Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Scheider

Preciso que analisem meu log!

Recommended Posts

Scheider    0

gente eu não sei mexer muito bem com o hijackithis mas eu fiz o q falaram q acho q estou com muito virus, meu pc tá com muito probelas por causa desses virus e tá muito lag... aí ta a lista! me falem o q fazer por favor!!!!!!!!

Logfile of HijackThis v1.99.1

Scan saved at 15:21:02, on 19/4/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\ARQUIV~1\mcafee.com\vso\mcvsshld.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Media Gateway\MediaGateway.exe

c:\arquiv~1\mcafee.com\vso\mcvsescn.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\config\csrss.exe

C:\Arquivos de programas\QuickTime\qttask.exe

c:\arquivos de programas\mcafee.com\agent\mcdetect.exe

c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

c:\ARQUIV~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\dhcp\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Save\Save.exe

c:\arquiv~1\mcafee.com\vso\mcvsftsn.exe

c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

C:\Arquivos de programas\CyberScript31\CyberScript.exe

C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\SVQ2O1JY\cartao19[1].scr

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.festasbadaladas.com.br

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Arquivos de programas\iMesh\iMesh5\iMeshBHO.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Arquivos de programas\SideFind\sfbho.dll (file missing)

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [MCUpdateExe] C:\ARQUIV~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\ARQUIV~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\ARQUIV~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [Power Scan] "C:\Arquivos de programas\Power Scan\powerscan.exe" /aid:131089

O4 - HKLM\..\Run: [Zdzcyfh] C:\Program Files\Tpgjgn\Cqig.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [csrss] C:\WINDOWS\system32\config\csrss.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\install.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [WinetWork] C:\WINDOWS\Media\WinetWork.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [eJay Scrap Reader] C:\Arquivos de programas\Orkut\orkut.exe

O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32\dhcp\svchost.exe

O4 - HKLM\..\Run: [McRegWiz] C:\ARQUIV~1\McAfee.com\Agent\McRegWiz.exe /autorun

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WormsArmageddon.exe] C:\DOCUME~1\SUPERV~1\MEUSDO~1\WORMSA~1.EXE /r

O4 - HKCU\..\Run: [stratas] ggfig.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - HKCU\..\Run: [WhenUSave] "C:\Arquivos de programas\Save\Save.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Arquivos de programas\SideFind\sidefind.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c15.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) - http://www.gazzag.com/imp/grabmail.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\arquivos de programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\ARQUIV~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

O23 - Service: Windows Logon Information (WLI) - Unknown owner - C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
Sr.Ida    0

Faça o download do The Avenger by Swandog46

http://swandog46.geekstogo.com/avenger.zip

Unzip em seu desktop

Vá ao Painel de Controle. Utilize Adicionar / Remover programas.

Desinstale: -->

C:\Arquivos de programas\SideFind

C:\Program Files\Media Gateway

C:\Program Files\Internet Optimizer

C:\Arquivos de programas\Power Scan

C:\Program Files\Tpgjgn

C:\Arquivos de programas\Save

Abra o Avenger.

• Nas opções "Script file to execute" escolha "Input Script Manually".

• Clica no ícone da lupa e vai abrir o "View/edit script"

• Copie o conteúdo do quote (Ctrl+V).

Folders to delete:

C:\Arquivos de programas\SideFind

C:\Program Files\Media Gateway

C:\Program Files\Internet Optimizer

C:\Arquivos de programas\Power Scan

C:\Program Files\Tpgjgn

C:\Arquivos de programas\Save

Files to delete:

C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe

C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\SVQ2O1JY\cartao19[1].scr

C:\WINDOWS\system32\system32.exe

C:\WINDOWS\Media\WinetWork.exe

C:\WINDOWS\install.exe

C:\WINDOWS\system32\config\csrss.exe

C:\WINDOWS\system32\dhcp\svchost.exe

o código acima foi criado especificamente para este usuário. Se você não for este usuário, não siga este caminho porque poderiam danificar o funcionamento de seu sistema.

• Clica em Done

• E clica no Sinal Verde para execução do script

• Responda "Yes"

O The Avenger automaticamente iniciará a incorporação dos dados.

Ao final o The Avenger dará o reboot no computador.

Após o restart , vai abrir a janela preta do Dos, não se preocupe. Depois um log file vai ser gerado.. O log file estará disponível e localizado em C:\avenger.txt

O The Avenger faz back up de todos os arquivos deletados, em C:\avenger\backups.zip.

Reinicie em Modo Seguro

(aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

Execute o HijackThis, clique em Do a System Scan Only, marque somente as entradas abaixo e dê Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.festasbadaladas.com.br

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Arquivos de programas\SideFind\sfbho.dll (file missing)

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [Power Scan] "C:\Arquivos de programas\Power Scan\powerscan.exe" /aid:131089

O4 - HKLM\..\Run: [Zdzcyfh] C:\Program Files\Tpgjgn\Cqig.exe

O4 - HKLM\..\Run: [csrss] C:\WINDOWS\system32\config\csrss.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\install.exe

O4 - HKLM\..\Run: [WinetWork] C:\WINDOWS\Media\WinetWork.exe

O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32\dhcp\svchost.exe

O4 - HKCU\..\Run: [stratas] ggfig.exe

O4 - HKCU\..\Run: [WhenUSave] "C:\Arquivos de programas\Save\Save.exe"

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c15.cab

Iniciar -> Executar. Digite services.msc e clique em OK. Procure o service cavalo de tróia Windows Logon Information (WLI) . Dê um clique direito nele e clique em Propriedades. Clique em Parar e troque o Tipo de Inicialização para Desativado.

Roda HJThis -> Open the misc Tools section -> Delete an NT Service

Na caixa coloque Windows Logon Information (WLI), clique em "OK" e confirme.

Reinicie em Modo Normal

Postar:

C:\avenger.txt

Novo log hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites
Scheider    0
  • Autor do tópico
  • tipo, antes eu tinha pegado o avg q meu amigo falou e removí um monteeeeee de virus... o mcafee não detectava nenhum virus =/ to usando o nod32... bom aí vai os logs

    Log avengertxt.:

    Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\ycoygvsp

    *******************

    Script file located at: \??\C:\WINDOWS\system32\lalamxvm.txt

    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Folder C:\Arquivos de programas\SideFind deleted successfully.

    Folder C:\Program Files\Media Gateway not found!

    Deletion of folder C:\Program Files\Media Gateway failed!

    Could not process line:

    C:\Program Files\Media Gateway

    Status: 0xc0000034

    Folder C:\Program Files\Internet Optimizer not found!

    Deletion of folder C:\Program Files\Internet Optimizer failed!

    Could not process line:

    C:\Program Files\Internet Optimizer

    Status: 0xc0000034

    Folder C:\Arquivos de programas\Power Scan not found!

    Deletion of folder C:\Arquivos de programas\Power Scan failed!

    Could not process line:

    C:\Arquivos de programas\Power Scan

    Status: 0xc0000034

    Folder C:\Program Files\Tpgjgn deleted successfully.

    Folder C:\Arquivos de programas\Save not found!

    Deletion of folder C:\Arquivos de programas\Save failed!

    Could not process line:

    C:\Arquivos de programas\Save

    Status: 0xc0000034

    File C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe not found!

    Deletion of file C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe failed!

    Could not process line:

    C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe

    Status: 0xc0000034

    File C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\SVQ2O1JY\cartao19[1].scr deleted successfully.

    File C:\WINDOWS\system32\system32.exe deleted successfully.

    File C:\WINDOWS\Media\WinetWork.exe deleted successfully.

    File C:\WINDOWS\install.exe not found!

    Deletion of file C:\WINDOWS\install.exe failed!

    Could not process line:

    C:\WINDOWS\install.exe

    Status: 0xc0000034

    File C:\WINDOWS\system32\config\csrss.exe not found!

    Deletion of file C:\WINDOWS\system32\config\csrss.exe failed!

    Could not process line:

    C:\WINDOWS\system32\config\csrss.exe

    Status: 0xc0000034

    File C:\WINDOWS\system32\dhcp\svchost.exe not found!

    Deletion of file C:\WINDOWS\system32\dhcp\svchost.exe failed!

    Could not process line:

    C:\WINDOWS\system32\dhcp\svchost.exe

    Status: 0xc0000034

    Completed script processing.

    *******************

    Finished! Terminate.

    E aí vai o log hijackithis:

    Logfile of HijackThis v1.99.1

    Scan saved at 14:22:58, on 20/4/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\ScsiAccess.EXE

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\HijackThis.exe

    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Arquivos de programas\iMesh\iMesh5\iMeshBHO.dll (file missing)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Arquivos de programas\SideFind\sidefind.dll (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

    O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) - http://www.gazzag.com/imp/grabmail.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

    e agora?? q q faço?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Sr.Ida    0

    Faça o download do DelDomains:

    http://linhadefensiva.uol.com.br/dl/deldomains

    Pegue o DelDomains.inf. Não clique duas vezes. Com o botão direito e clique em Instalar.

    Aparentemente nada acontece. Isso é normal.

    Reiniciar o computador

    Execute o Panda ActiveScan

    Depois que acabar o scan on line, faça um log hijackthis e cole no seu post juntamente com o resultado Panda

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Scheider    0
  • Autor do tópico
  • não conseguí fazer o scan desse site aí... mas o resto fiz tudo..

    aí o log do hijackithis:

    Logfile of HijackThis v1.99.1

    Scan saved at 21:57:59, on 20/4/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\ScsiAccess.EXE

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Arquivos de programas\Kazaa Lite Resurrection\kazaalite.kpp

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\HijackThis.exe

    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Arquivos de programas\iMesh\iMesh5\iMeshBHO.dll (file missing)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Arquivos de programas\SideFind\sidefind.dll (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

    O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) - http://www.gazzag.com/imp/grabmail.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Sr.Ida    0

    Tente este

    clica

    Nada para fixar no log. Limpo!

    Cole o resultado se conseguir para vermos se há restos.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Scheider    0
  • Autor do tópico
  • BitDefender Online Scanner

    Scan report generated at: Fri, Apr 21, 2006 - 15:12:37

    Scan path: A:\;C:\;D:\;E:\;F:\;

    Statistics

    Time

    01:06:02

    Files

    246036

    Folders

    3213

    Boot Sectors

    3

    Archives

    5915

    Packed Files

    34153

    Results

    Identified Viruses

    3

    Infected Files

    4

    Suspect Files

    6

    Warnings

    0

    Disinfected

    0

    Deleted Files

    10

    Engines Info

    Virus Definitions

    371154

    Engine build

    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins

    13

    Archive plugins

    39

    Unpack plugins

    4

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Arquivos de programas\Konami\Silent Hill 2\r-sh2tr.exe

    Suspected of: BehavesLike:Win32.RemoteInjector

    C:\Arquivos de programas\Konami\Silent Hill 2\r-sh2tr.exe

    Disinfection failed

    C:\Arquivos de programas\Konami\Silent Hill 2\r-sh2tr.exe

    Deleted

    C:\avenger\backup.zip=>avenger/cartao19[1].scr

    Infected with: Trojan.Spy.Banker.ARK

    C:\avenger\backup.zip=>avenger/cartao19[1].scr

    Disinfection failed

    C:\avenger\backup.zip=>avenger/cartao19[1].scr

    Deleted

    C:\avenger\backup.zip

    Updated

    C:\avenger\backup.zip=>avenger/system32.exe

    Infected with: Trojan.Spy.Banker.ARK

    C:\avenger\backup.zip=>avenger/system32.exe

    Disinfection failed

    C:\avenger\backup.zip=>avenger/system32.exe

    Deleted

    C:\avenger\backup.zip

    Updated

    C:\avenger\backup.zip=>avenger/WinetWork.exe

    Infected with: Trojan.Banker.Delf.DC031110

    C:\avenger\backup.zip=>avenger/WinetWork.exe

    Disinfection failed

    C:\avenger\backup.zip=>avenger/WinetWork.exe

    Deleted

    C:\avenger\backup.zip

    Updated

    C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\BSP97SGS\fotos[1].scr

    Suspected of: BehavesLike:Win32.SMTP-Mailer

    C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\BSP97SGS\fotos[1].scr

    Disinfection failed

    C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\BSP97SGS\fotos[1].scr

    Deleted

    C:\Documents and Settings\Supervisor\Desktop\fotos.scr

    Suspected of: BehavesLike:Win32.SMTP-Mailer

    C:\Documents and Settings\Supervisor\Desktop\fotos.scr

    Disinfection failed

    C:\Documents and Settings\Supervisor\Desktop\fotos.scr

    Deleted

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2\r-sh2tr.exe

    Suspected of: BehavesLike:Win32.RemoteInjector

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2\r-sh2tr.exe

    Disinfection failed

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2\r-sh2tr.exe

    Deleted

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2.zip=>r-sh2tr.exe

    Suspected of: BehavesLike:Win32.RemoteInjector

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2.zip=>r-sh2tr.exe

    Disinfection failed

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2.zip=>r-sh2tr.exe

    Deleted

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2.zip

    Updated

    C:\WINDOWS\smlogitech.vbs

    Infected with: Backdoor.Delf.AKF

    C:\WINDOWS\smlogitech.vbs

    Disinfection failed

    C:\WINDOWS\smlogitech.vbs

    Deleted

    C:\WINDOWS\system32\system32.exe

    Suspected of: BehavesLike:Win32.SMTP-Mailer

    C:\WINDOWS\system32\system32.exe

    Disinfection failed

    C:\WINDOWS\system32\system32.exe

    Deleted

    bem... e agora? :|

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Sr.Ida    0

    Baixa a ferramenta

    msn-fofoca

    Siga as instruções

    Depois

    Execute o HijackThis, clique em Do a System Scan Only, marque somente as entradas abaixo e dê Fix Checked.

    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Arquivos de programas\SideFind\sidefind.dll (file missing)

    Reinicie o computador

    Post o novo log hijackthis

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Scheider    0
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 19:00:21, on 21/4/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\ScsiAccess.EXE

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Arquivos de programas\iMesh\iMesh5\iMeshBHO.dll (file missing)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

    O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) - http://www.gazzag.com/imp/grabmail.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

    e agora?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Sr.Ida    0

    Houve reinfecção do Banker/keylogger. Havíamos retirado na primeira instância, e foi dar no log bitdefender. O arquivo foi -> deleted

    Bom, vamos procurar mais...

    Faça o download do ewido

    http://www.ewido.net/en/download/

    • Selecione "English" como idioma para a instalação

    • Clique em Next, I Agree, Next. Next. Desmarque a caixa Install background guard e clique em Install e depois Finish.

    • Na janela principal do ewido clique em Actualizar no menu esquerdo e então clique em Iniciar actualização.

    • Quando a atualização terminar, você verá a mensagem Actualizado com sucesso no canto inferior esquerdo

    • Saia do ewido e não rode um scan completo ainda

    Reinicie em Modo Seguro

    (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

    Execute o HijackThis, clique em Do a System Scan Only, marque somente as entradas abaixo e dê Fix Checked.

    O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

    • Abra o ewido e clique em Verificar e então em Verificação Completa do Sistema

    • O ewido detecta alguns programas legítimos como discadores dial-up. Portanto, não marque a caixa que diz Executar a acção em todas as infecções. Se o ewido encontrar um arquivo que você acredita ser legítimo, escolha a opção "Nenhuma" e clique em OK. Caso contrário, deixe em Remover e clique em OK.

    Ao término da varredura, localize o screen com nome de -> Save report

    • Quando o ewido terminar, feche-o.

    Reinicie em Modo Normal

    Agora fazer o novo log hijackthis e anexar juntamente com o resultado do ewido.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Scheider    0
  • Autor do tópico
  • eu baixei esse programa instalei direitinho mas..

    quando clikei pra actualizar ficava só no 0.0% e não ia saca... q q faço x/

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Scheider    0
  • Autor do tópico
  • Status Of programa:

    Ameaças conhecidas: 312.638

    Infecções encotradas: 0

    Ultima atualização: 22/04/2006

    Versão da base de dados: #1822

    Logfile of HijackThis v1.99.1

    Scan saved at 13:06:24, on 22/4/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

    C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\ScsiAccess.EXE

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Arquivos de programas\CyberScript31\CyberScript.exe

    C:\Arquivos de programas\ewido anti-malware\securitysuite.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Arquivos de programas\iMesh\iMesh5\iMeshBHO.dll (file missing)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

    O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) - http://www.gazzag.com/imp/grabmail.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

    O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Sr.Ida    0

    Muito bem. Mas voce não fez a última etapa. Faça-o agora para o log ficar limpo.

    Execute o HijackThis, clique em Do a System Scan Only, marque somente as entradas abaixo e dê Fix Checked.

    O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

    Habilite o Windows para mostrar todos os arquivos (até ocultos). -> veja

    Via Windows Explorer apague o arquivo se existir

    C:\WINDOWS\system32\system32.exe

    Infecções encotradas: 0

    B)

    Leia o artigo Proteja seu PC para evitar futuras infecções:

    http://linhadefensiva.uol.com.br/artigos/proteja-seu-pc/

    Desabilite e reabilite a Restauração do Sistema:

    http://linhadefensiva.uol.com.br/docs/rest...cao-do-sistema/

    Abraço

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Scheider    0
  • Autor do tópico
  • aê cara valeu pela ajuda pela paciencia!! meu pc agora não tá devagar quanto antes e nem aparece aquelas janelas chatas!!

    vlwzaooooooo!! abraços!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Phoenyx    2.308

    CASO RESOLVIDO!

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×