1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

Como Removor esse Trojan... Help me...

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por sorsilver, 25 de Agosto de 2006. (Respostas: 3; Visualizações: 1872)

  1. Amigos, estou com um trojan q nao consigo remover. Passei o HijackThis.exe e ele me gerou um log. Por favor me ajudem.

    Logfile of HijackThis v1.99.1
    Scan saved at 09:57:08, on 24/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\Arquivos de programas\Cobian Backup 7\CobBU.exe
    C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
    C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
    C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
    C:\Arquivos de programas\Amic Utilities\PDF Writer Pro\pdfwload.exe
    C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Arquivos de programas\Skype\Phone\Skype.exe
    C:\Arquivos de programas\Symantec\WinFax\WFXCTL32.EXE
    C:\Arquivos de programas\Cobian Backup 7\cobui.exe
    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\WFXSVC.EXE
    C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Arquivos de programas\Symantec\WinFax\WFXMOD32.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Arquivos de programas\Internet Explorer\iexplore.exe
    D:\EXATTA SOFT\PROGRAMA\Exatta.exe
    C:\Arquivos de programas\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    D:\Nova pasta (2)\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll
    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [Cobian Backup 7] "C:\Arquivos de programas\Cobian Backup 7\CobBU.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [\\CENTRAL\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P36 "\\CENTRAL\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em SERVIDOR] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P43 "Auto EPSON Stylus CX4100 Series em SERVIDOR" /O19 "\\SERVIDOR\EPSONSty" /M "Stylus CX4100"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\ARQUIV~1\Grisoft\AVG7\avgregcl.exe /BOOT
    O4 - HKLM\..\Run: [\\SERVIDOR\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P37 "\\SERVIDOR\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
    O4 - HKLM\..\Run: [Firebird] C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbguard.exe -a
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em COMERCIAL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P44 "Auto EPSON Stylus CX4100 Series em COMERCIAL" /O20 "\\COMERCIAL\EPSONSty" /M "Stylus CX4100"
    O4 - HKLM\..\Run: [\\COMERCIAL\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P38 "\\COMERCIAL\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [pdfw] C:\Arquivos de programas\Amic Utilities\PDF Writer Pro\pdfwload.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Controller.LNK = C:\Arquivos de programas\Symantec\WinFax\WFXCTL32.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SoftFone GVT.lnk = C:\Arquivos de programas\GVT\SoftFone GVT\SoftFone GVT.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136249290691
    O16 - DPF: {A2CD4A80-DDA5-11D3-8DAC-0000B45FF7C8} (Controlador Class) - https://ic400.interchange.com.br/icnet/Componentes/ICWCLI.CAB
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8A95C1C9-A766-4BF5-8E84-515A5E44D67B}: NameServer = 201.10.120.3,201.10.1.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E6ECC8DF-248B-4FA7-9819-D1C6DE5403EE}: Domain = @
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E6ECC8DF-248B-4FA7-9819-D1C6DE5403EE}: NameServer = 200.180.24.151,200.202.17.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
     
  2. Th3 Gam3

    Th3 Gam3 1st Folding then Sex

    Boas
    Faz um scan completo com o .

    Abraço
     
    Última edição: 25 de Agosto de 2006
  3. ShadeX

    ShadeX Power Member

    Tens conciência que apagar o spoolsv.exe, especialmente o que se encontra na System32 provavelmente acaba com o printer spooler tambem certo?

    Pq a menos que tenha sido subsituido por alguma coisa má, que se deu obviamente ao trabalho de desligar o WFP para não ser detectada, é um ficheiro que todos os Windows têm, e activam mal instalam uma impressora, que aparentemente é o caso dele...
     
  4. Th3 Gam3

    Th3 Gam3 1st Folding then Sex

    Boas
    Correcto. Ainda nem acredito como é que pude cometer tal erro. Hoje não é o meu dia de certeza.

    Reply prontamente editado.

    Enfim... peço desculpa se causei algum dano. Lamento e ao mesmo tempo agradeço o reparo.

    Abraço
     

Partilhar esta Página