Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
douglaspires83
Nunca ouvi falar. Vamos ver como está o log do hijack.
*Baixe o programa do link e instale-o. Execute-o e clique em "Do a system scan and save a logfile".
*Uma janela contendo o resultado do scan será aberta. Copie e cole o resultado aqui no fórum
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.zip
douglaspires...
Membro Senior
Registrado
182 Mensagens
1 Curtida
ai ta o log
Logfile of HijackThis v1.99.1
Scan saved at 08:15:35, on 30/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\csrcs.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msnmsgrl.exe
C:\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O1 - Hosts: 200.205.55.58 216.129.112.81
O1 - Hosts: 0.0.0.1 www5.messengerfx.com
O1 - Hosts: 0.0.0.1 www.msn2go.com
O1 - Hosts: 0.0.0.1 www.researchhaven.com/Chat.htm
O1 - Hosts: 0.0.0.1 www.researchhaven.com
O1 - Hosts: 0.0.0.8 iloveim.com
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1544B0-4F18-4B13-915F-219CFBA91AD1}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3866C95-78A5-4843-8C25-A02C8EC9F293}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{E682DF25-3CBC-479B-9C59-C716B25F8609}: NameServer = 200.203.153.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe (file missing)
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits
Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
douglaspires83
1. Vá em Adicionar/Remover programas e desinstale:
ADSTechnology
ActivationManager
2.
*Faça o download da ferramenta do link e salve-a no Desktop
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
*Duplo clique em SDFix.exe e a ferramenta será instalada geralmente em C:\SDFix
*Anote ou imprima o procedimento
*Desative temporariamente seu antivírus e anti-spyware
*Reinicie o PC em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha Modo Seguro).
*Na pasta C:\SDFix localize e execute o arquivo RunThis.bat
*Tecle Y para iniciar o processo
*Ao término, surgirá um aviso dizendo para apertar qualquer tecla para continuar.
*O PC será reiniciado automaticamente
*Ao reiniciar, a ferramenta novamente será executada
*Ao surgir "The FixTool has finished", pressione qualquer tecla
*Cole o resultado criado em C:\SDFix\Report.txt junto com novo log do hijack
douglaspires...
Membro Senior
Registrado
182 Mensagens
1 Curtida
ola amigo, deixa eu te explicar este é o log do SDFix
SDFix: Version 1.177
Run by Administrador on qua 30/04/2008 at 10:15
Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\MSNMSGRL.EXE - Deleted
C:\WINDOWS\system32\csrcs.exe - Deleted
C:\WINDOWS\system32\smcs.exe - Deleted
Folder C:\Arquivos de programas\CPV - Removed
Folder C:\Arquivos de programas\Temporary - Removed
Folder C:\Arquivos de programas\Twain - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 10:20:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Arquivos de programas\\DNA\\btdna.exe"="C:\\Arquivos de programas\\DNA\\btdna.exe:*:EnabledNA"
"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"="C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\ntserv.exe"="C:\\WINDOWS\\system32\\ntserv.exe:*:Enabled:Firewall"
"C:\\WINDOWS\\system32\\msnmsgl.exe"="C:\\WINDOWS\\system32\\msnmsgl.exe:*:Enabled:Firewall"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000001.regtrans-ms"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000002.regtrans-ms"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b8ac9b7f7c2bb6b30fe52e21748c4ce\BIT3.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0538.tmp"
Thu 13 Mar 2008 20,992 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0741.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0837.tmp"
Thu 13 Mar 2008 20,480 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL2897.tmp"
Thu 13 Mar 2008 21,504 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL3461.tmp"
Finished!
mas como ele removeu este arquivo
C:\WINDOWS\system32\csrcs.exe - Deleted
toda vez que liga o PC da um erro que nao foi possivel encontrar o caminho ..
e aqui um log do hijackthis quando acontece o cmd.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:33:23, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\csrcs.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\ARQUIV~1\GBPLUG~1\gbppsv.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\net.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.g1.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MI69DF~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI69DF~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{C029B9C2-C55B-4AA6-81E3-0006E9535471}: NameServer = 200.221.11.100,200.221.11.101
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MI69DF~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: GbiehAbn - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
olha como fica o log
e vou mandar esta imagen do gerenciador de tarefas com os erros que aparecem para voce clicar ok obs: é um de cada vez, tipo, cmd.exe, depois taskkill.exe, net.exe pedindo para voce clicar em ok..
o estranho disso tudo é que aki é tem varios pontos de rede em uma sala so de liga o pc na rede com internet ja da estes erro nao precisa fazer nada, derrepente acontece isso ai tem que reiniciar o pc depois de um certo tempo acontece de novo, ve ai e se nao estiver bem explicado pergunta ai, blz
ah, outra coisa, esse log é de outro pc, um notebook que foi ligado via wireless..
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits
Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
Peraí colega...eu não quero o log de outro PC!!...eu quero o log do primeiro PC!!
Vamos por parte....tá bom?
douglaspires...
Membro Senior
Registrado
182 Mensagens
1 Curtida
tudo bem, foi mal, ai ta o log do primeiro pc
SDFix: Version 1.177
Run by Administrador on qua 30/04/2008 at 10:15
Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\MSNMSGRL.EXE - Deleted
C:\WINDOWS\system32\csrcs.exe - Deleted
C:\WINDOWS\system32\smcs.exe - Deleted
Folder C:\Arquivos de programas\CPV - Removed
Folder C:\Arquivos de programas\Temporary - Removed
Folder C:\Arquivos de programas\Twain - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 10:20:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Arquivos de programas\\DNA\\btdna.exe"="C:\\Arquivos de programas\\DNA\\btdna.exe:*:EnabledNA"
"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"="C:\\Arquiv os de programas\\BitTorrent\\bittorrent.exe:*:Enabled:Bi tTorrent"
"C:\\WINDOWS\\system32\\ntserv.exe"="C:\\WINDOWS\\ system32\\ntserv.exe:*:Enabled:Firewall"
"C:\\WINDOWS\\system32\\msnmsgl.exe"="C:\\WINDOWS\ \system32\\msnmsgl.exe:*:Enabled:Firewall"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000001.regt rans-ms"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000002.regt rans-ms"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b8ac9b7 f7c2bb6b30fe52e21748c4ce\BIT3.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc261 2ebcefc90e7dee4c276ee95e\BIT2.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0538.tmp"
Thu 13 Mar 2008 20,992 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0741.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0837.tmp"
Thu 13 Mar 2008 20,480 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL2897.tmp"
Thu 13 Mar 2008 21,504 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL3461.tmp"
Finished!
mas como ele removeu este arquivo
C:\WINDOWS\system32\csrcs.exe - Deleted
toda vez que liga o PC da um erro que nao foi possivel encontrar o caminho ..
eu so postei esse log de outro, porque é o mesmo problema que acontece em todos ..
e este novo log que eu postei é no momento que aconteceu o erro ... blz
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits
Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
Eu pedi além deste resultado do SDfix um novo log do hijack.
*Cole o resultado criado em C:\SDFix\Report.txt junto com novo log do hijack
Cadê?
douglaspires...
Membro Senior
Registrado
182 Mensagens
1 Curtida
ai esta o novo log
Logfile of HijackThis v1.99.1
Scan saved at 16:32:18, on 30/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\csrcs.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hardware.com.br/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1544B0-4F18-4B13-915F-219CFBA91AD1}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3866C95-78A5-4843-8C25-A02C8EC9F293}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{E682DF25-3CBC-479B-9C59-C716B25F8609}: NameServer = 200.203.153.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe (file missing)
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits
Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
*Reinicie o PC em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha Modo Seguro).
*Na pasta C:\SDFix localize e execute o arquivo RunThis.bat
*Tecle Y para iniciar o processo
*Ao término, surgirá um aviso dizendo para apertar qualquer tecla para continuar.
*O PC será reiniciado automaticamente
*Ao reiniciar, a ferramenta novamente será executada
*Ao surgir "The FixTool has finished", pressione qualquer tecla
*Ainda em Modo de Segurança, execute o hijack, clique em "Do a system scan only", selecione a entrada abaixo e clique em "Fix checked"
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
*Reinicie o PC em Modo Normal
*Cole o resultado criado em C:\SDFix\Report.txt junto com novo log do hijack
douglaspires...
Membro Senior
Registrado
182 Mensagens
1 Curtida
amigo vou responder sexta feira blz.
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits
Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
Se estas máquinas estão em rede, recomendo deixar está, que deverá ficar limpa, fora de conexão com a rede até resolver o problema de cada PC.
Ou seja, conforme for limpando, desconecte da rede.
douglaspires...
Membro Senior
Registrado
182 Mensagens
1 Curtida
olha ai o log do SDFix
SDFix: Version 1.177
Run by Administrador on sex 02/05/2008 at 08:53
Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 09:10:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Arquivos de programas\\DNA\\btdna.exe"="C:\\Arquivos de programas\\DNA\\btdna.exe:*:EnabledNA"
"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"="C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\ntserv.exe"="C:\\WINDOWS\\system32\\ntserv.exe:*:Enabled:Firewall"
"C:\\WINDOWS\\system32\\msnmsgl.exe"="C:\\WINDOWS\\system32\\msnmsgl.exe:*:Enabled:Firewall"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000001.regtrans-ms"
Sat 23 Feb 2008 524,288 A.SH. --- "C:\WINDOWS\system32\config\system{d5788514-e200-11dc-916d-001a92b8fa4c}.TMContainer00000000000000000002.regtrans-ms"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b8ac9b7f7c2bb6b30fe52e21748c4ce\BIT3.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0538.tmp"
Thu 13 Mar 2008 20,992 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0741.tmp"
Thu 13 Mar 2008 19,968 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL0837.tmp"
Thu 13 Mar 2008 20,480 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL2897.tmp"
Thu 13 Mar 2008 21,504 A..H. --- "C:\Documents and Settings\Assistencia\Desktop\grafica lex\MARCO\~WRL3461.tmp"
Finished!
e o log do hijackthisLogfile of HijackThis v1.99.1
Scan saved at 09:15:01, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hardware.com.br/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1544B0-4F18-4B13-915F-219CFBA91AD1}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3866C95-78A5-4843-8C25-A02C8EC9F293}: NameServer = 200.203.153.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{E682DF25-3CBC-479B-9C59-C716B25F8609}: NameServer = 200.203.153.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Support Controls\ssrc.exe (file missing)
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits
Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
OK...log limpo
1. Delete a ferramenta SDFix e a pasta C:\SDFix
2.
*Baixe o programa do link e salve-o numa pasta específica
http://www.atribune.org/ccount/click.php?id=1
*Duplo clique em ATF-Cleaner.exe
*Em Main selecione "Select all"
*Clique em Empty Selected
=>Caso use Firefox, também, siga os procedimentos abaixo:
*Em Firefox clique em "Select all" ( se você deseja manter suas passwords clique em No, caso contrário clique Yes).
*Clique "Empty Selected" ( se você deseja manter suas passwords clique em No, caso contrário clique Yes).
*Clique em Exit ou no X
3.
*Faça o download e instale a última versão do CCleaner (na instalação desmarque a opção de instalar Yahoo toolbar):
http://filehippo.com/download_ccleaner/
*Abra o programa e clique em Executar Limpeza;
*Após isto, clique em Registro -> Procurar erros -> Corrigir Erros Selecionados -> Corrigir Todos os Erros Selecionados
Use regularmente os programas ATF-Cleaner e CCleaner para manter o PC em ordem.
4.
1. Clique com o botão direito do mouse em Meu Computador
2. Selecione Propriedades
3. Clique em Restauração do Sistema
4. Marque Desativar Restauração do Sistema > Aplicar > OK
5. Agora, ative novamente a Restauração do Sistema pelo mesmo caminho acima descrito.
**************************
Procedimento para o outro PC:
1.
*Desative seu antivírus temporariamente
*No Internet Explorer:
Vá em Ferramentas -> Opções da internet -> Segurança -> Internet ->
Nível personalizado -> Plug-ins e controles ActiveX -> Executar controles ActiveX e plug-ins -> marque Habilitar -> Ok -> Reinicie o IE
*Faça um scan online em http://www.pandasecurity.com/activescan/index/?lang=pt-PT
*O scan é demorado!!!...tenha paciência
*Clique em
*Se você usa Firefox, permita a instalação:
*Cole o resultado do scan aqui no fórum junto com novo log do hijack.
douglaspires...
Membro Senior
Registrado
182 Mensagens
1 Curtida
ola Wings, posso te fazer uma pergunta, como voce sabe analisar esse logs, e as ferramentas, como qual usar, eu queria aprender mais sobre isso, como fazer ? voce pode me ajudar, me da algumas dicas.
blz amigo, agradeço, voce ja me ajudou muito
CPU PHENOM II X3 2.8GHzarkOrange">
4Gb DDR3 1333MHz
HD 500 Windows 7 PRO x64
XFX GForce GTS 250 1Gb 256Bits