[Resolvido!]Problema com anti-virus e conexão

[Daniel Françoso 0]

Prezados,

 

há algum tempo sou fã deste fórum e eventualmente lia os posts da galera.

 

Não me cadastrei antes pois sou muito leigo para conseguir ajudar em alguma dúvida por aqui.

 

Bom, o motivo de estar escrevendo é que hoje, agora a pouco, estava no eMule e tive problema com um vírus.

 

De imediato o Norton reconheceu como vírus, mas depois o computador ficou lento, o anti-virus foi desabilitado e ao reiniciar o computador não conseguia conexão. Utilizo conexão wi-fi, mas nem esta nem com cabo deram certo.

 

Tentei reiniciar no modo de segurança mas também não consegui...

 

Dando uma fuçada notei que foi criado um arquivo hidr.exe e pesquisando aqui descobri que se tratava do Trojan W32.Beagle.DZ.

 

Tentei seguir os passos que o jgarcia deu em outro tópico aqui postado. Executei KillBox, CCleaner, EliBaglA e HijackThis. Sempre seguindo os passos do post. Não sei se deveria ter feito isso, pois cada caso deve ser um caso...

 

Consegui reiniciar em modo de segurança. Em modo normal ainda está muuuuito lento e não consigo acessar a internet.

 

 

Bom, segue o log do EliBagle:

 

 

Mon Apr 16 00:01:11 2007

EliBagle v10.35 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminada Carpeta "%WinDir%\exefld"

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Mon Apr 16 00:01:17 2007

EliBagle v10.35 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Agora do HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 00:14:15, on 16/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\vsnpstd.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Norton Internet Security\CfgWiz.exe

C:\Documents and Settings\Dan\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [bCD2000] %SystemRoot%\system32\bcd2kcpan.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe

O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Program Files\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://centraus2.englishtown.com/SiteRoots...raUpdaterAx.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Program Files\GbPlugin\GbpSv.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

 

 

 

Espero que alguem possa me ajudar...

 

Muito Obrigado!!!!

 

Abraços,

 

Daniel Françoso

[jgarcia 1]

Opa Daniel Françoso,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.

[Daniel Françoso 0]

Obrigado por sua ajuda jgarcia!Como minhas conexões (cabo e wifi) não estavam funcionando foi uma luta, mas consegui. A conexão a cabo agora funciona...Então, fiz o que falou, rodei o Panda ActiveScan. Eis o log:Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dan\Cookies\dan@2o7[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dan\Cookies\dan@atwola[1].txt ObrigadoDaniel

[Daniel Françoso 0]

jgarcia,se eu formatar o computador resolvo o problema?Abraços,Daniel

[jgarcia 1]

Opa Daniel Françoso,

 

Quais são, hoje, as ocorrências estranhas em sua máquina?

[Daniel Françoso 0]

Estava muuuuuito lento e não conseguia configurar o wifi... que depois do que aconteceu tinha dado pau.Comprei um HD externo e conseguir fazer backup dos arquivos importantes.Formatei hoje a tarde o computador e tá rodando tudo normal...Mais uma vez agradeço a ajuda e atenção na resolução do meu problema!Além do Norton Internet Security, tem alguma coisa que posso instalar para ficar longe de problemas como os que ocorreram?AbraçosDaniel

[jgarcia 1]

Opa Daniel Françoso,

 

A sua máquina possui configuração compatível com o peso do Norton Internet Security?

[Daniel Françoso 0]

Creio que sim, pois o computador jah veio com ele (trial) pré instalado.Segue a configuração:AMD Turion 642.19GHz1Gb RAMHD 80Gb128Mb VídeoO que acha? Acha que segura?abç

[jgarcia 1]

Opa Daniel Françoso,

 

A configuração, de fato, é compatível com o peso do Norton Internet Security.

 

PS.: Qual é versão do NIS contido em sua máquina?

[Daniel Françoso 0]

Opa Daniel Françoso,

 

A configuração, de fato, é compatível com o peso do Norton Internet Security.

 

PS.: Qual é versão do NIS contido em sua máquina?

 

Comprei o NIS 2007... acabei de instalar mas não veio o antispam como no ano passado.

[jgarcia 1]

Opa Daniel Françoso,

 

A configuração, de fato, é compatível com o peso do Norton Internet Security.

 

PS.: Qual é versão do NIS contido em sua máquina?

 

Comprei o NIS 2007... acabei de instalar mas não veio o antispam como no ano passado.

Ué! Segundo eu sei, o NIS 2007 possui o anti-spyware integrado -> veja.

 

Abraços.

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.