×
Ir ao conteúdo
  • Cadastre-se

Backdoor.Graybird


Deise G.

Posts recomendados

O Norton bloqueou esse vírus mas não removeu, ou eu peguei outro, porque alguns programas estão apresentando problemas e eu achei minha net mais lenta...

Por favor dêem uma olhada no meu log:

Logfile of HijackThis v1.99.1

Scan saved at 02:35:35, on 9/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\ARQUIV~1\ARQUIV~1\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SolidDocuments\SolidCapture\solidcapture.exe

C:\Arquivos de programas\Clock Tray Skins\ClockTraySkins.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbit\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Discador clicRBS - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [babylon Client] "C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" -AutoStart

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LogonStudio] "C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Arquivos de programas\Essentials Codec Pack\update.exe" -silent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MagUninstall] "C:\Arquivos de programas\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [solidCapture] C:\Arquivos de programas\SolidDocuments\SolidCapture\solidcapture.exe

O4 - HKCU\..\Run: [skinClock] C:\Arquivos de programas\Clock Tray Skins\ClockTraySkins.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbit\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbit\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbit\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbit\orbitmxt.dll/204

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/282d88cfe38e3279f806/netzip/RdxIE601_br.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\ARQUIV~1\ARQUIV~1\Stardock\mcpstub.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: Validação de senha de Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Programador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe (file missing)

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

Fiz um scan no BitDefender:

BitDefender Online Scanner

Scan report generated at: Thu, Mar 06, 2008 - 21:24:52

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time

02:16:37

Files

431315

Folders

10744

Boot Sectors

2

Archives

4940

Packed Files

13977

Results

Identified Viruses

1

Infected Files

1

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

1

Engines Info

Virus Definitions

986007

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\RECYCLER\S-1-5-21-1177238915-1604221776-725345543-1003\Dc237.31\advdp.exe=>(Instyler o)=>(Instyler Module 12)

Detected with: Adware.Relevant.A

C:\RECYCLER\S-1-5-21-1177238915-1604221776-725345543-1003\Dc237.31\advdp.exe=>(Instyler o)=>(Instyler Module 12)

Deleted

C:\RECYCLER\S-1-5-21-1177238915-1604221776-725345543-1003\Dc237.31\advdp.exe=>(Instyler o)

Update failed

Desde já agradeço!

Link para o comentário
Compartilhar em outros sites

  • Membro VIP

- Log limpo :)

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Link para o comentário
Compartilhar em outros sites

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda a ler resistores e capacitores

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!