Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

jpaulo

[Arquivado]pc com virus

Recommended Posts

Bom, é a primeira vez que entro aqui e sou totalmente leigo. Estou precisando de ajuda e não sei como fazer, portanto, peço que tenham paci~encia ao me ajudar. Eu baixei um programa spy há uns 3 meses atrás para ver o qeu meus filhos estavam vendo aqui em casa e no começo estava bem, mas de repente a tal senha que eu usava para ver o programa já não funcionava mais. Aí depois disso, desinstalei o tal progrma mas agora toda vez entro na internet aparece um destes quadros pequenos com um OK é pequeno e a qualquer lugar que eu vá acessar aparece isso. Não consigo saber se isto é virus. bom, nem sei se isso é um problema. Podem me ajudar? como faço? Ah tenho instalado no meu pc o Avast, Ad-aware-se e o AVG e nada ajuda. espero a ajuda.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá amigo, obrigado por me ajudar.

 

segue o que acho que é o log..

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:45:52, on 27/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Executive Software\Diskeeper\DkService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Arquivos de programas\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Arquivos de programas\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spybotSnD] "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe" /waitprograms

O4 - HKLM\..\RunServices: [WinLoader] oyhxhkotvf.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://sonypictures.com/movies/spiderman3/.../vivid_ocx.jpeg

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://familia-tra-la-la.spaces.live.com//...ad/MsnPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8DBCDE-205F-4861-A237-1CD9298D4C4A}: NameServer = 200.155.32.29 200.155.32.27

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Arquivos de programas\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Arquivos de programas\Executive Software\Diskeeper\DkService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

outra coisa que esqueci de mencionar, foi que ha uns dias atras e hoje tb, sumiram todos meus emaisl do outlook inclusive todos os contatos.

 

valeu

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o log mostra um trojan backdoor, que dá acesso remoto do seu PC para um hacker. Veja aqui.

 

Salve ou imprima estas instruções, pois vai segui-las desconectado e sem acesso a esta página:

 

1 - Reinicie o Pc e aperte F8 intermitentemente. No menu escolha: modo seguro.

 

2 - Faça um scan com o HijackThis, marque a entrada abaixo e clique em ht-fix.png

 

O4 - HKLM\..\RunServices: [WinLoader] oyhxhkotvf.exe

 

3 - Localize e se encontrar, delete este arquivo: oyhxhkotvf.exe

 

Reinicie em modo normal, faça um scan com o HijackThis e salve/poste o log. Informe se acabou o problema.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom, expelico o que fiz.

1 Eu reiniciei a máquina em modo seguro.

2 Passei o hijackthis com ele no modo seguro e lá realemente apareceu o tal arquivo que me disse. Aí marquei a caixa dele e já não sabia como seguir o passo seguinte. Aí deletei ele.

3 reiniciei o pc novamente agora em modo normal e passei o hijack this novamente e não apareceu mais o arquivo lá no resultado, porém ao tentar entrar novamente na internet, voltou a aparecer o problema.

 

Então segue abaixo o log:

Seria possível eu colar aqui a imagem do tal quadro que inisite aparecer? Posso dar um print screen na tela e postar aqui. Resolveria? Como faria?

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:38:00, on 31/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Executive Software\Diskeeper\DkService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Arquivos de programas\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Arquivos de programas\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spybotSnD] "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe" /waitprograms

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://sonypictures.com/movies/spiderman3/.../vivid_ocx.jpeg

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://familia-tra-la-la.spaces.live.com//...ad/MsnPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8DBCDE-205F-4861-A237-1CD9298D4C4A}: NameServer = 200.155.32.29 200.155.32.27

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Arquivos de programas\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Arquivos de programas\Executive Software\Diskeeper\DkService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

não consegui. Quando copio o url e colo aqui, ou diz que não pode colar um link direto de página ou aparece o quadrinho com x vermelho. Bom vou continuar tentando.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Primeiro você hospeda a imagem em um servidor: http://imageshack.us/

 

Depois clica no botão Inserir imagem do Editor daqui do Fórum e coloca o link direto da imagem que hospedou.

 

Olá Sam Spade

você me ajudou uma vez em um outro forum, você é muito bom naquilo que faz parabéns.

Tenho um problema com um pc que está muito infectado, fiz um tópico

 

http://forum.imasters.com.br/index.php?showtopic=222383

 

De uma olhada, por favor, Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, baixe: F-Secure BlackLight > abra uma pasta própria em C:\ e salve nela.

 

Entre na pasta, dê um duplo-clique no ícone do BlackLight e faça um scan (mais nada, apenas o scan).

 

Será gerado um log que é um arquivo com este nome: fsb-seqüencia de números.log. Poste o mesmo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

04/06/07 17:54:56 [info]: BlackLight Engine 1.0.61 initialized04/06/07 17:54:56 [info]: OS: 5.1 build 2600 (Service Pack 2)04/06/07 17:54:57 [Note]: 7019 404/06/07 17:54:57 [Note]: 7005 004/06/07 17:55:01 [Note]: 7006 004/06/07 17:55:01 [Note]: 7011 170004/06/07 17:55:01 [Note]: 7026 004/06/07 17:55:01 [Note]: 7026 004/06/07 17:55:06 [Note]: FSRAW library version 1.7.102104/06/07 17:59:24 [Note]: 2000 101204/06/07 17:59:24 [Note]: 2000 1012acho que é isso.. lá aparece uma outra opção... show all process

Compartilhar este post


Link para o post
Compartilhar em outros sites

O resultado é esse mesmo quando não há rootkit. Baixe > ATF-Cleaner.

 

Reinicie o PC em modo de segurança. Rode o ATF-Cleaner.

 

Marque Select All. Depois clique em Empty Selected. Na janela Done Cleaning dê o OK e Exit.

 

Reinicie normalmente e se o problema ainda acontecer, faça um scan on line com anti vírus e poste o resultado: Symantec

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Sam Spader, segui todas as últimas informações, mas continua o problema. Passei por último o scan online da symantec e pegou um trojan, aí apaguei o dito cujo, mas qdo voltei a internet, continua aparecendo aquele quadro e agora, não estou conseguindo reiniciar o pc. Está mais lento. Mais alguma sugestão? Obrigado, pelas ajudas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

The scan is complete.

Attention, your computer is infected!

The following infected files/objects were found during the scan:

 

 

Report is empty.

Please note: The free Kaspersky Online Scanner does not provide comprehensive protection and cannot prevent future infections. It only detects malware that has already penetrated your storage devices. We strongly recommend that you use a fully-functional antivirus solution to protect your computer at all times.

 

Please wait, this process may take a long time depending on the selected target. If you want to continue browsing, open a new window.

 

Scan Progress [98%]:

 

 

 

 

 

Total number of scanned files: 79857

Number of viruses found: 1

Number of infected objects: 1

Number of suspicious objects: 0

Duration of the scan process: 01:32:46

 

The scan is complete.

Attention, your computer is infected!

The following infected files/objects were found during the scan:

 

 

Report is empty.

Please note: The free Kaspersky Online Scanner does not provide comprehensive protection and cannot prevent future infections. It only detects malware that has already penetrated your storage devices. We strongly recommend that you use a fully-functional antivirus solution to protect your computer at all times.

 

Please wait, this process may take a long time depending on the selected target. If you want to continue browsing, open a new window.

 

Scan Progress [98%]:

 

 

 

 

 

Total number of scanned files: 79857

Number of viruses found: 1

Number of infected objects: 1

Number of suspicious objects: 0

Duration of the scan process: 01:32:46

 

 

Thursday, April 12, 2007 5:05:36 AM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 12/04/2007

Kaspersky Anti-Virus database records: 278911

 

 

Scan Settings

Scan using the following antivirus database standard

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

A:\

C:\

D:\

E:\

 

Scan Statistics

Total number of scanned objects 79857

Number of viruses found 1

Number of infected objects 1 / 0

Number of suspicious objects 0

Duration of the scan process 01:32:46

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\USUARIO\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\USUARIO\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\USUARIO\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\USUARIO\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\USUARIO\ntuser.dat.LOG Object is locked skipped

 

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

C:\System Volume Information\_restore{C9DF7716-059E-4EE4-AB56-EB3017E9C2F7}\RP237\change.log Object is locked skipped

 

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

 

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

 

C:\WINDOWS\Sti_Trace.log Object is locked skipped

 

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\default Object is locked skipped

 

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SAM Object is locked skipped

 

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\software Object is locked skipped

 

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\system Object is locked skipped

 

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

 

C:\WINDOWS\system32\h323log.txt Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

 

C:\WINDOWS\Temp\Perflib_Perfdata_4b0.dat Object is locked skipped

 

C:\WINDOWS\Temp\Perflib_Perfdata_510.dat Object is locked skipped

 

C:\WINDOWS\wiadebug.log Object is locked skipped

 

C:\WINDOWS\wiaservc.log Object is locked skipped

 

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

D:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

 

D:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

 

D:\Arquivos de programas\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

 

D:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

 

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

D:\System Volume Information\_restore{C9DF7716-059E-4EE4-AB56-EB3017E9C2F7}\RP235\A0344046.exe Infected: Trojan-Proxy.Win32.Horst.xc skipped

 

D:\System Volume Information\_restore{C9DF7716-059E-4EE4-AB56-EB3017E9C2F7}\RP237\change.log Object is locked skipped

 

Scan process completed.

 

 

Trojan Proxy Servers

 

 

Logfile of HijackThis v1.99.1

Scan saved at 05:10:04, on 12/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\winINI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\winINI.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Executive Software\Diskeeper\DkService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Arquivos de programas\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Arquivos de programas\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spybotSnD] "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe" /waitprograms

O4 - HKLM\..\Run: [winINI] C:\Arquivos de programas\winINI.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: winINI.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://sonypictures.com/movies/spiderman3/.../vivid_ocx.jpeg

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://familia-tra-la-la.spaces.live.com//...ad/MsnPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8DBCDE-205F-4861-A237-1CD9298D4C4A}: NameServer = 200.155.32.29 200.155.32.27

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Arquivos de programas\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Arquivos de programas\Executive Software\Diskeeper\DkService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, o que o Kaspersky detectou está na restauração do sistema e por conseguinte, inativo. Só seria infectado, se precisasse usá-la por qualquer motivo. Ao finalizar o tópico darei as instruções para que seja removido.

 

D:\System Volume Information\_restore{C9DF7716-059E-4EE4-AB56-EB3017E9C2F7}\RP235\A0344046.exe Infected: Trojan-Proxy.Win32.Horst.xc skipped

O log do HijackThis mostra uma outra infecção. Baixe > KillBox

 

Salve ou imprima estas instruções, pois vai segui-las desconectado e sem acesso a esta página:

 

1 - Rode o KillBox, marque Delete on Reboot e coloque em Full Path of File to Delete:

 

C:\Arquivos de programas\winINI.exe

 

Clique no botão killbox.png. Responda Não à pergunta.

 

Coloque agora:

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\winINI.exe

 

Clique no botão killbox.png. Desta vez, responda Sim à pergunta.

 

Ao reiniciar o PC, aperte F8 intermitentemente. No menu escolha: modo seguro.

 

2 - Faça um scan com o HijackThis, marque as entradas abaixo, que ainda encontrar e clique em ht-fix.png

 

O4 - HKLM\..\Run: [winINI] C:\Arquivos de programas\winINI.exe

 

O4 - Global Startup: winINI.exe

 

3 - Reinicie em modo normal, faça um scan com o HijackThis e salve/poste o log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Puxa vida, amigo, parece que deu certo sim. Pois agora já não me aparece mais o quadro que apareceia antes. Será que está limpo? Desde ontem o pc já não estava querendo desligar. Só pelo Desativar do Gerenciador de taredas do Windows. Se tiver mais alguma sugestão ou orientação, eu agradeço.

 

Jpaulo

 

Aí segue o log

 

Logfile of HijackThis v1.99.1

Scan saved at 21:15:13, on 12/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Executive Software\Diskeeper\DkService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Arquivos de programas\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Arquivos de programas\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spybotSnD] "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe" /waitprograms

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://sonypictures.com/movies/spiderman3/.../vivid_ocx.jpeg

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://familia-tra-la-la.spaces.live.com//...ad/MsnPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Arquivos de programas\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Arquivos de programas\Executive Software\Diskeeper\DkService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá. Sim, ao iniciar, aparece a opção de desligar, mas não desliga. Por mais que se tente, não desliga. Ele volta para o desktop mas não desliga. Agora, além de lento, quando ligo, ele entra em uma tela do explorer em C:/arquivos de programas/Cyberlinks. Outra pergunta, quando estiver limpo eu poderei excluir aqueles programas que você me pediu pora instalar ou é melhor deixá-los? Uma outra coisa, em C:/ está aparecendo uma pasta daquele KIlbox. Porém, eu percebi uqe ele está assim: !Kilbox e dentro tem um ícone daquele que você tinha ditoque deletasse Winini, um ícone tipo uma carta alaranjada, exatamente como o que estava antes. Algo errado nisso?Jpaulo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bem, a pasta !KillBox é do programa em questão e é onde ficam os backups. Pode deletá-la que o KillBox criará outra se for usado novamente.

 

Sobre o Cyberlinks, localize o programa e poste as informações que encontrar sobre ele.

 

Para o problema do Desligar, veja este documento da Microsoft.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.