para o comentário
Compartilhar em outros sites

Scan

----

Scanned: 208030

Detected: 0

Untreated: 0

Start time: 8/9/2009 19:01:41

Duration: 02:25:14

Finish time: 8/9/2009 21:26:55

Detected

--------

Status Object

------ ------

Events

------

Time Name Status Reason

---- ---- ------ ------

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

Backup

------

Status Object Size

------ ------ ----

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro arthurlcm

Log limpo :)

<<@>> Instale o CCleaner

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador.

Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Curso de Hacker Ético

LANÇAMENTO!

CLIQUE AQUI E CONFIRA!

* Este curso não é ministrado pela equipe do Clube do Hardware.