Logo Hardware.com.br
douglaspires83
douglaspires... Membro Senior Registrado
182 Mensagens 1 Curtida

Virus no cmd.exe

#1 Por douglaspires... 29/04/2008 - 20:22
ola pessoal, é o seguinte, estamos com um problema serio com um virus, que infecta o cmd.exe, e fica paracerenco toda hora, varias jenelas se abrem, dizendo que contem um erro, e voce vai no gerenciador de tarefa, tem varios processos cmd.exe executando, (tipo uns 30 + ou -), alguem ja viu esse tipo de virus , sabe de onde ele vem (se é alguma atualização), ou sabe como remover, porque ja passei varios antivirus, como norton 2008, avast 4.8, avg free, avg antispyware, spybot, todos atualizados, e nada, isso ta uma bos****, agradeço a colaboração de todos que puderem me ajudar...
problema estamos exe serio virus cmd infecta
Responder
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#2 Por Wings
29/04/2008 - 20:31
douglaspires83

Nunca ouvi falar. Vamos ver como está o log do hijack.

*Baixe o programa do link e instale-o. Execute-o e clique em "Do a system scan and save a logfile".
*Uma janela contendo o resultado do scan será aberta. Copie e cole o resultado aqui no fórum
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.zip
douglaspires83
douglaspires... Membro Senior Registrado
182 Mensagens 1 Curtida
#3 Por douglaspires...
30/04/2008 - 08:28
ai ta o log

Logfile of HijackThis v1.99.1
Scan saved at 08:15:35, on 30/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\csrcs.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msnmsgrl.exe
C:\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O1 - Hosts: 200.205.55.58 216.129.112.81
O1 - Hosts: 0.0.0.1 www5.messengerfx.com
O1 - Hosts: 0.0.0.1 www.msn2go.com
O1 - Hosts: 0.0.0.1 www.researchhaven.com/Chat.htm
O1 - Hosts: 0.0.0.1 www.researchhaven.com
O1 - Hosts: 0.0.0.8 iloveim.com
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1544B0-4F18-4B13-915F-219CFBA91AD1}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3866C95-78A5-4843-8C25-A02C8EC9F293}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{E682DF25-3CBC-479B-9C59-C716B25F8609}: NameServer = 200.203.153.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe (file missing)
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits

Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#4 Por Wings
30/04/2008 - 08:57
douglaspires83

1. Vá em Adicionar/Remover programas e desinstale:

ADSTechnology
ActivationManager


2.
*Faça o download da ferramenta do link e salve-a no Desktop
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
*Duplo clique em SDFix.exe e a ferramenta será instalada geralmente em C:\SDFix
*Anote ou imprima o procedimento
*Desative temporariamente seu antivírus e anti-spyware
*Reinicie o PC em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha Modo Seguro).
*Na pasta C:\SDFix localize e execute o arquivo RunThis.bat
*Tecle Y para iniciar o processo
*Ao término, surgirá um aviso dizendo para apertar qualquer tecla para continuar.
*O PC será reiniciado automaticamente
*Ao reiniciar, a ferramenta novamente será executada
*Ao surgir "The FixTool has finished", pressione qualquer tecla
*Cole o resultado criado em C:\SDFix\Report.txt junto com novo log do hijack
douglaspires83
douglaspires... Membro Senior Registrado
182 Mensagens 1 Curtida
#5 Por douglaspires...
30/04/2008 - 11:04
ola amigo, deixa eu te explicar este é o log do SDFix


SDFix: Version 1.177
Run by Administrador on qua 30/04/2008 at 10:15
Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\MSNMSGRL.EXE - Deleted
C:\WINDOWS\system32\csrcs.exe - Deleted
C:\WINDOWS\system32\smcs.exe - Deleted

Folder C:\Arquivos de programas\CPV - Removed
Folder C:\Arquivos de programas\Temporary - Removed
Folder C:\Arquivos de programas\Twain - Removed

Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 10:20:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Arquivos de programas\\DNA\\btdna.exe"="C:\\Arquivos de programas\\DNA\\btdna.exe:*:Enabledbig_green.pngNA"
"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"="C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\ntserv.exe"="C:\\WINDOWS\\system32\\ntserv.exe:*:Enabled:Firewall"
"C:\\WINDOWS\\system32\\msnmsgl.exe"="C:\\WINDOWS\\system32\\msnmsgl.exe:*:Enabled:Firewall"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000001.regtrans-ms"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000002.regtrans-ms"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b8ac9b7f7c2bb6b30fe52e21748c4ce\BIT3.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0538.tmp"
Thu 13 Mar 2008 20,992 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0741.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0837.tmp"
Thu 13 Mar 2008 20,480 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL2897.tmp"
Thu 13 Mar 2008 21,504 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL3461.tmp"
Finished!

mas como ele removeu este arquivo
C:\WINDOWS\system32\csrcs.exe - Deleted
toda vez que liga o PC da um erro que nao foi possivel encontrar o caminho ..

e aqui um log do hijackthis quando acontece o cmd.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:33:23, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\csrcs.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\ARQUIV~1\GBPLUG~1\gbppsv.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.g1.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MI69DF~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI69DF~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{C029B9C2-C55B-4AA6-81E3-0006E9535471}: NameServer = 200.221.11.100,200.221.11.101
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MI69DF~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: GbiehAbn - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

olha como fica o log

e vou mandar esta imagen do gerenciador de tarefas com os erros que aparecem para voce clicar ok obs: é um de cada vez, tipo, cmd.exe, depois taskkill.exe, net.exe pedindo para voce clicar em ok..



o estranho disso tudo é que aki é tem varios pontos de rede em uma sala so de liga o pc na rede com internet ja da estes erro nao precisa fazer nada, derrepente acontece isso ai tem que reiniciar o pc depois de um certo tempo acontece de novo, ve ai e se nao estiver bem explicado pergunta ai, blz

ah, outra coisa, esse log é de outro pc, um notebook que foi ligado via wireless..
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits

douglaspires83
douglaspires... Membro Senior Registrado
182 Mensagens 1 Curtida
#7 Por douglaspires...
30/04/2008 - 11:51
tudo bem, foi mal, ai ta o log do primeiro pc

SDFix: Version 1.177
Run by Administrador on qua 30/04/2008 at 10:15
Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\MSNMSGRL.EXE - Deleted
C:\WINDOWS\system32\csrcs.exe - Deleted
C:\WINDOWS\system32\smcs.exe - Deleted

Folder C:\Arquivos de programas\CPV - Removed
Folder C:\Arquivos de programas\Temporary - Removed
Folder C:\Arquivos de programas\Twain - Removed

Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 10:20:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Arquivos de programas\\DNA\\btdna.exe"="C:\\Arquivos de programas\\DNA\\btdna.exe:*:Enabledbig_green.pngNA"
"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"="C:\\Arquiv os de programas\\BitTorrent\\bittorrent.exe:*:Enabled:Bi tTorrent"
"C:\\WINDOWS\\system32\\ntserv.exe"="C:\\WINDOWS\\ system32\\ntserv.exe:*:Enabled:Firewall"
"C:\\WINDOWS\\system32\\msnmsgl.exe"="C:\\WINDOWS\ \system32\\msnmsgl.exe:*:Enabled:Firewall"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000001.regt rans-ms"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000002.regt rans-ms"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b8ac9b7 f7c2bb6b30fe52e21748c4ce\BIT3.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc261 2ebcefc90e7dee4c276ee95e\BIT2.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0538.tmp"
Thu 13 Mar 2008 20,992 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0741.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0837.tmp"
Thu 13 Mar 2008 20,480 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL2897.tmp"
Thu 13 Mar 2008 21,504 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL3461.tmp"
Finished!

mas como ele removeu este arquivo
C:\WINDOWS\system32\csrcs.exe - Deleted
toda vez que liga o PC da um erro que nao foi possivel encontrar o caminho ..

eu so postei esse log de outro, porque é o mesmo problema que acontece em todos ..
e este novo log que eu postei é no momento que aconteceu o erro ... blz
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits

douglaspires83
douglaspires... Membro Senior Registrado
182 Mensagens 1 Curtida
#9 Por douglaspires...
30/04/2008 - 16:33
ai esta o novo log

Logfile of HijackThis v1.99.1
Scan saved at 16:32:18, on 30/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\csrcs.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hardware.com.br/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1544B0-4F18-4B13-915F-219CFBA91AD1}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3866C95-78A5-4843-8C25-A02C8EC9F293}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{E682DF25-3CBC-479B-9C59-C716B25F8609}: NameServer = 200.203.153.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe (file missing)
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits

Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#10 Por Wings
30/04/2008 - 16:56
*Reinicie o PC em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha Modo Seguro).
*Na pasta C:\SDFix localize e execute o arquivo RunThis.bat
*Tecle Y para iniciar o processo
*Ao término, surgirá um aviso dizendo para apertar qualquer tecla para continuar.
*O PC será reiniciado automaticamente
*Ao reiniciar, a ferramenta novamente será executada
*Ao surgir "The FixTool has finished", pressione qualquer tecla
*Ainda em Modo de Segurança, execute o hijack, clique em "Do a system scan only", selecione a entrada abaixo e clique em "Fix checked"
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

*Reinicie o PC em Modo Normal
*Cole o resultado criado em C:\SDFix\Report.txt junto com novo log do hijack
douglaspires83
douglaspires... Membro Senior Registrado
182 Mensagens 1 Curtida
#13 Por douglaspires...
02/05/2008 - 09:17
olha ai o log do SDFix


SDFix: Version 1.177
Run by Administrador on sex 02/05/2008 at 08:53
Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting

Checking Files :
No Trojan Files Found



Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 09:10:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Arquivos de programas\\DNA\\btdna.exe"="C:\\Arquivos de programas\\DNA\\btdna.exe:*:Enabledbig_green.pngNA"
"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"="C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\ntserv.exe"="C:\\WINDOWS\\system32\\ntserv.exe:*:Enabled:Firewall"
"C:\\WINDOWS\\system32\\msnmsgl.exe"="C:\\WINDOWS\\system32\\msnmsgl.exe:*:Enabled:Firewall"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000001.regtrans-ms"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000002.regtrans-ms"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b8ac9b7f7c2bb6b30fe52e21748c4ce\BIT3.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0538.tmp"
Thu 13 Mar 2008 20,992 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0741.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0837.tmp"
Thu 13 Mar 2008 20,480 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL2897.tmp"
Thu 13 Mar 2008 21,504 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL3461.tmp"
Finished!


e o log do hijackthisLogfile of HijackThis v1.99.1
Scan saved at 09:15:01, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hardware.com.br/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1544B0-4F18-4B13-915F-219CFBA91AD1}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3866C95-78A5-4843-8C25-A02C8EC9F293}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{E682DF25-3CBC-479B-9C59-C716B25F8609}: NameServer = 200.203.153.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe (file missing)
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits

Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#14 Por Wings
02/05/2008 - 13:03
OK...log limpo

1. Delete a ferramenta SDFix e a pasta C:\SDFix

2.
*Baixe o programa do link e salve-o numa pasta específica
http://www.atribune.org/ccount/click.php?id=1
*Duplo clique em ATF-Cleaner.exe
*Em Main selecione "Select all"
*Clique em Empty Selected
=>Caso use Firefox, também, siga os procedimentos abaixo:
*Em Firefox clique em "Select all" ( se você deseja manter suas passwords clique em No, caso contrário clique Yes).
*Clique "Empty Selected" ( se você deseja manter suas passwords clique em No, caso contrário clique Yes).
*Clique em Exit ou no X

3.
*Faça o download e instale a última versão do CCleaner (na instalação desmarque a opção de instalar Yahoo toolbar):
http://filehippo.com/download_ccleaner/
*Abra o programa e clique em Executar Limpeza;
*Após isto, clique em Registro -> Procurar erros -> Corrigir Erros Selecionados -> Corrigir Todos os Erros Selecionados

Use regularmente os programas ATF-Cleaner e CCleaner para manter o PC em ordem.

4.
1. Clique com o botão direito do mouse em Meu Computador
2. Selecione Propriedades
3. Clique em Restauração do Sistema
4. Marque Desativar Restauração do Sistema > Aplicar > OK
5. Agora, ative novamente a Restauração do Sistema pelo mesmo caminho acima descrito.

**************************
Procedimento para o outro PC:

1.
*Desative seu antivírus temporariamente
*No Internet Explorer:
Vá em Ferramentas -> Opções da internet -> Segurança -> Internet ->
Nível personalizado -> Plug-ins e controles ActiveX -> Executar controles ActiveX e plug-ins -> marque Habilitar -> Ok -> Reinicie o IE
*Faça um scan online em http://www.pandasecurity.com/activescan/index/?lang=pt-PT
*O scan é demorado!!!...tenha paciência
Imagem


*Clique em Imagem


Imagem


*Se você usa Firefox, permita a instalação:

Imagem

*Cole o resultado do scan aqui no fórum junto com novo log do hijack.
douglaspires83
douglaspires... Membro Senior Registrado
182 Mensagens 1 Curtida
#15 Por douglaspires...
04/05/2008 - 11:40
ola Wings, posso te fazer uma pergunta, como voce sabe analisar esse logs, e as ferramentas, como qual usar, eu queria aprender mais sobre isso, como fazer ? voce pode me ajudar, me da algumas dicas.
blz amigo, agradeço, voce ja me ajudou muito
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits

Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal