Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá galera, estou com um problemão aqui. Meu anti-virus McAfee nã abre, o Spybot - Search & Destroy,Ad-Aware também não e nem o CCleaner eu estou conseguindo abrir aqui. preciso de uma ajuda urgente.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:31:59, on 18/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\MAS\Meus documentos\Downloads\HiJackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zombol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\ARQUIV~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABA17553-A768-4D00-9F0E-DA50514A97F3}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{B32126D9-01AA-4ECB-9F7D-4681B2A7CE96}: NameServer = 200.221.11.100,200.221.11.101
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\bin\bin\httpd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
Aqui estão DigRam
DrWeb.csv
HijackThis atualizado.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:53, on 18/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\MAS\Meus documentos\Downloads\HiJackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zombol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\ARQUIV~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B32126D9-01AA-4ECB-9F7D-4681B2A7CE96}: NameServer = 200.221.11.100,200.221.11.101
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\bin\bin\httpd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
--
End of file - 7518 bytes
Boa Tarde! _bruninha
<!> Voçê teve 3 antivírus no PC e esse problema,também,ocorreu com os outros?
<><><><><><><><><><><><>
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ...by sUBs )
<@> Salve-o no desktop!
<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
<@> Feche todas as janelas e execute a ferramenta!
<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!
<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!
<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe
<!> Ps: Nomeie durante o salvamento,e não após salvá-la!
<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!
<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
<!> Ps: Evite executar,voluntariamente,esta ferramenta!
<!> Ps: Para evitar problemas,siga todas as recomendações propostas.
<!> Ps: *O **ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão** profissional.*
<@> Abrir-se-á a janela Auto Scan. --> Aguarde!
<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.
<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!
<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!
<><><><><><><><><><><><>
<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.
Abraços!
Aqui estão DigRam
tive que desinstalar o mcAfee para consegui desativar a proteção residente dele.
ComboFix.txt
ComboFix 09-04-19.05 - MAS 19/04/2009 13:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.2037.1604 [GMT -3:00]
Executando de: c:\documents and settings\MAS\Meus documentos\Downloads\ComboFix.exe
* Criado um novo ponto de restauro
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\MAS\Dados de aplicativos\inst.exe
c:\windows\system32\x64
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-19 to 2009-04-19 ))))))))))))))))))))))))))))
.
2009-04-19 16:08 . 2009-04-19 16:08 -------- d-----w c:\windows\LastGood
2009-04-18 18:50 . 2009-04-18 18:50 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-18 15:04 . 2009-04-18 15:04 -------- d-----w c:\documents and settings\Administrador\DoctorWeb
2009-04-18 07:41 . 2009-04-18 14:59 -------- d-----w C:\FindyKill
2009-04-18 07:24 . 2009-04-18 18:50 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Spyware Terminator
2009-04-18 07:24 . 2009-04-18 19:06 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator
2009-04-18 07:24 . 2009-04-18 19:06 -------- d-----w c:\arquivos de programas\Spyware Terminator
2009-04-18 07:11 . 2009-04-18 07:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8
2009-04-18 05:50 . 2009-04-18 05:50 -------- d-----w c:\arquivos de programas\pdfsam
2009-04-18 05:32 . 2009-04-18 18:48 -------- d-----w c:\arquivos de programas\Panda Security
2009-04-18 04:29 . 2009-04-18 05:22 290 ----a-w c:\windows\pdfpage.INI
2009-04-18 04:27 . 2009-04-18 05:22 1024 ----a-w c:\windows\system32\pdfpg.dat
2009-04-18 04:16 . 2009-04-18 04:16 -------- d-----w c:\arquivos de programas\PDF Split-Merge v2.2
2009-04-16 17:40 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:40 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:40 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 17:40 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:40 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:39 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:39 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:39 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:39 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 17:36 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 01:14 . 2009-04-13 01:14 -------- d-----w c:\arquivos de programas\Arquivos comuns\Symantec Shared
2009-04-13 01:14 . 2009-04-18 07:18 -------- d-----w c:\arquivos de programas\Norton Security Scan
2009-04-06 18:12 . 2009-04-18 19:27 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-06 18:12 . 2009-04-06 18:12 1409 ----a-w c:\windows\QTFont.for
2009-03-21 14:08 . 2009-03-21 14:08 1028608 -c----w c:\windows\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 05:48 . 2008-09-04 13:52 -------- d-----w c:\arquivos de programas\eMule
2009-04-19 05:29 . 2008-10-12 05:56 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\uTorrent
2009-04-18 18:45 . 2009-01-22 07:33 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-04-18 14:59 . 2009-04-18 14:53 3458 ----a-w C:\FindyKill.txt
2009-04-18 14:41 . 2001-09-06 12:00 75230 ----a-w c:\windows\system32\perfc016.dat
2009-04-18 14:41 . 2001-09-06 12:00 460722 ----a-w c:\windows\system32\perfh016.dat
2009-04-17 04:31 . 2008-12-04 19:01 -------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\SACore
2009-04-16 11:10 . 2008-12-04 18:57 -------- d-----w c:\arquivos de programas\McAfee
2009-04-16 04:24 . 2008-09-06 20:32 30696 ----a-w c:\documents and settings\MAS\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2009-04-13 22:51 . 2008-11-23 00:07 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Vso
2009-04-13 22:31 . 2008-10-20 01:40 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-04-13 18:29 . 2008-09-12 14:10 -------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2009-03-25 14:06 . 2008-12-04 18:57 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 14:06 . 2008-12-04 18:57 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 14:06 . 2008-12-04 18:57 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 14:06 . 2008-06-27 08:08 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 14:05 . 2008-12-04 18:56 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-15 22:20 . 2009-03-15 04:08 -------- d-----w c:\arquivos de programas\DAP
2009-03-15 04:08 . 2009-03-15 04:08 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit
2009-03-15 04:08 . 2009-03-15 04:08 50688 ----a-w c:\windows\system32\wbhelp2.dll
2009-03-14 20:11 . 2009-03-14 20:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\TVU Networks
2009-03-06 14:20 . 2001-09-06 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 05:19 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Free Download Manager
2009-03-03 00:06 . 2001-09-06 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 02:24 . 2008-12-26 21:24 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Dev-Cpp
2009-02-28 05:36 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Software Informer
2009-02-21 23:13 . 2008-10-14 17:38 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\foobar2000
2009-02-21 04:54 . 2009-01-20 20:35 -------- d-----w c:\windows\system32\config\systemprofile\Dados de aplicativos\SACore
2009-02-20 17:11 . 2008-09-02 21:56 78336 ------w c:\windows\system32\ieencode.dll
2009-02-19 05:42 . 2009-01-20 06:39 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Rosetta Stone
2009-02-18 19:43 . 2008-12-07 18:19 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2009-02-18 19:35 . 2009-02-18 19:34 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\RosettaStoneLtdBackup
2009-02-09 14:06 . 2001-09-06 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:25 . 2001-09-05 23:10 2028032 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:25 . 2001-09-06 12:00 2149376 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2001-09-06 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2001-09-06 12:00 731648 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2001-09-06 12:00 730624 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2001-09-06 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 2001-09-06 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-06 10:39 . 2001-09-06 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2001-09-06 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-20 03:01 . 2009-01-20 03:01 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-01-20 03:01 . 2009-01-20 03:01 2272 ----a-w c:\windows\system32\w95inf16.dll
2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
2008-11-23 00:07 . 2008-11-23 00:07 47360 ----a-w c:\documents and settings\MAS\Dados de aplicativos\pcouffin.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MAS^Menu Iniciar^Programas^Inicializar^HDDlife.lnk]
backup=c:\windows\pss\HDDlife.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Fake Webcam\\FakeWebcam.exe"=
"c:\\bin\\bin\\httpd.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"<NO NAME>"=
R2 0021281240157320mcinstcleanup;McAfee Application Installer Cleanup (0021281240157320); [x]
R2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys [2002-10-20 515803]
R3 Apache2.2;Apache2.2;c:\bin\bin\httpd.exe [2008-06-13 24635]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 HDDlife HDD Access service;HDDlife HDD Access service;c:\arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe [2008-02-15 832760]
R3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2002-07-24 10986]
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-04-18 c:\windows\Tasks\Norton Security Scan for MAS.job
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.zombol.com/
uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm
IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {ABA17553-A768-4D00-9F0E-DA50514A97F3} = 200.204.0.10 200.204.0.138
TCP: {B32126D9-01AA-4ECB-9F7D-4681B2A7CE96} = 200.221.11.100,200.221.11.101
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll
FF - ProfilePath - c:\documents and settings\MAS\Dados de aplicativos\Mozilla\Firefox\Profiles\6u8zjpib.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=
FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPJava11.dll
FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPJava12.dll
FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPJava13.dll
FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPJava32.dll
FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPJPI141_01.dll
FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPOJI610.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPJava11.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPJava12.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPJava13.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPJava32.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPJPI141_01.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPOJI610.dll
FF - plugin: c:\arquivos de programas\Opera\program\plugins\NPJava11.dll
FF - plugin: c:\arquivos de programas\Opera\program\plugins\NPJava12.dll
FF - plugin: c:\arquivos de programas\Opera\program\plugins\NPJava13.dll
FF - plugin: c:\arquivos de programas\Opera\program\plugins\NPJava32.dll
FF - plugin: c:\arquivos de programas\Opera\program\plugins\NPJPI141_01.dll
FF - plugin: c:\arquivos de programas\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\documents and settings\MAS\Dados de aplicativos\Mozilla\Firefox\Profiles\6u8zjpib.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 13:15
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1343024091-1606980848-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7d,8f,49,49,87,6b,0c,10,d2,2d,ea,8b,02,33,54,09,0b,4d,12,33,c8,2a,99,
c6,19,a6,b7,bb,e3,f2,0a,81,23,47,ea,a3,de,5e,64,83,e5,db,8e,7c,fc,77,67,ca,\
"??"=hex:da,67,ba,fe,e8,bf,67,12,97,2a,ff,04,d9,61,a3,7f
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Tempo para conclusão: 2009-04-19 13:15
ComboFix-quarantined-files.txt 2009-04-19 16:15
Pré-execução: 23 pasta(s) 82.067.427.328 bytes disponíveis
Pós execução: 22 pasta(s) 82.131.431.424 bytes disponíveis
WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
225 --- E O F --- 2009-04-17 05:56
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:19, on 19/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MAS\Meus documentos\Downloads\HiJackThis (1).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zombol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABA17553-A768-4D00-9F0E-DA50514A97F3}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{B32126D9-01AA-4ECB-9F7D-4681B2A7CE96}: NameServer = 200.221.11.100,200.221.11.101
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0021281240157320) (0021281240157320mcinstcleanup) - Unknown owner - C:\DOCUME~1\MAS\CONFIG~1\Temp\002128~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\bin\bin\httpd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
--
End of file - 7002 bytes
Boa Dia! _bruninha
<!> Poste o relatório do FindyKill,que foi pedido anteriormente.
<><><><><><><><><><>
<!> Desinstale:
Spyware Terminator
avg8
Panda Security
Norton
<><><><><><><><><><>
<!> Utilize o RevoUninstaller,para os mais renitentes.
<><><><><><><><><><>
<@> Baixe: < Revo Uninstaller >
<@> Salve-o no desktop.
<@> Instale o utilitário e verifique se na tela principal aparece o programa a ser desinstalado.
<@> Selecione-o e clique em Desinstalar.
<@> Ps: Este desinstalador,possui opções para remover entradas no registro.
<@> Para maiores detalhes,leia o < Tutorial >
<><><><><><><><><><>
<!> Para o McAfee,utilize a Tool,logo abaixo.
<><><><><><><><><><>
<!> Baixe: < McAfee Consumer Product Removal Tool 2.0.106.5 >
<><><><><><><><><><>
"IMPORTANTE: Se seus produtos McAfee tiverem sido pré-instalados pelo fabricante do computador, ative sua assinatura McAfee antes de desinstalar."
<><><><><><><><><><>
<!> Concluindo,poste um novo log do ComboFix+ HijackThis,atualizado.
Abraços!
DigRam, fiz tudo que me pediu aqui vão os FindyKill, ComboFix e hijackthis
FindyKill
############################## [ FindyKill V4.724 ]
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
################## [ C:\WINDOWS\System32... ]
################## [ C:\Users\...\AppData\Roaming ]
################## [ Cleaning .. Temp Files... ]
################## [ Registry / Infected keys ]
################## [ Cleaning Removable drives ]
################## [ Registry / Mountpoint2 ]
################## [ States / Restarting of services ]
################## [ Searching Other Infections ]
################## [ Corrupted files # Re-Installation required ]
C:\Arquivos de programas\Java Web Start\helper.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\Arquivos de programas\PHP Editor\remover.exe
C:\Arquivos de programas\Symantec\Norton PartitionMagic 8.0\DOCS\PM8Flash.exe
C:\Arquivos de programas\Symantec\Norton PartitionMagic 8.0\DrvMap.exe
C:\Arquivos de programas\Symantec\Norton PartitionMagic 8.0\pqbw.exe
C:\Documents and Settings\MAS\Meus documentos\Downloads\HiJackThis.exe
################## [ ! End of Report # FindyKill V4.724 ! ]
ComboFix
ComboFix 09-04-19.05 - MAS 20/04/2009 12:52.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.2037.1601 [GMT -3:00]
Executando de: c:\documents and settings\MAS\Desktop\ComboFix.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-20 to 2009-04-20 ))))))))))))))))))))))))))))
.
2009-04-19 17:13 . 2009-04-19 18:53 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira
2009-04-18 15:04 . 2009-04-18 15:04 -------- d-----w c:\documents and settings\Administrador\DoctorWeb
2009-04-18 07:41 . 2009-04-20 15:38 -------- d-----w C:\FindyKill
2009-04-18 07:11 . 2009-04-19 19:13 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8
2009-04-18 05:50 . 2009-04-18 05:50 -------- d-----w c:\arquivos de programas\pdfsam
2009-04-18 05:32 . 2009-04-18 18:48 -------- d-----w c:\arquivos de programas\Panda Security
2009-04-18 04:29 . 2009-04-18 05:22 290 ----a-w c:\windows\pdfpage.INI
2009-04-18 04:27 . 2009-04-18 05:22 1024 ----a-w c:\windows\system32\pdfpg.dat
2009-04-18 04:16 . 2009-04-18 04:16 -------- d-----w c:\arquivos de programas\PDF Split-Merge v2.2
2009-04-16 17:40 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:40 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:40 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 17:40 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:40 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:39 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:39 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:39 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:39 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 17:36 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 01:14 . 2009-04-19 17:23 -------- d-----w c:\arquivos de programas\Norton Security Scan
2009-04-06 18:12 . 2009-04-18 19:27 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-06 18:12 . 2009-04-06 18:12 1409 ----a-w c:\windows\QTFont.for
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 15:38 . 2009-04-20 15:33 2928 ----a-w C:\FindyKill.txt
2009-04-20 15:09 . 2008-12-04 18:57 -------- d-----w c:\arquivos de programas\McAfee
2009-04-19 19:15 . 2009-01-22 07:33 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-04-19 18:23 . 2008-10-12 05:56 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\uTorrent
2009-04-19 17:25 . 2008-12-13 05:11 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\phpDesigner
2009-04-19 05:48 . 2008-09-04 13:52 -------- d-----w c:\arquivos de programas\eMule
2009-04-18 14:41 . 2001-09-06 12:00 75230 ----a-w c:\windows\system32\perfc016.dat
2009-04-18 14:41 . 2001-09-06 12:00 460722 ----a-w c:\windows\system32\perfh016.dat
2009-04-17 04:31 . 2008-12-04 19:01 -------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\SACore
2009-04-16 04:24 . 2008-09-06 20:32 30696 ----a-w c:\documents and settings\MAS\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2009-04-13 22:51 . 2008-11-23 00:07 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Vso
2009-04-13 22:31 . 2008-10-20 01:40 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-04-13 18:29 . 2008-09-12 14:10 -------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2009-03-15 22:20 . 2009-03-15 04:08 -------- d-----w c:\arquivos de programas\DAP
2009-03-15 04:08 . 2009-03-15 04:08 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit
2009-03-15 04:08 . 2009-03-15 04:08 50688 ----a-w c:\windows\system32\wbhelp2.dll
2009-03-14 20:11 . 2009-03-14 20:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\TVU Networks
2009-03-06 14:20 . 2001-09-06 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 05:19 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Free Download Manager
2009-03-03 00:06 . 2001-09-06 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 02:24 . 2008-12-26 21:24 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Dev-Cpp
2009-02-28 05:36 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Software Informer
2009-02-21 23:13 . 2008-10-14 17:38 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\foobar2000
2009-02-21 04:54 . 2009-01-20 20:35 -------- d-----w c:\windows\system32\config\systemprofile\Dados de aplicativos\SACore
2009-02-20 17:11 . 2008-09-02 21:56 78336 ------w c:\windows\system32\ieencode.dll
2009-02-09 14:06 . 2001-09-06 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:25 . 2001-09-05 23:10 2028032 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:25 . 2001-09-06 12:00 2149376 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2001-09-06 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2001-09-06 12:00 731648 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2001-09-06 12:00 730624 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2001-09-06 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 2001-09-06 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-06 10:39 . 2001-09-06 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2001-09-06 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
2008-11-23 00:07 . 2008-11-23 00:07 47360 ----a-w c:\documents and settings\MAS\Dados de aplicativos\pcouffin.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MAS^Menu Iniciar^Programas^Inicializar^HDDlife.lnk]
backup=c:\windows\pss\HDDlife.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Fake Webcam\\FakeWebcam.exe"=
"c:\\bin\\bin\\httpd.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"<NO NAME>"=
R2 0021281240157320mcinstcleanup;McAfee Application Installer Cleanup (0021281240157320); [x]
R2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys [2002-10-20 515803]
R3 Apache2.2;Apache2.2;c:\bin\bin\httpd.exe [2008-06-13 24635]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 HDDlife HDD Access service;HDDlife HDD Access service;c:\arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe [2008-02-15 832760]
R3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2002-07-24 10986]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
Notify-avgrsstarter - avgrsstx.dll
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.zombol.com/
uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm
IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {B32126D9-01AA-4ECB-9F7D-4681B2A7CE96} = 200.221.11.100,200.221.11.101
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll
FF - ProfilePath - c:\documents and settings\MAS\Dados de aplicativos\Mozilla\Firefox\Profiles\6u8zjpib.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 12:53
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1343024091-1606980848-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7d,8f,49,49,87,6b,0c,10,d2,2d,ea,8b,02,33,54,09,0b,4d,12,33,c8,2a,99,
c6,19,a6,b7,bb,e3,f2,0a,81,23,47,ea,a3,de,5e,64,83,e5,db,8e,7c,fc,77,67,ca,\
"??"=hex:da,67,ba,fe,e8,bf,67,12,97,2a,ff,04,d9,61,a3,7f
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\arquivos de programas\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2009-04-20 12:54
ComboFix-quarantined-files.txt 2009-04-20 15:54
ComboFix2.txt 2009-04-19 16:15
Pré-execução: 23 pasta(s) 89.482.534.912 bytes disponíveis
Pós execução: 22 pasta(s) 89.501.388.800 bytes disponíveis
173 --- E O F --- 2009-04-17 05:56
hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:31, on 20/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\MAS\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zombol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B32126D9-01AA-4ECB-9F7D-4681B2A7CE96}: NameServer = 200.221.11.100,200.221.11.101
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing)
O23 - Service: McAfee Application Installer Cleanup (0021281240157320) (0021281240157320mcinstcleanup) - Unknown owner - C:\DOCUME~1\MAS\CONFIG~1\Temp\002128~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\bin\bin\httpd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
--
End of file - 5915 bytes
Obrigada pela ajuda
Boa Noite! _bruninha
<!> Se estás em dúvida,quanto ao seu antivírus,e pretende mudar de programa...sugiro o Avira.
<!> Execute,novamente,a ferramenta de desinstalação do McAfee.
<!> Caso queira mante-lo,no PC,instale-o após a limpeza com o ComboFix.
<><><><><><><><><><><>
<@> Baixe: < Avira >
<@> Instale o programa --> Atualize-o! --> Configure-o --> Execute-o!
<@> Poste,à seguir,o relatório!
<><><><><><><><><><><>
<@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas.
<@> Salve-as,no desktop,como: CFScript <-- Texto!
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Driver::
"0021281240157320mcinstcleanup"
Folder::
c:\arquivos de programas\McAfee
c:\arquivos de programas\Panda Security
c:\arquivos de programas\Norton Security Scan
Regnull::
[HKEY_USERS\S-1-5-21-1343024091-1606980848-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
<@> Arraste o CFScript.txt,para o ícone do ComboFix.
<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.
<@> Terminando,poste: ComboFix.txt + HijackThis,atualizado.
Abraços!
OLá DigRam!!
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:18, on 24/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\MAS\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zombol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B32126D9-01AA-4ECB-9F7D-4681B2A7CE96}: NameServer = 200.221.11.100,200.221.11.101
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\bin\bin\httpd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
--
End of file - 5694 bytes
ComboFix.txt
ComboFix 09-04-23.A3 - MAS 23/04/2009 14:30.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.2037.1555 [GMT -3:00]
Executando de: c:\documents and settings\MAS\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\MAS\Desktop\CFScript.txt
* Criado um novo ponto de restauro
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\arquivos de programas\McAfee
c:\arquivos de programas\McAfee\SiteAdvisor\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\.name
c:\arquivos de programas\Norton Security Scan
c:\arquivos de programas\Norton Security Scan\BilBDRes.dll
c:\arquivos de programas\Panda Security
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_0021281240157320MCINSTCLEANUP
-------\Service_0021281240157320mcinstcleanup
(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-23 to 2009-4-23 ))))))))))))))))))))))))))))
.
2009-04-19 17:13 . 2009-04-19 18:53 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira
2009-04-18 15:04 . 2009-04-18 15:04 -------- d-----w c:\documents and settings\Administrador\DoctorWeb
2009-04-18 07:41 . 2009-04-20 15:38 -------- d-----w C:\FindyKill
2009-04-18 07:11 . 2009-04-19 19:13 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8
2009-04-18 05:50 . 2009-04-18 05:50 -------- d-----w c:\arquivos de programas\pdfsam
2009-04-18 04:29 . 2009-04-18 05:22 290 ----a-w c:\windows\pdfpage.INI
2009-04-18 04:27 . 2009-04-18 05:22 1024 ----a-w c:\windows\system32\pdfpg.dat
2009-04-18 04:16 . 2009-04-18 04:16 -------- d-----w c:\arquivos de programas\PDF Split-Merge v2.2
2009-04-16 17:40 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:40 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:40 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 17:40 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:40 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:39 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:39 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:39 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:39 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 17:36 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-06 18:12 . 2009-04-23 03:54 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-06 18:12 . 2009-04-06 18:12 1409 ----a-w c:\windows\QTFont.for
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 23:48 . 2008-09-04 13:52 -------- d-----w c:\arquivos de programas\eMule
2009-04-20 15:38 . 2009-04-20 15:33 2928 ----a-w C:\FindyKill.txt
2009-04-19 19:15 . 2009-01-22 07:33 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-04-19 18:23 . 2008-10-12 05:56 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\uTorrent
2009-04-19 17:25 . 2008-12-13 05:11 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\phpDesigner
2009-04-18 14:41 . 2001-09-06 12:00 75230 ----a-w c:\windows\system32\perfc016.dat
2009-04-18 14:41 . 2001-09-06 12:00 460722 ----a-w c:\windows\system32\perfh016.dat
2009-04-17 04:31 . 2008-12-04 19:01 -------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\SACore
2009-04-16 04:24 . 2008-09-06 20:32 30696 ----a-w c:\documents and settings\MAS\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2009-04-13 22:51 . 2008-11-23 00:07 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Vso
2009-04-13 22:31 . 2008-10-20 01:40 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-04-13 18:29 . 2008-09-12 14:10 -------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2009-03-15 22:20 . 2009-03-15 04:08 -------- d-----w c:\arquivos de programas\DAP
2009-03-15 04:08 . 2009-03-15 04:08 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit
2009-03-15 04:08 . 2009-03-15 04:08 50688 ----a-w c:\windows\system32\wbhelp2.dll
2009-03-14 20:11 . 2009-03-14 20:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\TVU Networks
2009-03-06 14:20 . 2001-09-06 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 05:19 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Free Download Manager
2009-03-03 00:06 . 2001-09-06 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 02:24 . 2008-12-26 21:24 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Dev-Cpp
2009-02-28 05:36 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Software Informer
2009-02-20 17:11 . 2008-09-02 21:56 78336 ------w c:\windows\system32\ieencode.dll
2009-02-09 14:06 . 2001-09-06 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:25 . 2001-09-05 23:10 2028032 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:25 . 2001-09-06 12:00 2149376 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2001-09-06 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2001-09-06 12:00 731648 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2001-09-06 12:00 730624 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2001-09-06 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 2001-09-06 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-06 10:39 . 2001-09-06 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2001-09-06 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
2008-11-23 00:07 . 2008-11-23 00:07 47360 ----a-w c:\documents and settings\MAS\Dados de aplicativos\pcouffin.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-19_16.15.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-02 21:40 . 2001-09-06 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2008-09-06 12:18 . 2008-01-18 15:13 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat
+ 2008-09-06 12:18 . 2008-01-18 15:13 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-12-19 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MAS^Menu Iniciar^Programas^Inicializar^HDDlife.lnk]
backup=c:\windows\pss\HDDlife.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Fake Webcam\\FakeWebcam.exe"=
"c:\\bin\\bin\\httpd.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"<NO NAME>"=
R2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys [2002-10-20 515803]
R3 Apache2.2;Apache2.2;c:\bin\bin\httpd.exe [2008-06-13 24635]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 HDDlife HDD Access service;HDDlife HDD Access service;c:\arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe [2008-02-15 832760]
R3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2002-07-24 10986]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.zombol.com/
uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm
IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {ABA17553-A768-4D00-9F0E-DA50514A97F3} = 200.204.0.10 200.204.0.138
TCP: {B32126D9-01AA-4ECB-9F7D-4681B2A7CE96} = 200.221.11.100,200.221.11.101
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll
FF - ProfilePath - c:\documents and settings\MAS\Dados de aplicativos\Mozilla\Firefox\Profiles\6u8zjpib.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 14:34
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\arquivos de programas\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-04-23 14:35 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-04-23 17:35
ComboFix2.txt 2009-04-20 15:54
ComboFix3.txt 2009-04-19 16:15
Pré-execução: 23 pasta(s) 88.115.068.928 bytes disponíveis
Pós execução: 22 pasta(s) 88.046.166.016 bytes disponíveis
Boa Tarde! _bruninha
<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.
<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )
<@> Clique em Executar --> Aguarde!
<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.
<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!
<><><><><><><><><><><>
<@> Execute estas tools,para remoção de entradas no registro,que possam dificultar ou impossibilitar a instalação de seus programas de proteção.
<@> Após isso,tente reinstalar o Avira ou McAfee.
<><><><><><><><><><><>
<@> Baixe: < Norton Removal Tool >
<@> Baixe: < avgremover >
<><><><><><><><><><><>
<@> Vá a esta página e baixe: < Avira Antivir RegistryCleaner >
<@> Execute o utilitário,mas...não esqueça de tirá-lo do zip.
<><><><><><><><><><><>
<!> Após instalar seu antivirus,faça um scan com o mesmo e poste o relatório.
Abraços!
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Bom Dia! _bruninha
<@> Baixe: < FindyKill > ( ...par Chiquitine29 )
<@> Salve-a em Arquivos de Programas!
<@> Feche programas que estejam abertos.
<@> Desabilite a proteção residente de antivírus e antispywares.
<@> Ps: A detecção dessa ferramenta,por antivírus,é um falso positivo!
<@> Instale a ferramenta,e aceite todas as condições pedidas.
<@> Terminando;execute a ferramenta com um duplo-clique,em: C:\Arquivos de Programas\FindyKill\FindyKill.bat <--
<@> No prompt,aperte o C. --> Enter. <-- Opção de linguas!
<@> À seguir,aperte o 2. ( "Eliminar los ficheros infectados" )
<@> Aperte Enter --> O computador vai reiniciar,por duas vezes! --> Aguarde!
<@> Terminando,clique em uma área vazia do prompt! --> Aperte Enter.
<@> Abrir-se-à o Bloco de Notas,com o relatório: C:\FindyKill.txt <-- Rapport!
<><><><><><><><><><><>
<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://virusscan.jotti.org/images/drweb.gif&key=694fc839d5530915b206f0fd10b2abc7c3c10c8c2ace4928f7da2ab78e620150" alt="drweb.gif" /> >
<@> Salve-o no desktop!
<@> Reinicie o computador em Modo de Segurança.
<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.
<@> Na janela que abrir,clique em Iniciar --> OK.
<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!
<@> Terminando,marque a caixa de "Verificação Completa".
<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".
>
Neste modo são verificados os seguintes objectos:
***** Sectores de Arranque de Todos os Discos. <--
***** Todas as Unidades Removíveis. <--
***** Todos os Discos Locais. <--
<@> Clique em "Iniciar verificação" --> Aguarde!
<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.
<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".
<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Texto!
<@> Poste: DrWeb.csv + HijackThis,atualizado.
Abraços!