Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
andre_japiassu

Msnmsg

Posts recomendados

Estou com um malware que não sei como ele apareceu.

Com isso a internet está muito lenta.

O q faço.

O erro é :

Socket Errror #11001

Host Not Found.

O q faço para retirá-lo.

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

andre_japiassu,

@- Faça um scan on-line em um desses links disponíveis: PANDA ou BITDEFENDER

...em todos os discos; reserve log...

  • Obs: Usuários do Avast podem receber um alerta ao tentar utilizar o scan do PANDA. Caso receba, ignore ou desabilite o seu anti-vírus temporariamente para fazer o scan.

@- Baixe o HijackThis, colocando numa pasta em C:\HIJACK\HijackThis.exe

- Para executá-lo, feche todas as janelas abertas e clique em Do a system scan and save a logfile.

- Post um log do hijack, do scan on-line e cole-os na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olha os logs amigo.

<span style="font-family:Arial">hijackthis</span>

Logfile of HijackThis v1.99.1

Scan saved at 22:11:28, on 11/9/2006

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\WinAntiVirus Pro 2006\FWSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exe

C:\WINDOWS\system32\MSTask.exe

C:\WINDOWS\System32\WBEM\WinMgmt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\loadqm.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\msnmsg.exe

C:\WINDOWS\System32\internat.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

C:\ARQUIV~1\Telemar\Velox\app\enternet.exe

C:\Teste\HijackThis.exe

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [msnmsg] C:\WINDOWS\System32\msnmsg.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Picture Package Menu.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O4 - Global User Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global User Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global User Startup: Picture Package Menu.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global User Startup: Picture Package VCD Maker.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O4 - Global User Startup: Symantec Fax Starter Edition Port.lnk = C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe (file missing)

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.mmohsix.com

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} - http://200.212.184.212/g_bin/eng/poker_2_0_0_38.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} - http://200.212.184.212/g_bin/eng/billardt_2_0_0_23.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Arquivos de programas\WinAntiVirus Pro 2006\FWSvc.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: msn32update - Unknown owner - C:\WINDOWS\spool32.exe (file missing)

O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exe

ACTIVESCAN

Incident Status Location

Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Arquivos de programas\WinAntiVirus Pro 2006\FWSvc.exe

Adware:adware/wupd Not disinfected c:\windows\system32\ide21201.vxd

Adware:adware/dollarrevenue Not disinfected c:\VSL02.exe

Adware:adware/dyfuca Not disinfected c:\windows\optimize.exe

Adware:adware/cws.searchmeup Not disinfected c:\windows\uniq

Adware:adware/whenusearch Not disinfected c:\arquivos de programas\arquivos comuns\WhenU

Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\arquivos de programas\arquivos comuns\WinAntiVirus Pro 2006

Adware:adware/deskwizz Not disinfected Windows Registry

Spyware:spyware/media-motor Not disinfected Windows Registry

Adware:adware/ucontrol Not disinfected Windows Registry

Dialer:Dialer.XD Not disinfected C:\777.htm

Adware:Adware/Ucontrol Not disinfected C:\Arquivos de programas\Arquivos comuns\WhenU\UControlScanAndRemove.ocx

Adware:Adware/Gator Not disinfected C:\Arquivos de programas\MUSK Codec Pack v5\5.1\5.1.exe[Gain_Trickler.exe]

Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Arquivos de programas\WinAntiVirus Pro 2006\avkernel.dll

Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Arquivos de programas\WinAntiVirus Pro 2006\WAV6COM.dll

Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Arquivos de programas\WinAntiVirus Pro 2006\winpgi.dll

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Andre\Configurações locais\Temp\Cookies\andre@atdmt[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Andre\Configurações locais\Temp\Cookies\andre@de.uol.com[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Andre\Configurações locais\Temp\Cookies\andre@doubleclick[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Andre\Configurações locais\Temp\Cookies\andre@uol.com[2].txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

andre_japiassu, em adicionar ou remover programas, caso exista, desinstale: WinAntiVirus Pro 2006.

@- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

- Copie as instruções para o bloco de notas ou imprima!

- Execute a Ferramenta DelDomains - Click com o botão direito -> Instalar

Observação: Aparentemente nada acontece. É assim mesmo. Continue...

- Faça a descompactação do KillBox e reserve-o numa pasta ou em seu desktop;

- Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

C:\Arquivos de programas\WinAntiVirus Pro 2006

c:\windows\system32\ide21201.vxd

c:\VSL02.exe

c:\windows\optimize.exe

c:\windows\uniq

c:\arquivos de programas\arquivos comuns\WhenU

c:\arquivos de programas\arquivos comuns\WinAntiVirus Pro 2006

C:\777.htm

C:\WINDOWS\System32\msnmsg.exe

...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X...killbox.png e responda Não à pergunta.

@- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

@- Clique em Iniciar > Executar > digite: services.msc > OK. Localize o serviço: Firewall service, clique com o botão direito do mouse. Em propriedades, clique em Parar e troque o Tipo de Inicialização para Desativado.

- Faça o mesmo para: msn32update

- Execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes à(s) entradas relacionadas abaixo em azul. Ao final da seleção, clique em Fix Checked... ht-fix.png

O4 - HKLM\..\Run: [msnmsg] C:\WINDOWS\System32\msnmsg.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe (file missing)

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} - http://200.212.184.212/g_bin/eng/poker_2_0_0_38.cab

- Ainda no Hijack... Clique em Config > Misc Tools (section). Agora, clique em Delete an NT Service. Na caixa cole o serviço abaixo em negrito (um de cada vez) e clique em Ok. Clique em Não, quando for perguntado se deseja reiniciar.

FWSvc

msn32update

@- Clique em Iniciar // Executar // Digite: Cleanmgr.exe

(Disco C:) // Em Limpeza de disco, deixe todas as opções marcadas e Clique em OK.

@- Reinicie em modo normal.

@- Copie outro log do Hijack (atualizado) e cole-o na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

O LOG GERADO

Logfile of HijackThis v1.99.1

Scan saved at 18:20:22, on 14/9/2006

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exe

C:\WINDOWS\system32\MSTask.exe

C:\WINDOWS\System32\WBEM\WinMgmt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\loadqm.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\internat.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\ARQUIV~1\Telemar\Velox\app\enternet.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Meus documentos\Programas\HijackThis.exe

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Picture Package Menu.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O4 - Global User Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global User Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global User Startup: Picture Package Menu.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global User Startup: Picture Package VCD Maker.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O4 - Global User Startup: Symantec Fax Starter Edition Port.lnk = C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\npjpi150_06.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} - http://200.212.184.212/g_bin/eng/billardt_2_0_0_23.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Andre, aparentemente o problema já foi resolvido, não? Porém, você também estava infectado por um falso programa (WinAntiVirus) que costuma deixar uns "presentes" escondidos no computador. Por favor, me informe se ainda está apresentando algum problema e faça o procedimento abaixo:

@- Baixe, mas não execute ainda.

- Copie as instruções para o bloco de notas ou imprima!

Observação: Como o Blacklight busca arquivos escondidos. Não rode-o com algum programa, ativo, que "esconda" pastas e arquivos.

@- Em modo normal, execute a Ferramenta Blacklight (blbeta.exe) e aceite o acordo: Next >... Como queremos apenas o log, não remova nenhum arquivo que o programa encontrar, pois algum poderá ser legítimo. Clique em Scan e aguarde...

- Na finalização do scan, o botão Show all processes aparecerá, clique em Close.

- Reserve o log: fsb-xxxxx.log (xxxxx, são números), que estará no mesmo diretório.

@- Post os log do Hijack, Blacklight (fsb-xxxxx.log) e cole-os na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

OS LOGS GERADOS

Coruja. Obrigado por tudo.

fsbl-20060915120806

09/15/06 09:08:06 [info]: BlackLight Engine 1.0.46 initialized

09/15/06 09:08:06 [info]: OS: 5.0 build 2195 (Service Pack 2)

09/15/06 09:08:06 [Note]: 7019 4

09/15/06 09:08:06 [Note]: 7005 0

09/15/06 09:08:09 [Note]: 7006 0

09/15/06 09:08:09 [Note]: 7011 884

09/15/06 09:08:09 [Note]: 7026 0

09/15/06 09:08:09 [Note]: 7026 0

09/15/06 09:08:16 [Note]: FSRAW library version 1.7.1019

09/15/06 09:09:38 [Note]: 2000 1006

09/15/06 09:09:59 [Note]: 7007 0

Logfile of HijackThis v1.99.1

Scan saved at 09:10:55, on 15/9/2006

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exe

C:\WINDOWS\system32\MSTask.exe

C:\WINDOWS\System32\WBEM\WinMgmt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\loadqm.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\internat.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\ARQUIV~1\Telemar\Velox\app\enternet.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Meus documentos\Programas\HijackThis.exe

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Picture Package Menu.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O4 - Global User Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global User Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global User Startup: Picture Package Menu.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global User Startup: Picture Package VCD Maker.lnk = C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O4 - Global User Startup: Symantec Fax Starter Edition Port.lnk = C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O8 - Extra context menu item: &Google Search - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\arquivos de programas\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\npjpi150_06.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} - http://200.212.184.212/g_bin/eng/billardt_2_0_0_23.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\ARQUIV~1\Telemar\Velox\app\pppoeservice.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

<div align="center">andre_japiassu,

O seu log está LIMPO! Mais algum problema relacionado com os malwares?

Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.</div>

<div align="center">Obrigado pelo retorno e um forte abraço!</div>

<div align="center">buho8xs.gif</div>

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda_a_Ler_Resistores_e_Capacitores-capa-3d-newsletter.jpg

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!