Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

DuarteFigueiredo

[Arquivado] file infectado com trojan generic2.ssz

Recommended Posts

Boas,

 

O AGV tem detectado sempre o trojen generic2.ssz. Cada vez que detecta diz que resolveu o assunto, mas depois do próximo boot ele volta a aparecer. Já desactivei o restauro de sistema.

 

Aqui está o log do hijackthis

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Programas\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\WINDOWS\system32\carpserv.exe

C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

C:\Programas\Synaptics\SynTP\SynTPLpr.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\winlogin32.exe

C:\WINDOWS\system32\ctfmon32.exe

C:\WINDOWS\system32\acrmon32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\MSN Messenger\MsnMsgr.Exe

C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Programas\WinRAR\WinRAR.exe

C:\DOCUME~1\INESTR~1\DEFINI~1\Temp\Rar$EX00.524\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...;lc=0816&ac

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirec...rch&ap=b204

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...rch&ap=b204

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...;lc=0816&ac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Display Settings] C:\Programas\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programas\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [msvcc25] svcchost.exe

O4 - HKLM\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe

O4 - HKLM\..\Run: [user Input Services] C:\WINDOWS\system32\ctfmon32.exe

O4 - HKLM\..\Run: [Windows LoL Layer] cywrblb.exe

O4 - HKLM\..\Run: [REGEDIT] C:\DOCUME~1\INESTR~1\DEFINI~1\Temp\gsf10\zlip.exe

O4 - HKLM\..\Run: [Acrobat] C:\WINDOWS\system32\acrmon32.exe

O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

O4 - HKLM\..\RunServices: [Windows LoL Layer] cywrblb.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe

O4 - HKCU\..\Run: [Windows LoL Layer] cywrblb.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?6809441b108e4bcabcb6f01a9d35b3

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?6809441b108e4bcabcb6f01a9d35b3

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFFF8CA4-CB92-48D1-B68C-8855989EF3F4}: NameServer = 193.136.176.16,193.136.176.15

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programas\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: Microsoft BIOS Drivers - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)

O23 - Service: Microsoft Translation Service (MTServ) - Unknown owner - C:\WINDOWS\system32\mtserv.exe (file missing)

O23 - Service: Windows Host Services (WINHOST32) - Unknown owner - C:\WINDOWS\system\services.exe (file missing)

 

 

Será que alguém me pode ajudar?

 

Desde já obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa DuarteFigueiredo,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe, aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

log do bankerfix:

 

INICIANDO BANKER FIX

=======================================================

 

 

INICIANDO FOX FIX

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

 

 

 

 

novo log do hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 13:00:44, on 26-02-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Programas\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\WINDOWS\system32\carpserv.exe

C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

C:\Programas\Synaptics\SynTP\SynTPLpr.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\winlogin32.exe

C:\WINDOWS\system32\ctfmon32.exe

C:\WINDOWS\system32\acrmon32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Grisoft\AVG Free\avgcc.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\WinRAR\WinRAR.exe

C:\DOCUME~1\INESTR~1\DEFINI~1\Temp\Rar$EX00.774\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...;lc=0816&ac

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirec...rch&ap=b204

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...rch&ap=b204

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...;lc=0816&ac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Display Settings] C:\Programas\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programas\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [msvcc25] svcchost.exe

O4 - HKLM\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe

O4 - HKLM\..\Run: [user Input Services] C:\WINDOWS\system32\ctfmon32.exe

O4 - HKLM\..\Run: [Windows LoL Layer] cywrblb.exe

O4 - HKLM\..\Run: [REGEDIT] C:\DOCUME~1\INESTR~1\DEFINI~1\Temp\gsf10\zlip.exe

O4 - HKLM\..\Run: [Acrobat] C:\WINDOWS\system32\acrmon32.exe

O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

O4 - HKLM\..\RunServices: [Windows LoL Layer] cywrblb.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe

O4 - HKCU\..\Run: [Windows LoL Layer] cywrblb.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?6809441b108e4bcabcb6f01a9d35b3

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?6809441b108e4bcabcb6f01a9d35b3

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFFF8CA4-CB92-48D1-B68C-8855989EF3F4}: NameServer = 193.136.176.16,193.136.176.15

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programas\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: Microsoft BIOS Drivers - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)

O23 - Service: Microsoft Translation Service (MTServ) - Unknown owner - C:\WINDOWS\system32\mtserv.exe (file missing)

O23 - Service: Windows Host Services (WINHOST32) - Unknown owner - C:\WINDOWS\system\services.exe (file missing)

 

 

 

aqui estão os dois logs. o bankerfix disse que não havia problemas mas o trojan continua a aparecer nos scans do AVG...

 

obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa DuarteFigueiredo,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

2ª Etapa

 

Faça o seguinte:

 

Vá em Iniciar -->Executar --> digite services.msc e dê OK.

 

Procure o serviço Microsoft BIOS Drivers.

 

Dê um clique direito nele e vá para Propriedades.

 

Clique em Parar e modifique o Tipo de Inicialização para Desativado.

 

Repita a operação para:

 

Microsoft Translation Service

Windows Host Services

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\winlogin32.exe

C:\WINDOWS\system32\ctfmon32.exe

C:\WINDOWS\system32\acrmon32.exe

C:\WINDOWS\system32\vcmon.exe

C:\WINDOWS\system32\mtserv.exe

C:\WINDOWS\system32\svcchost.exe

C:\WINDOWS\system32\cywrblb.exe

C:\WINDOWS\system\services.exe

C:\DOCUME~1\INESTR~1\DEFINI~1\Temp\gsf10\zlip.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

3ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Open the Misc Tools section.

 

Clique em Delete an NT service.

 

Coloque:

 

Microsoft BIOS Drivers

 

Elimine o serviço.

 

Repita a operação para:

 

Microsoft Translation Service

Windows Host Services

 

Execute o HijackThis novamente, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [msvcc25] svcchost.exe

O4 - HKLM\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe

O4 - HKLM\..\Run: [user Input Services] C:\WINDOWS\system32\ctfmon32.exe

O4 - HKLM\..\Run: [Windows LoL Layer] cywrblb.exe

O4 - HKLM\..\Run: [REGEDIT] C:\DOCUME~1\INESTR~1\DEFINI~1\Temp\gsf10\zlip.exe

O4 - HKLM\..\Run: [Acrobat] C:\WINDOWS\system32\acrmon32.exe

O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

O4 - HKLM\..\RunServices: [Windows LoL Layer] cywrblb.exe

O4 - HKCU\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe

O4 - HKCU\..\Run: [Windows LoL Layer] cywrblb.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O23 - Service: Microsoft BIOS Drivers - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)

O23 - Service: Microsoft Translation Service (MTServ) - Unknown owner - C:\WINDOWS\system32\mtserv.exe (file missing)

O23 - Service: Windows Host Services (WINHOST32) - Unknown owner - C:\WINDOWS\system\services.exe (file missing)

Clique em Fix Checked.

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.

 

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador com um link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.