Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

mjmf

[Arquivado] Sumiu minha area de trabalho

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

mjmf    0

mjmf
Postado

Boa Tarde meus amigos ,

eu venho a esse forum para pedir ajudar a vcs. tenho um notebok toshiba e minha irmã navegando na internet pegou um virus que simplesmente fez com que minha barra de tarefas e minha area de trabalho não aparecessem mais. eu só consigo rodar alguma coisa ultizando o ctl+alt+del e uso uma nova task. com isso consegui rodar alguns anti virus , alguns até acharam varios , mas o problema persistiu. não consigo entrar no painel de controle, minha area de trabalho e minha barra ficam por baixo de fundo de tela e não consigo mexer.

rodei o hijackthis e tenho esse log.

agradeço desde já a atenção de vcs

 

Logfile of HijackThis v1.99.1

Scan saved at 09:58:28, on 6/12/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\ewido\security suite\ewidoguard.exe

c:\Toshiba\Ivp\Swupdate\swupdtmr.exe

E:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {604DBB00-EF01-4F24-AFAD-7B5B788987D6} - C:\WINDOWS\system32\cein.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - (no file)

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [ahui32.exe] C:\WINDOWS\system32\ahui32.exe

O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - (no file)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O18 - Filter: text/html - {1F6D0AB9-8339-4B1C-89BD-736C56750E2F} - C:\WINDOWS\system32\cein.dll

O18 - Filter: text/plain - {1F6D0AB9-8339-4B1C-89BD-736C56750E2F} - C:\WINDOWS\system32\cein.dll

O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Nhnbpc32.dll (file missing)

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: C-DillaSrv - Unknown owner - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Infrared Monitor (Irmon) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Caro mjmf,

 

Você vai ter muito trabalho.

 

Bem, vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

Baixe o CWShredder em:

CWShredder

 

Baixe, mas não execute ainda.

 

Baixe o SpySweeper em:

SpySweeper

 

Baixe e atualize, mas não execute ainda.

 

Baixe:

Restorethemes.reg

 

-e-

 

Restore Luna Theme

 

Baixe-os, mas não execute ainda.

 

2ª Etapa

 

Faça o seguinte:

 

Iniciar -->Executar --> digite services.msc e dê OK.

 

Procure o serviço Application Management.

 

Dê um clique direito nele e vá para Propriedades.

 

Clique em Parar e modifique o Tipo de Inicialização para Desativado.

 

Repita a operação para:

Windows Audio

Background Intelligent Transfer Service

Computer Browser

Cryptographic Services

DCOM Server Process Launcher

DHCP Client

Logical Disk Manager

DNS Client

Error Reporting Service

COM+ Event System

Fast User Switching Compatibility

Help and Support

HTTP SSL

Infrared Monitor

Server

Workstation

TCP/IP NetBIOS Helper

Network Connections

Network Location Awareness

Removable Storage

Remote Access Auto Connection Manager

Remote Access Connection Manager

Remote Registry

Remote Procedure Call

Task Scheduler

Secondary Logon

System Event Notification

Windows Firewall/Internet Connection Sharing

Shell Hardware Detection

System Restore Service

SSDP Discovery Service

Windows Image Acquisition

Telephony

Terminal Services

Themes

Distributed Link Tracking Client

Universal Plug and Play Device Host

Windows Time (W32Time)

WebClient

Windows Management Instrumentation

Portable Media Serial Number Service

Windows Management Instrumentation Driver Extensions

Security Center

Automatic Updates

Wireless Zero Configuration

Network Provisioning Service

Execute o KillBox:

1) Selecione Delete on reboot;

2) Full path of file to delete;

3) Coloque:

C:\WINDOWS\system32\ahui32.exe - Aperte X. Responda "sim" à primeira pergunta e "não" à segunda.

 

Repita a operação para:

C:\WINDOWS\system32\cein.dll

C:\WINDOWS\system32\Nhnbpc32.dll

Caso o Killbox acuse a não existência de algum arquivo/pasta, apenas passe para o próximo.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

 

3ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {604DBB00-EF01-4F24-AFAD-7B5B788987D6} - C:\WINDOWS\system32\cein.dll (file missing)

O4 - HKLM\..\Run: [ahui32.exe] C:\WINDOWS\system32\ahui32.exe

O18 - Filter: text/html - {1F6D0AB9-8339-4B1C-89BD-736C56750E2F} - C:\WINDOWS\system32\cein.dll

O18 - Filter: text/plain - {1F6D0AB9-8339-4B1C-89BD-736C56750E2F} - C:\WINDOWS\system32\cein.dll

O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Nhnbpc32.dll (file missing)

O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Infrared Monitor (Irmon) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

Clique em Fix Checked.

 

4ª Etapa

 

Ainda em Modo Seguro faça o seguinte:

 

1) Execute o CWShredder.

 

2) Execute uma verificação completa com o SpySweeper.

 

3) Restorethemes.reg

 

-ou-

 

Restore Luna Theme.

 

Um destes deve restaurar o as configurações de seu desktop.

 

5ª Etapa

 

Reinicie em modo normal.

 

Verifique se os problemas foram resolvidos e poste o novo log.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites

mjmf    0

mjmf
Postado

Obrigado pela ajuda amigo ! mas infelizmente como eu havia dito , não consigo abrir nem a barra onde se encontra o iniciar e nem a minha area de trabalho , eu só consigo rodar algumas coisas dando cntl+alt+del e ultilizo o comando nova task. portanto não tenho como abrir o painel de controle e nem tenho como atualizar anti-virus. gostaria de saber se tem como eu tirar esse virus na mão mesmo . se tenho como editar os registros e mexer lá. se puder me ajudar eu agradeçoum grande abraçoMário

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Caro mjmf,

 

Preciso saber se você consegue baixar arquivos pela net, pois para tentar restaurar suas configurações de vídeo precisarei testar algumas ferramentas. Você consegue?

Compartilhar este post

Link para o post
Compartilhar em outros sites

mjmf    0

mjmf
Postado

jgarcia ,infelizmente não , o virus desarma qualquer tentativa de eu entrar no sistema. eu não consigo ver as telas. a barra do windows tb fica por trás da pagina que trava a minha area de trabalho. eu vou formatar o toshiba. e pedir pra pessoa ter mais cuidado ao entrar na internet.obrigado pela ajuda amigo

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Caro mjmf,

 

Sinto dizer, mas parece que a formatação é a melhor opção mesmo. O estrago foi grande. :(

 

A praga estava utilizando o processo svchost legítimo para agir. :angry:

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Shine    0

Shine
Postado

TÓPICO ARQUIVADO

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito