1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Socorroooooo Me Ajudem No Msn !!! Estou Com Virus !!!

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por Danielzinho, 3 de Dezembro de 2006. (Respostas: 2; Visualizações: 1520)

  1. gostaria De Saber Como Faço Para Tirar Um Virus No Meu Msn !!!

    Eu Ja Tenho O Log !!!

    Me Ajuuuuuuuudeeeemmm !!!
    Por Favor !!!

    Logfile of HijackThis v1.99.1
    Scan saved at 11:53:59, on 3/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Argus Surveillance DVR\DVRWatchdog.ovl
    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
    C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\Arquivos de programas\IRCAS Alarm\Bin\ircengnt.exe
    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Arquivos de programas\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Argus Surveillance DVR\DVR.exe
    C:\Arquivos de programas\D-Tools\daemon.exe
    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Arquivos de programas\IRCAS Alarm\bin\irctray.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\cmrss.dll.exe
    C:\WINDOWS\system32\msbcs.exe
    C:\WINDOWS\system32\isass.exe
    C:\WINDOWS\system32\iexplorer.dll.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Arquivos de programas\Arquivos comuns\RTE\RTEGPRS.exe
    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
    C:\Arquivos de programas\Mozilla Firefox\firefox.exe
    C:\Arquivos de programas\BitComet\BitComet.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Arquivos de programas\Messenger\msmsgs.exe
    C:\Documents and Settings\Daniel Carlos\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\ARQUIV~1\E-BOOK~1\FLIPVI~1\fplaunch.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll
    O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\system32\mpeg4dec0.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [IRCAS Tray] C:\Arquivos de programas\IRCAS Alarm\bin\irctray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.dll.exe
    O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe
    O4 - HKLM\..\Run: [isass] C:\WINDOWS\system32\isass.exe
    O4 - HKLM\..\Run: [iexplorer] C:\WINDOWS\system32\iexplorer.dll.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Arquivos de programas\Arquivos comuns\RTE\RTEGPRS.exe" tray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O16 - DPF: {33636E16-9C2B-41DE-9D32-C185A975D95B} (DVRViewer Control) - http://localhost:8080/DVRViewer/DVRViewer.cab
    O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{13A5AD52-E82E-4EA3-9438-E67844033B6B}: NameServer = 192.168.254.254
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Active WebCam Watchdog (ACTIVEWEBCAMWATCHDOG) - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Argus Surveillance DVR (ARGUSSURVEILLANCEDVR) - Argus Surveillance Inc. - C:\Program Files\Argus Surveillance DVR\DVR.exe
    O23 - Service: Argus Surveillance DVR Watchdog (ARGUSSURVEILLANCEDVR_WATCHDOG) - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: ircengnt - Rombouts Electronics - C:\Arquivos de programas\IRCAS Alarm\Bin\ircengnt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ptssvc - Unknown owner - C:\Arquivos de programas\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe


     
  2. Kayvlim

    Kayvlim Undefined Moderator
    Staff Member

    Bem-vindo ao fórum :)

    Antes de mais, não voltes a escrever a bold e a sublinhado, porque o mais provável seria ninguém te responder. Eu achei o teu post bastante ilegível assim (até me doem os olhos >_< )

    Agora, em relação à tua questão, os seguintes ficheiros parecem-me suspeitos:
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\cmrss.dll.exe
    C:\WINDOWS\system32\msbcs.exe
    C:\WINDOWS\system32\isass.exe
    C:\WINDOWS\system32\iexplorer.dll.exe

    E as seguintes chaves:
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.dll.exe
    O4 - HKLM\..\Run: [msbcs] C:\WINDOWS\system32\msbcs.exe
    O4 - HKLM\..\Run: [isass] C:\WINDOWS\system32\isass.exe
    O4 - HKLM\..\Run: [iexplorer] C:\WINDOWS\system32\iexplorer.dll.exe

    Podem haver mais, mas à primeira vista foi o que eu vi.

    Um conselho: edita o teu post, marca tudo e carrega no botão [​IMG] ;)

    Cumprimentos [[[[[[[[[]]]]]]]]]]
    angelofwisdom
     
  3. luikki

    luikki Power Member

    posta o log do hijackthis, aqui.....
    apaga tudo que estiver marcado a vermelho.....
    instala e corre o spybot e o adware....
    não te esqueças de desactivar o restauro do sistema!
     

Partilhar esta Página