Jump to content
AG Eletronica

 dúvida Ajuda com remocao de virus

Rate this topic

Recommended Posts

Amigos, estou com um virus na minha rede que ele fica corrompendo meus arquivos de instalacao, como office, nero entre outros. Os icones dos programas ficam com resolução baixa, deformados. Alguem pode me ajudar remover? Segue log do hijackthis.

 

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
c:\windows\system\explorer.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
c:\windows\system\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
E:\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe, c:\windows\system\explorer.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Usuario\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office16\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Explorer] c:\windows\system\explorer.exe RU
O4 - HKLM\..\Run: [Svchost] c:\windows\system\svchost.exe RU
O4 - HKLM\..\RunOnce: [Explorer] c:\windows\system\explorer.exe RO
O4 - HKLM\..\RunOnce: [Svchost] c:\windows\system\svchost.exe RO
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

--
End of file - 5607 bytes

Share this post


Link to post
Share on other sites
19 minutos atrás, AG Eletronica disse:

Amigos, estou com um virus na minha rede que ele fica corrompendo meus arquivos de instalacao, como office, nero entre outros. Os icones dos programas ficam com resolução baixa, deformados. Alguem pode me ajudar remover? Segue log do hijackthis.

 

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
c:\windows\system\explorer.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
c:\windows\system\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
E:\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe, c:\windows\system\explorer.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Usuario\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office16\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Explorer] c:\windows\system\explorer.exe RU
O4 - HKLM\..\Run: [Svchost] c:\windows\system\svchost.exe RU
O4 - HKLM\..\RunOnce: [Explorer] c:\windows\system\explorer.exe RO
O4 - HKLM\..\RunOnce: [Svchost] c:\windows\system\svchost.exe RO
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

--
End of file - 5607 bytes

instala o eset nele crackeado e limpa 

Share this post


Link to post
Share on other sites

Bom desconfiaria desse seu flash get Network. Aceleradores de download são vulneráveis. Difícil um diagnóstico sem acompanhar o histórico. Como se infecta? Ele ataca as pastas compartilhadas? Nesse caso seria mt importante aumentar a segurança na sua rede atribuindo permissões aos usuários. Verifique e limpe arquivos ocultos em User/appdata/local/temp e em user/appdata/roaming. Se estiver com um vírus 'conficker' que faz justamente isso, é bem fácil de c : e o d: se houver estarem infectados. Veja arquivos ocultos em ambos. Cuidado com os pendrives que conectou nesses computadores. E  um antivírus pago é muito útil, nada de crackea-los, isso mesmo, as empresas responsáveis pelas engines (vacinas) com certeza sabem quando o aplicativo que eles comercializam é 'pirateado'. O custo é baixo. Eu choro quando vejo alguém recomendar se instalar algo 'crackeado', não pode, precisamos mudar esse conceito e querer um pais melhor para todos. Boa sorte!

  • Like 3

Share this post


Link to post
Share on other sites
19 horas atrás, Rods disse:

E  um antivírus pago é muito útil, nada de crackea-los

Concordo. j+ 

 

Existem também diversas ferramentas gratuitas que podem ajudar.

Exemplo: 

Hidden Content

    Give reaction or reply to this topic to see the hidden content.

Share this post


Link to post
Share on other sites

@Rods desinstalei o acelerador, o que esse virus faz eh "comer os setups dos programas de instalacao da empresa", em questao do antivirus pago seria uma boa sim. Vou esta olhando a possibilidade de adiquirir um.. obg.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


SOBRE O ELETRÔNICABR

EletrônicaBR é o melhor fórum técnico online, temos o maior e mais atualizado acervo de Esquemas, Bios e Firmwares da internet. Através de nosso sistema de créditos, usuários participativos têm acesso totalmente gratuito. Os melhores técnicos do mundo estão aqui!
Técnico sem o EletrônicaBR não é um técnico completo! Leia Mais...
×
×
  • Create New...