Virus - Ajuda!!!!! =|

karma

Usuário Registrado
ae galera.. hoje fui infectado por um virus chamado de vxgame.exe.. e do nada foram aparecendo muito outros virus =|||

alguem pode ler o log e me ajudar a remove-lo ???

ja usei Ad-Ware (antispy) . NOD32 (antivirus) consegui remover muitos spy's e virus

mas o computador apararenta estar infectado ainda =|||

alguem pode ler o log e m ajudar ?

obrigado a ajuda e todos =)

Logfile of HijackThis v1.99.1
Scan saved at 22:23:24, on 7/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Eset\nod32kui.exe
C:\Arquivos de programas\Hand-Crafted Software\FreeProxy\FreeProxy.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Eset\nod32krn.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Edih\CONFIG~1\Temp\spoolsvv.exe
C:\Arquivos de programas\Winamp\winamp.exe
C:\Arquivos de programas\The 7 Deadly Sins\mirc.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: C:\WINDOWS\system32\19BA0F.dll - {855875B5-93F3-429D-FF34-660B206D897C} - C:\WINDOWS\system32\19BA0F.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Edih\CONFIG~1\Temp\update1.exe3072.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{72461D9C-83FA-43F8-941E-F40277834C5A}: NameServer = 200.172.181.178 200.172.181.178
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documentos\Settings\artm_new.dll
O20 - Winlogon Notify: emldvc - C:\WINDOWS\SYSTEM32\emldvc.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi7788.exe
O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\Edih\CONFIG~1\Temp\dnlsvc.exe (file missing)
O23 - Service: Free Proxy Service (FreeProxy) - Hand-Crafted Software - C:\Arquivos de programas\Hand-Crafted Software\FreeProxy\FreeProxy.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe



Obrigado!!!!!!!!!!!!!!!

o/ o/ o/
 

pLoC

p*
Registrado
toda vez q tenhu qualqueh problema parecido sabe oq eu faco ??


format c:

odeio quebra cabeca com isso =]
 

NS-BURZUM

Member
Registrado
Q antivirus vc tem? ou não tem ?

Usa o restaurador do windows e volta pra data antes da infecção.
 

Usuários que está vendo este tópico

Topo