Virus?, mdnsresponder (bonjour) Options

[Di0g0]

Ola
Instale el programa: Adobe Photoshop CS3.
Pero ahora tengo un programa en mi ordenador, el servicio bonjour (mdnsresponder) de apple.
El problema es que el mdnsresponder es para el ipod se no me enganhõ!
No lo consigo remover, porque no aparece en el desinstalador del windows, tambien no consigo remover sus files!!
No se, pero ya me dicieran que es un virus!

Aqui esta mi log de hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 2:14:11, on 28-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Programas\BitDefender\BitDefender 2008\bdagent.exe
C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programas\Logitech\SetPoint\SetPoint.exe
C:\Programas\Ficheiros comuns\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programas\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programas\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programas\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programas\Valve\Steam\Steam.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Diogo\Ambiente de trabalho\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programas\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programas\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Programas\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NSLauncher] C:\Programas\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programas\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programas\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LBTWlgn - c:\programas\ficheiros comuns\logitech\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programas\Ficheiros comuns\Logitech\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programas\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Que es esso de (file missing)?? en los service de bitdefender?????

Ayuda please!

This post has been edited by Di0g0: Jul 28 2008, 12:50 AM

[Raül]

Buenos días Di0g0,

No creo que el problema con Bonjour tenga relación con una infección.

Analiza el equipo en Profundidad y envíanos los informes para salir de dudas.

Saludos,

[Di0g0]

Pero como lo desinstalo??? e que es el (file missing) en el log de hijackthis?

[Raül]

Buenos días Di0g0,

El informe de HijackThis es correcto y no muestra ninguna anomaía en BitDefender, desconozco porqué muestra file missing pero no es la primera vez, omítelo.

Saludos,

[Di0g0]

Ola Raul
é etcho un scan con spyware doctor, spyware doctor me detecto un spyware que bitdefender no detecta en la analises!!!
Agora necessito ayuda para desinstalar el mdnsresponder, e quitar el spyware!!
Aqui esta un printscreen de spyware doctor!

Attached File(s)

 Sem_título.JPG ( 122.75K ) Number of downloads: 1

 

[Di0g0]

Como no respondieran al problema, telefone al suporte tecnico!

(IMG:style_emoticons/default/angry.gif)

[Raül]

Buenos días Di0g0,

Continuaremos la incidencia por esa vía.

Saludos,