Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

LDS

[Resolvido!]WINANTIVIRUS EOORSAFE

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

LDS    0

LDS
Postado

BOA TARDE!

COMO O PROBLEMA DE VÁRIOS OUTROS USUÁRIOS COM WINANTIVIRUS, ESSE É O LOGFILE DA MINHA MÁQUINA.

AGUARDO AJUDA.

OBRIGADO!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:36:05, on 1/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\qwerty12.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\ARQUIV~1\SPYWAR~1\sp_rsser.exe

D:\WINDOWS\system32\svchost.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

D:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de Programas\HP\Digital Imaging\bin\hpqtra08.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Arquivos de Programas\Internet Explorer\iexplore.exe

D:\WINDOWS\explorer.exe

D:\Arquivos de programas\Windows Defender\MsMpEng.exe

D:\Arquivos de programas\Windows Defender\MSASCui.exe

D:\WINDOWS\system32\wuauclt.exe

D:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5cb8d7b2-7a1d-403d-bf63-8abb672ce4ad} - D:\WINDOWS\system32\kbdcfg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "D:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Windows Defender] "D:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Arquivos de Programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181095637515

O17 - HKLM\System\CCS\Services\Tcpip\..\{08110F75-C8CE-48EF-A364-9BA5BD7D2EA7}: NameServer = 200.149.55.142 200.165.132.154

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: d:\windows\system32\awvvwtr.dll

O20 - Winlogon Notify: kbdcfg - D:\WINDOWS\SYSTEM32\kbdcfg.dll

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: DomainService - Unknown owner - D:\WINDOWS\system32\qwerty12.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - D:\Arquivos de programas\WinClamAVShield\sp_clamsrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\ARQUIV~1\SPYWAR~1\sp_rsser.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Olá LDS! Baixe > VundoFix

 

Dê um duplo-clique na ferramenta e depois clique no botão Scan for Vundo

 

Ao final do scan, clique no botão Remove Vundo. Quando aparecer o aviso perguntando se quer remover os arquivos, clique em Sim (Yes). O desktop poderá sumir, mas é normal.

 

Quando acabar a remoção, aparecerá um aviso para desligar o computador. Clique em OK.

 

Ligue-o novamente, faça um scan com o HijackThis e salve o log.

 

Poste:

 

vundofix.txt

log do HijackThis

 

OBS: É possível que o VundoFix encontre um arquivo que não consiga remover. Se isso acontecer a ferramenta rodará ao reiniciar.

Quando o VundoFix aparecer, clique no botão Scan for Vundo

 

Pode acontecer de ter de rodar o Vundofix mais algumas vezes. Isso é devido às novas variantes do Vundo serem muito persistentes.

Compartilhar este post

Link para o post
Compartilhar em outros sites

LDS    0

LDS
Postado

Boa tarde! Segui o tutorial que você postou, porém ao término do scan, o VUNDOFIX não achou nenhum arquivo infectado. Deve ter sido algum programa antivírus, pois eu baixei vários, e algum deles deve ter resolvido o problema. De qualquer forma estou extremamente grato!Um abraço!

Compartilhar este post

Link para o post
Compartilhar em outros sites

LDS    0

LDS
Postado

POIS É, PASSEI UM MONTE DE ANTIVIRUS, E TIVE UMA PAUSA NOS IRRITANTES ANÚNCIOS DO "WINANTIVIRUSPRO", "ERRORSAFE" E OUTRAS PÁGINAS INDESEJADAS QUE ABREM NO IE E FIREFOX. PARA MINHA SURPRESA VOLTOU A ACONTECER. MINHA PERGUNTA É: O QUE DEVO FAZER VISTO QUE O VUNDO NÃO DETECTOU NENHUMA INFECÇÃO? AGUADO E AGRADEÇO!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado
Deve ter sido algum programa antivírus, pois eu baixei vários, e algum deles deve ter resolvido o problema.

Olá, já que houve isso, preciso de um novo log do HijackThis.

Compartilhar este post

Link para o post
Compartilhar em outros sites

LDS    0

LDS
Postado

Segue o que você pediu.

 

Logfile of HijackThis v1.99.1

Scan saved at 22:31:25, on 7/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Windows Defender\MsMpEng.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\a-squared Free\a2service.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\ARQUIV~1\SPYWAR~1\sp_rsser.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

D:\WINDOWS\System32\alg.exe

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

D:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

D:\Arquivos de programas\Windows Defender\MSASCui.exe

D:\Arquivos de Programas\PortBlocker\PortBlocker.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de Programas\HP\Digital Imaging\bin\hpqtra08.exe

D:\Arquivos de Programas\Google\Web Accelerator\GoogleWebAccWarden.exe

D:\Gel Software\GelMail.exe

D:\Arquivos de programas\Google\Web Accelerator\googlewebaccclient.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Arquivos de Programas\Mozilla Firefox\firefox.exe

D:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

D:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5cb8d7b2-7a1d-403d-bf63-8abb672ce4ad} - D:\WINDOWS\system32\kbdcfg.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - D:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - D:\WINDOWS\system32\tmp9F.tmp.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - D:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "D:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Windows Defender] "D:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PortBlocker] "D:\Arquivos de Programas\PortBlocker\PortBlocker.exe"

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Central de e-mail do Gel.lnk = D:\Gel Software\GelMail.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk

O4 - Global Startup: Run Google Web Accelerator.lnk = D:\Arquivos de Programas\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181095637515

O17 - HKLM\System\CCS\Services\Tcpip\..\{08110F75-C8CE-48EF-A364-9BA5BD7D2EA7}: NameServer = 200.149.55.142 200.165.132.154

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: d:\windows\system32\awvvwtr.dll

O20 - Winlogon Notify: kbdcfg - D:\WINDOWS\SYSTEM32\kbdcfg.dll

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - D:\Arquivos de programas\WinClamAVShield\sp_clamsrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\ARQUIV~1\SPYWAR~1\sp_rsser.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Ok, baixe: Avenger > extraia os arquivos para o desktop

 

Salve e imprima (pode não ter acesso ao que salvou ao reiniciar o PC e abrir o HijackThis) estas instruções, pois vai segui-las desconectado e sem acesso a esta página:

 

OBS: Só rode o Avenger apenas uma vez. Se rodar a segunda, o script não servirá mais pois, os arquivos e entradas foram deletados ao rodar a primeira vez e o avenger.txt será sobrescrito.

 

1 - Selecione e copie o texto dentro do QUOTE.

 

Files to delete:

D:\WINDOWS\system32\kbdcfg.dll

D:\WINDOWS\system32\tmp9F.tmp.dll

D:\WINDOWS\SYSTEM32\awvvwtr.dll

D:\WINDOWS\SYSTEM32\kbdcfg.dll

 

registry keys to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cb8d7b2-7a1d-403d-bf63-8abb672ce4ad}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}

HKLM\SOFTWARE\Classes\CLSID\{5cb8d7b2-7a1d-403d-bf63-8abb672ce4ad}

HKLM\SOFTWARE\Classes\CLSID\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbdcfg

 

Registry values to replace with dummy:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

 

Programs to launch on reboot:

D:\hijackthis\HijackThis.exe

Rode o Avenger. Selecione Input script manually.

 

Clique no ícone lupaavengerkp2.png. Irá abrir a janela View/edit script e então cole o que copiou dentro do QUOTE.

 

Clique em Done. Agora clique no ícone sinalverdeavengerxs8.png para começar a execução do script. Dê o Sim (Yes).

 

Ao acabar de rodar o script o PC será reiniciado e o HijackThis irá abrir.

 

Marque as entradas abaixo, que ainda encontrar e clique em ht-fix.png

 

O2 - BHO: (no name) - {5cb8d7b2-7a1d-403d-bf63-8abb672ce4ad} - D:\WINDOWS\system32\kbdcfg.dll

 

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - D:\WINDOWS\system32\tmp9F.tmp.dll

 

O20 - Winlogon Notify: kbdcfg - D:\WINDOWS\SYSTEM32\kbdcfg.dll

 

Reinicie o PC normalmente. Gere um novo log com o HijackThis e poste, juntamente com o avenger.txt que encontrará em D:\

Compartilhar este post

Link para o post
Compartilhar em outros sites

LDS    0

LDS
Postado

Logfile of HijackThis v1.99.1

Scan saved at 20:18:01, on 9/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Windows Defender\MsMpEng.exe

D:\WINDOWS\System32\svchost.exe

D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\a-squared Free\a2service.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\ARQUIV~1\SPYWAR~1\sp_rsser.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

D:\WINDOWS\System32\alg.exe

D:\WINDOWS\Explorer.EXE

D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

D:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

D:\Arquivos de programas\Windows Defender\MSASCui.exe

D:\Arquivos de Programas\PortBlocker\PortBlocker.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de Programas\HP\Digital Imaging\bin\hpqtra08.exe

D:\Arquivos de Programas\Google\Web Accelerator\GoogleWebAccWarden.exe

D:\Arquivos de programas\Google\Web Accelerator\googlewebaccclient.exe

D:\WINDOWS\system32\notepad.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Documents and Settings\AL\Desktop\Antivírus e Utilitários\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - D:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de Programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - D:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll

O4 - HKLM\..\Run: [avast!] D:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "D:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Windows Defender] "D:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PortBlocker] "D:\Arquivos de Programas\PortBlocker\PortBlocker.exe"

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Central de e-mail do Gel.lnk = D:\Gel Software\GelMail.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk

O4 - Global Startup: Run Google Web Accelerator.lnk = D:\Arquivos de Programas\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181095637515

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - D:\Arquivos de programas\WinClamAVShield\sp_clamsrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\ARQUIV~1\SPYWAR~1\sp_rsser.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

 

 

 

 

 

 

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\pmcsilhi

 

*******************

 

Script file located at: \??\D:\Documents and Settings\rjphuuvp.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at D:\Avenger

 

*******************

 

Beginning to process script file:

 

File D:\WINDOWS\system32\kbdcfg.dll deleted successfully.

File D:\WINDOWS\system32\tmp9F.tmp.dll deleted successfully.

File D:\WINDOWS\SYSTEM32\awvvwtr.dll deleted successfully.

 

 

File D:\WINDOWS\SYSTEM32\kbdcfg.dll not found!

Deletion of file D:\WINDOWS\SYSTEM32\kbdcfg.dll failed!

 

Could not process line:

D:\WINDOWS\SYSTEM32\kbdcfg.dll

Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cb8d7b2-7a1d-403d-bf63-8abb672ce4ad} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC} deleted successfully.

Registry key HKLM\SOFTWARE\Classes\CLSID\{5cb8d7b2-7a1d-403d-bf63-8abb672ce4ad} deleted successfully.

Registry key HKLM\SOFTWARE\Classes\CLSID\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbdcfg deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Program D:\hijackthis\HijackThis.exe successfully set up to run once on reboot.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

O log está limpo. Como está o PC?Você usa este programa e de onde baixou?O4 - HKLM\..\Run: [PortBlocker] "D:\Arquivos de Programas\PortBlocker\PortBlocker.exe"

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito