1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

problema com trojan (penso eu...)

Discussão em 'Dúvidas e Suporte—Internet, Redes, Segurança' iniciada por Moxo, 23 de Setembro de 2006. (Respostas: 4; Visualizações: 869)

  1. Moxo

    Moxo Power Member

    Ola a todos! Recentemente tenho andado com uns problemas no meu pc quando inicio um utilizador. Ao aceder a net esta cai varias vezes e por vezes aparece um ficheiro para sacar chamado herto. O meu computador por vezes bloqueia e sou obrigado a reiniciar. Quando inicio um utilizador tambem surge um problema que se chama themida que nao sei como surgiu nem como o eliminar. Em relaçao ao meu sistema de segurança tenho o mcafee 2006 completo. Deixo desde ja as informaçoes do hijackthis. AJUDEM-ME POR FAVOR...



    Logfile of HijackThis v1.99.1 Scan saved at 21:26:19, on 23-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\programas\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\directxs.exe C:\Programas\McAfee.com\VSO\mcvsshld.exe C:\Programas\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\progra~1\mcafee\MCAFEE~3\masalert.exe C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Programas\Mozilla Firefox\firefox.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Programas\Messenger\msmsgs.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\HUGO ALEXANDRE\Os meus documentos\Downloads\hijackthis\HijackThis.exe C:\Programas\Ficheiros comuns\Ahead\lib\NMIndexStoreSvr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clix.pt/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.clix.pt/index3.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\programas\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\programas\mcafee.com\mps\popupkiller.dll O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programas\mcafee\spamkiller\mcapfbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DirectXs] C:\WINDOWS\system32\directxs.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Programas\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Programas\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~3\masalert.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\lib\NMBgMonitor.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - blank O8 - Extra context menu item: E&xportar para o Microsoft Excel - blank O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programas\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programas\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.clix.pt/index3.html O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{496BC978-F736-40D8-A12C-455DD8D950C9}: NameServer = 195.245.176.19 194.38.131.19 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
     
  2. luikki

    luikki Power Member

    desinstala o thermida.
    corre o spybot e ad aware.
    não vejo nada de especial no ficheiro do hijackthis...
    se quiseres podes colocá-lo aqui para uma análise onine.
     
  3. Moxo

    Moxo Power Member

    Eu desintalava o themida! o problema e que eu, como ja referi no meu texto anterior, nao sei como o eliminar pois nao aparece em nenhum lugar do meu pc, mas sim, apenas no arranque.E ainda por cima faz umas transferencias de ficheiros para a pasta do system32/wmedia.exe. Alem de tudo isto aparece uma janela que rapidamente desaparece que tambem pertence ao system 32/cdm.exe se nao estou em erro. Isto pode ate nao ter qualquer problema mas a verdade e que a uns dias atras isto nao acontecia...
     
  4. Evil Mota

    Evil Mota Power Member

    Faça o download do HijackThis 1.99

    Ponha o ficheiro .Zip, no seu Disco rigido, em uma pasta [Hijakthis] execute o programa!
    Carregue em Do A System scan and save Logfile

    Depois, copie o que aparecer no bloco de notas, e em seguida poste ele aqui!
     
  5. luikki

    luikki Power Member

    experimenta desacticar o themida no arranque:
    executar / mscofig / arranque e se lá estiver desactiva.
    procura um ficheiro qie se chama vmedia ou wmedia e segue estas instruções:
    IN ORDER TO DELETE THE MESSAGE WHEN YOU LOG ON INTO WINDOWS XP, is to find the name. When logging on click the welcome splash of that Themida once to quit the first bit but dont click it twice(there are two splashs exactly the same). Press alt-control-del to open up that window and there should be a process named 'VMEDIA'. Close it to close the welcome screen. If it the welcome splash screen dissappears you know you've got the right one. Go to windows search by clicking the start button then search is to the right hand side and search 'VMEDIA'. It should detect about 7 files but 3 of them are the virus. They are embedded in system32 folder. Delete the files that have the exact letters 'VMEDIA' in that order, in them. One is an application, one is a file and one is some other crap. To test log off then log back in. This worked for me and I hope it does for you.
    desactiva o restauro do sistema e reinicia.

    já correste o spybot?
     

Partilhar esta Página