[Resolvido!] Problemas na instalação de anti-vírus

Viniland · Abril 6, 2010

Oi pessoal, estou com problemas na instalação de alguns anti-vírus(pra nao dizer todos), pois ja tentei instalar o Avast, Avg, Kapersky, Avira, Spybot e etc, tb não aparece nenhum tipo de msg de erro, o setup de instalação simplesmente desaparece da tela...

Vai o log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:59:19, on 6/4/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\XP-93E94987.EXE

C:\WINDOWS\windowsmp.exe

C:\WINDOWS\system32\XP-93E94987.EXE

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Primeira Vara\Meus documentos\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.4.11:3128

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\init.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [XP-93E94987] C:\WINDOWS\system32\XP-93E94987.EXE

O4 - HKLM\..\Run: [windowsmp] C:\WINDOWS\windowsmp.exe

O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-93E94987.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269516128984

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

--

End of file - 2951 bytes

DigRam · Abril 6, 2010

Boa Tarde! Viniland

<@> Vá a este endereço:

<!> < ConfickerWorkingGroup >

<@> Interprete as 4 imagens,na infecção pelo conficker. ( Conficker Eye Chart )

<@> Ps: Informe o resultado!

Abraços!

Viniland · Abril 6, 2010

Boa tarde DigRam, fiz o que você pediu, mas a página não carregou, o site não abriu.

DigRam · Abril 6, 2010

Boa tarde DigRam, fiz o que você pediu, mas a página não carregou, o site não abriu.

//////////\\\\\\\\\\\

Opa! Viniland

<@> Baixe: < >

<@> < Link - 2 >

<@> < Link - 3 >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste,os relatórios: mbam-log-2010-xx-xx (00-00-00).txt + HijackThis,atualizado.

Abraços!

Viniland · Abril 7, 2010

Bom dia DigRam, baixei o Malwarebytes e executei.

Aí vai o log...

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Versão da Base de Dados: 3930

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

6/4/2010 14:24:58

mbam-log-2010-04-06 (14-24-58).txt

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 109476

Tempo decorrido: 16 minuto(s), 0 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 4

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 6

Pastas Infectadas: 1

Arquivos Infectados: 29

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

C:\Documents and Settings\Primeira Vara\Configurações locais\Temp\E_4\dp1.fne (Worm.Autorun) -> Delete on reboot.

C:\Documents and Settings\Primeira Vara\Configurações locais\Temp\E_4\internet.fne (HackTool.Patcher) -> Delete on reboot.

C:\Documents and Settings\Primeira Vara\Dados de aplicativos\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.

C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\4LLI (Worm.AutoRun) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp-93e94987 (Trojan.Agent) -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas Infectadas:

C:\Documents and Settings\Primeira Vara\Configurações locais\Temp\E_4 (Worm.AutoRun) -> Delete on reboot.

Arquivos Infectados:

C:\Documents and Settings\Primeira Vara\Configurações locais\Temp\E_4\dp1.fne (Worm.Autorun) -> Delete on reboot.

C:\Documents and Settings\Primeira Vara\Configurações locais\Temp\E_4\internet.fne (HackTool.Patcher) -> Delete on reboot.

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\OTARWHQ3\jmgboqx[1].gif (Worm.Downadup) -> Quarantined and deleted successfully.

C:\Documents and Settings\Primeira Vara\Dados de aplicativos\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.

C:\System Volume Information\_restore{50B89490-844A-4A78-9BA4-BC5A6FA09120}\RP2\A0000050.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{50B89490-844A-4A78-9BA4-BC5A6FA09120}\RP6\A0002291.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.

C:\WINDOWS\system32\pxeqog.dll (Worm.Downadup) -> Delete on reboot.

C:\WINDOWS\system32\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.

C:\Documents and Settings\Primeira Vara\Configurações locais\Temp\E_4\com.run (Worm.AutoRun) -> Delete on reboot.

C:\Documents and Settings\Primeira Vara\Configurações locais\Temp\E_4\eAPI.fne (Worm.AutoRun) -> Delete on reboot.

C:\Documents and Settings\Primeira Vara\Configurações locais\Temp\E_4\krnln.fnr (Worm.AutoRun) -> Delete on reboot.

C:\Documents and Settings\Primeira Vara\Configurações locais\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Delete on reboot.

C:\Documents and Settings\Primeira Vara\Configurações locais\Temp\E_4\shell.fne (Worm.AutoRun) -> Delete on reboot.

C:\Documents and Settings\Primeira Vara\Configurações locais\Temp\E_4\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\explorer.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Primeira Vara\Menu Iniciar\Programas\Inicializar\¡¡¡¡¡¡.lnk (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\com.run (Trojan.Banker) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\og.EDT (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\Windowsmp.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\XP-93E94987.EXE (Trojan.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:25:59, on 7/4/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Primeira Vara\Meus documentos\Downloads\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe