Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Scheider

Preciso que analisem meu log!

Recommended Posts

gente eu não sei mexer muito bem com o hijackithis mas eu fiz o q falaram q acho q estou com muito virus, meu pc tá com muito probelas por causa desses virus e tá muito lag... aí ta a lista! me falem o q fazer por favor!!!!!!!!

Logfile of HijackThis v1.99.1

Scan saved at 15:21:02, on 19/4/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\ARQUIV~1\mcafee.com\vso\mcvsshld.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Media Gateway\MediaGateway.exe

c:\arquiv~1\mcafee.com\vso\mcvsescn.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\config\csrss.exe

C:\Arquivos de programas\QuickTime\qttask.exe

c:\arquivos de programas\mcafee.com\agent\mcdetect.exe

c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

c:\ARQUIV~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\dhcp\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Save\Save.exe

c:\arquiv~1\mcafee.com\vso\mcvsftsn.exe

c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

C:\Arquivos de programas\CyberScript31\CyberScript.exe

C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\SVQ2O1JY\cartao19[1].scr

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.festasbadaladas.com.br

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Arquivos de programas\iMesh\iMesh5\iMeshBHO.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Arquivos de programas\SideFind\sfbho.dll (file missing)

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [MCUpdateExe] C:\ARQUIV~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\ARQUIV~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\ARQUIV~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [Power Scan] "C:\Arquivos de programas\Power Scan\powerscan.exe" /aid:131089

O4 - HKLM\..\Run: [Zdzcyfh] C:\Program Files\Tpgjgn\Cqig.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [csrss] C:\WINDOWS\system32\config\csrss.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\install.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [WinetWork] C:\WINDOWS\Media\WinetWork.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [eJay Scrap Reader] C:\Arquivos de programas\Orkut\orkut.exe

O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32\dhcp\svchost.exe

O4 - HKLM\..\Run: [McRegWiz] C:\ARQUIV~1\McAfee.com\Agent\McRegWiz.exe /autorun

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WormsArmageddon.exe] C:\DOCUME~1\SUPERV~1\MEUSDO~1\WORMSA~1.EXE /r

O4 - HKCU\..\Run: [stratas] ggfig.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - HKCU\..\Run: [WhenUSave] "C:\Arquivos de programas\Save\Save.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Arquivos de programas\SideFind\sidefind.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c15.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) - http://www.gazzag.com/imp/grabmail.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\arquivos de programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\ARQUIV~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

O23 - Service: Windows Logon Information (WLI) - Unknown owner - C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do The Avenger by Swandog46

http://swandog46.geekstogo.com/avenger.zip

Unzip em seu desktop

Vá ao Painel de Controle. Utilize Adicionar / Remover programas.

Desinstale: -->

C:\Arquivos de programas\SideFind

C:\Program Files\Media Gateway

C:\Program Files\Internet Optimizer

C:\Arquivos de programas\Power Scan

C:\Program Files\Tpgjgn

C:\Arquivos de programas\Save

Abra o Avenger.

• Nas opções "Script file to execute" escolha "Input Script Manually".

• Clica no ícone da lupa e vai abrir o "View/edit script"

• Copie o conteúdo do quote (Ctrl+V).

Folders to delete:

C:\Arquivos de programas\SideFind

C:\Program Files\Media Gateway

C:\Program Files\Internet Optimizer

C:\Arquivos de programas\Power Scan

C:\Program Files\Tpgjgn

C:\Arquivos de programas\Save

Files to delete:

C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe

C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\SVQ2O1JY\cartao19[1].scr

C:\WINDOWS\system32\system32.exe

C:\WINDOWS\Media\WinetWork.exe

C:\WINDOWS\install.exe

C:\WINDOWS\system32\config\csrss.exe

C:\WINDOWS\system32\dhcp\svchost.exe

o código acima foi criado especificamente para este usuário. Se você não for este usuário, não siga este caminho porque poderiam danificar o funcionamento de seu sistema.

• Clica em Done

• E clica no Sinal Verde para execução do script

• Responda "Yes"

O The Avenger automaticamente iniciará a incorporação dos dados.

Ao final o The Avenger dará o reboot no computador.

Após o restart , vai abrir a janela preta do Dos, não se preocupe. Depois um log file vai ser gerado.. O log file estará disponível e localizado em C:\avenger.txt

O The Avenger faz back up de todos os arquivos deletados, em C:\avenger\backups.zip.

Reinicie em Modo Seguro

(aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

Execute o HijackThis, clique em Do a System Scan Only, marque somente as entradas abaixo e dê Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.festasbadaladas.com.br

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Arquivos de programas\SideFind\sfbho.dll (file missing)

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [Power Scan] "C:\Arquivos de programas\Power Scan\powerscan.exe" /aid:131089

O4 - HKLM\..\Run: [Zdzcyfh] C:\Program Files\Tpgjgn\Cqig.exe

O4 - HKLM\..\Run: [csrss] C:\WINDOWS\system32\config\csrss.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\install.exe

O4 - HKLM\..\Run: [WinetWork] C:\WINDOWS\Media\WinetWork.exe

O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32\dhcp\svchost.exe

O4 - HKCU\..\Run: [stratas] ggfig.exe

O4 - HKCU\..\Run: [WhenUSave] "C:\Arquivos de programas\Save\Save.exe"

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c15.cab

Iniciar -> Executar. Digite services.msc e clique em OK. Procure o service cavalo de tróia Windows Logon Information (WLI) . Dê um clique direito nele e clique em Propriedades. Clique em Parar e troque o Tipo de Inicialização para Desativado.

Roda HJThis -> Open the misc Tools section -> Delete an NT Service

Na caixa coloque Windows Logon Information (WLI), clique em "OK" e confirme.

Reinicie em Modo Normal

Postar:

C:\avenger.txt

Novo log hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • tipo, antes eu tinha pegado o avg q meu amigo falou e removí um monteeeeee de virus... o mcafee não detectava nenhum virus =/ to usando o nod32... bom aí vai os logs

    Log avengertxt.:

    Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\ycoygvsp

    *******************

    Script file located at: \??\C:\WINDOWS\system32\lalamxvm.txt

    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Folder C:\Arquivos de programas\SideFind deleted successfully.

    Folder C:\Program Files\Media Gateway not found!

    Deletion of folder C:\Program Files\Media Gateway failed!

    Could not process line:

    C:\Program Files\Media Gateway

    Status: 0xc0000034

    Folder C:\Program Files\Internet Optimizer not found!

    Deletion of folder C:\Program Files\Internet Optimizer failed!

    Could not process line:

    C:\Program Files\Internet Optimizer

    Status: 0xc0000034

    Folder C:\Arquivos de programas\Power Scan not found!

    Deletion of folder C:\Arquivos de programas\Power Scan failed!

    Could not process line:

    C:\Arquivos de programas\Power Scan

    Status: 0xc0000034

    Folder C:\Program Files\Tpgjgn deleted successfully.

    Folder C:\Arquivos de programas\Save not found!

    Deletion of folder C:\Arquivos de programas\Save failed!

    Could not process line:

    C:\Arquivos de programas\Save

    Status: 0xc0000034

    File C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe not found!

    Deletion of file C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe failed!

    Could not process line:

    C:\WINDOWS\system32\fonts.{0003000d-0000-0000-c000-000000000046}\lsass.exe

    Status: 0xc0000034

    File C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\SVQ2O1JY\cartao19[1].scr deleted successfully.

    File C:\WINDOWS\system32\system32.exe deleted successfully.

    File C:\WINDOWS\Media\WinetWork.exe deleted successfully.

    File C:\WINDOWS\install.exe not found!

    Deletion of file C:\WINDOWS\install.exe failed!

    Could not process line:

    C:\WINDOWS\install.exe

    Status: 0xc0000034

    File C:\WINDOWS\system32\config\csrss.exe not found!

    Deletion of file C:\WINDOWS\system32\config\csrss.exe failed!

    Could not process line:

    C:\WINDOWS\system32\config\csrss.exe

    Status: 0xc0000034

    File C:\WINDOWS\system32\dhcp\svchost.exe not found!

    Deletion of file C:\WINDOWS\system32\dhcp\svchost.exe failed!

    Could not process line:

    C:\WINDOWS\system32\dhcp\svchost.exe

    Status: 0xc0000034

    Completed script processing.

    *******************

    Finished! Terminate.

    E aí vai o log hijackithis:

    Logfile of HijackThis v1.99.1

    Scan saved at 14:22:58, on 20/4/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\ScsiAccess.EXE

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\HijackThis.exe

    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Arquivos de programas\iMesh\iMesh5\iMeshBHO.dll (file missing)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Arquivos de programas\SideFind\sidefind.dll (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

    O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) - http://www.gazzag.com/imp/grabmail.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

    e agora?? q q faço?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça o download do DelDomains:

    http://linhadefensiva.uol.com.br/dl/deldomains

    Pegue o DelDomains.inf. Não clique duas vezes. Com o botão direito e clique em Instalar.

    Aparentemente nada acontece. Isso é normal.

    Reiniciar o computador

    Execute o Panda ActiveScan

    Depois que acabar o scan on line, faça um log hijackthis e cole no seu post juntamente com o resultado Panda

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • não conseguí fazer o scan desse site aí... mas o resto fiz tudo..

    aí o log do hijackithis:

    Logfile of HijackThis v1.99.1

    Scan saved at 21:57:59, on 20/4/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\ScsiAccess.EXE

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Arquivos de programas\Kazaa Lite Resurrection\kazaalite.kpp

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\HijackThis.exe

    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Arquivos de programas\iMesh\iMesh5\iMeshBHO.dll (file missing)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Arquivos de programas\SideFind\sidefind.dll (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

    O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) - http://www.gazzag.com/imp/grabmail.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Tente este

    clica

    Nada para fixar no log. Limpo!

    Cole o resultado se conseguir para vermos se há restos.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • BitDefender Online Scanner

    Scan report generated at: Fri, Apr 21, 2006 - 15:12:37

    Scan path: A:\;C:\;D:\;E:\;F:\;

    Statistics

    Time

    01:06:02

    Files

    246036

    Folders

    3213

    Boot Sectors

    3

    Archives

    5915

    Packed Files

    34153

    Results

    Identified Viruses

    3

    Infected Files

    4

    Suspect Files

    6

    Warnings

    0

    Disinfected

    0

    Deleted Files

    10

    Engines Info

    Virus Definitions

    371154

    Engine build

    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins

    13

    Archive plugins

    39

    Unpack plugins

    4

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Arquivos de programas\Konami\Silent Hill 2\r-sh2tr.exe

    Suspected of: BehavesLike:Win32.RemoteInjector

    C:\Arquivos de programas\Konami\Silent Hill 2\r-sh2tr.exe

    Disinfection failed

    C:\Arquivos de programas\Konami\Silent Hill 2\r-sh2tr.exe

    Deleted

    C:\avenger\backup.zip=>avenger/cartao19[1].scr

    Infected with: Trojan.Spy.Banker.ARK

    C:\avenger\backup.zip=>avenger/cartao19[1].scr

    Disinfection failed

    C:\avenger\backup.zip=>avenger/cartao19[1].scr

    Deleted

    C:\avenger\backup.zip

    Updated

    C:\avenger\backup.zip=>avenger/system32.exe

    Infected with: Trojan.Spy.Banker.ARK

    C:\avenger\backup.zip=>avenger/system32.exe

    Disinfection failed

    C:\avenger\backup.zip=>avenger/system32.exe

    Deleted

    C:\avenger\backup.zip

    Updated

    C:\avenger\backup.zip=>avenger/WinetWork.exe

    Infected with: Trojan.Banker.Delf.DC031110

    C:\avenger\backup.zip=>avenger/WinetWork.exe

    Disinfection failed

    C:\avenger\backup.zip=>avenger/WinetWork.exe

    Deleted

    C:\avenger\backup.zip

    Updated

    C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\BSP97SGS\fotos[1].scr

    Suspected of: BehavesLike:Win32.SMTP-Mailer

    C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\BSP97SGS\fotos[1].scr

    Disinfection failed

    C:\Documents and Settings\Supervisor\Configurações locais\Temporary Internet Files\Content.IE5\BSP97SGS\fotos[1].scr

    Deleted

    C:\Documents and Settings\Supervisor\Desktop\fotos.scr

    Suspected of: BehavesLike:Win32.SMTP-Mailer

    C:\Documents and Settings\Supervisor\Desktop\fotos.scr

    Disinfection failed

    C:\Documents and Settings\Supervisor\Desktop\fotos.scr

    Deleted

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2\r-sh2tr.exe

    Suspected of: BehavesLike:Win32.RemoteInjector

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2\r-sh2tr.exe

    Disinfection failed

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2\r-sh2tr.exe

    Deleted

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2.zip=>r-sh2tr.exe

    Suspected of: BehavesLike:Win32.RemoteInjector

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2.zip=>r-sh2tr.exe

    Disinfection failed

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2.zip=>r-sh2tr.exe

    Deleted

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\r-sh2dcuttrn2.zip

    Updated

    C:\WINDOWS\smlogitech.vbs

    Infected with: Backdoor.Delf.AKF

    C:\WINDOWS\smlogitech.vbs

    Disinfection failed

    C:\WINDOWS\smlogitech.vbs

    Deleted

    C:\WINDOWS\system32\system32.exe

    Suspected of: BehavesLike:Win32.SMTP-Mailer

    C:\WINDOWS\system32\system32.exe

    Disinfection failed

    C:\WINDOWS\system32\system32.exe

    Deleted

    bem... e agora? :|

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixa a ferramenta

    msn-fofoca

    Siga as instruções

    Depois

    Execute o HijackThis, clique em Do a System Scan Only, marque somente as entradas abaixo e dê Fix Checked.

    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Arquivos de programas\SideFind\sidefind.dll (file missing)

    Reinicie o computador

    Post o novo log hijackthis

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 19:00:21, on 21/4/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\ScsiAccess.EXE

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Arquivos de programas\iMesh\iMesh5\iMeshBHO.dll (file missing)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

    O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) - http://www.gazzag.com/imp/grabmail.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

    e agora?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Houve reinfecção do Banker/keylogger. Havíamos retirado na primeira instância, e foi dar no log bitdefender. O arquivo foi -> deleted

    Bom, vamos procurar mais...

    Faça o download do ewido

    http://www.ewido.net/en/download/

    • Selecione "English" como idioma para a instalação

    • Clique em Next, I Agree, Next. Next. Desmarque a caixa Install background guard e clique em Install e depois Finish.

    • Na janela principal do ewido clique em Actualizar no menu esquerdo e então clique em Iniciar actualização.

    • Quando a atualização terminar, você verá a mensagem Actualizado com sucesso no canto inferior esquerdo

    • Saia do ewido e não rode um scan completo ainda

    Reinicie em Modo Seguro

    (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

    Execute o HijackThis, clique em Do a System Scan Only, marque somente as entradas abaixo e dê Fix Checked.

    O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

    • Abra o ewido e clique em Verificar e então em Verificação Completa do Sistema

    • O ewido detecta alguns programas legítimos como discadores dial-up. Portanto, não marque a caixa que diz Executar a acção em todas as infecções. Se o ewido encontrar um arquivo que você acredita ser legítimo, escolha a opção "Nenhuma" e clique em OK. Caso contrário, deixe em Remover e clique em OK.

    Ao término da varredura, localize o screen com nome de -> Save report

    • Quando o ewido terminar, feche-o.

    Reinicie em Modo Normal

    Agora fazer o novo log hijackthis e anexar juntamente com o resultado do ewido.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • eu baixei esse programa instalei direitinho mas..

    quando clikei pra actualizar ficava só no 0.0% e não ia saca... q q faço x/

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Status Of programa:

    Ameaças conhecidas: 312.638

    Infecções encotradas: 0

    Ultima atualização: 22/04/2006

    Versão da base de dados: #1822

    Logfile of HijackThis v1.99.1

    Scan saved at 13:06:24, on 22/4/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

    C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\ScsiAccess.EXE

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Arquivos de programas\CyberScript31\CyberScript.exe

    C:\Arquivos de programas\ewido anti-malware\securitysuite.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Documents and Settings\Supervisor\Meus documentos\Pasta Do Scheider (Confidencial)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Arquivos de programas\iMesh\iMesh5\iMeshBHO.dll (file missing)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {6BD64452-2FDD-400E-AB25-EEF93895A2A1} (Gazzag Chat) - http://www.gazzag.com/gim/gazzagchatctl.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

    O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) - http://www.gazzag.com/imp/grabmail.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

    O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Muito bem. Mas voce não fez a última etapa. Faça-o agora para o log ficar limpo.

    Execute o HijackThis, clique em Do a System Scan Only, marque somente as entradas abaixo e dê Fix Checked.

    O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

    Habilite o Windows para mostrar todos os arquivos (até ocultos). -> veja

    Via Windows Explorer apague o arquivo se existir

    C:\WINDOWS\system32\system32.exe

    Infecções encotradas: 0

    B)

    Leia o artigo Proteja seu PC para evitar futuras infecções:

    http://linhadefensiva.uol.com.br/artigos/proteja-seu-pc/

    Desabilite e reabilite a Restauração do Sistema:

    http://linhadefensiva.uol.com.br/docs/rest...cao-do-sistema/

    Abraço

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • aê cara valeu pela ajuda pela paciencia!! meu pc agora não tá devagar quanto antes e nem aparece aquelas janelas chatas!!

    vlwzaooooooo!! abraços!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    CASO RESOLVIDO!

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×