[Arquivado]Acho que meu computador foi invadido, &#

[Bond2006 0]

Ola pessoal acho que o meu computador foi invadido pq percebi que a imagem de fundo da minha tela mudou sem que eu a trocasse, e outra coisa eu to tendo de instalar todos os meus programas novamente e 2 pastas minhas : Meu Computador e Meus Documentos também sumiram da tela e eu tive q cria-las novamente e outra coisa o meu ícone do disquete também sumiu e se eu tento acessar a unidade A pelo prompt aparece a seguinte mensagem : O sistema não pode encotrar a unidade especificada, eu gostaria muito que vocês me ajudassem , abaixo segue o meu log aguardo o retorno de vocês,obrigado.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:58:11, on 02/09/06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

c:\arquivos de programas\mcafee.com\agent\mcdetect.exe

c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\Arquivos de programas\Timer-Net 2.3 - Grátis\Timer-net.exe

C:\Arquivos de programas\winpatrol.exe

C:\Arquivos de programas\McAfee.com\VSO\mcvsshld.exe

C:\Arquivos de programas\McAfee.com\VSO\oasclnt.exe

C:\Arquivos de programas\BitComet\BitComet.exe

c:\arquiv~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Luis\Desktop\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE

C:\Documents and Settings\Luis\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.uol.com.br/

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Arquivos de programas\DAP\DAPBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\ARQUIV~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [Timer] C:\Arquivos de programas\Timer-Net 2.3 - Grátis\Timer-net.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Arquivos de programas\winpatrol.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARQUIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Arquivos de programas\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Arquivos de programas\McAfee.com\VSO\oasclnt.exe

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Luis\Desktop\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\arquivos de programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

[jgarcia 1]

Opa Bond2006,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.

[Bond2006 0]

Ola fiz o scan com o panda e estou mandando o log dele e do Hijackthis :

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:24:30, on 09/09/06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

c:\arquivos de programas\mcafee.com\agent\mcdetect.exe

c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\Arquivos de programas\Timer-Net 2.3 - Grátis\Timer-net.exe

C:\Arquivos de programas\winpatrol.exe

C:\Arquivos de programas\McAfee.com\VSO\mcvsshld.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

c:\arquiv~1\mcafee.com\vso\mcvsescn.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Documents and Settings\Luis\Desktop\WinZip\WZQKPICK.EXE

c:\arquiv~1\mcafee.com\vso\mcvsftsn.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Luis\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.uol.com.br/

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Arquivos de programas\DAP\DAPBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\ARQUIV~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [Timer] C:\Arquivos de programas\Timer-Net 2.3 - Grátis\Timer-net.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Arquivos de programas\winpatrol.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARQUIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Arquivos de programas\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Arquivos de programas\McAfee.com\VSO\oasclnt.exe

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Luis\Desktop\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E70C496-1442-4B25-8D10-18D8B43C334B}: NameServer = 200.147.255.101 200.221.11.100

O17 - HKLM\System\CS1\Services\Tcpip\..\{3E70C496-1442-4B25-8D10-18D8B43C334B}: NameServer = 200.147.255.101 200.221.11.100

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\arquivos de programas\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARQUIV~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

 

 

 

 

Log do Panda :

 

 

Incident Status Location

 

Dialer:dialer.xd Not disinfected c:\windows\switchagreement.txt

Adware:adware/whenusearch Not disinfected c:\arquivos de programas\arquivos comuns\WhenU

Adware:adware/ist.istbar Not disinfected c:\arquivos de programas\arquivos comuns\Totem Shared

Potentially unwanted tool:application/errorsafe Not disinfected hkey_local_machine\software\Error Safe Free

Adware:adware/ucontrol Not disinfected Windows Registry

Potentially unwanted tool:application/mediapipe Not disinfected hkey_classes_root\clsid\{B3E19860-0CD5-4991-A066-4FCA2704DE59}

Adware:adware/weirdontheweb Not disinfected Windows Registry

Adware:adware/powerstrip Not disinfected Windows Registry

Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\system32\mshlpa.exe

Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@advertising[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@de.uol.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@uol.com[1].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@ad.yieldmanager[1].txt

Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@admotion.com[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@atdmt[1].txt

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@statcounter[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@google.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@terra.com[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@doubleclick[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@tribalfusion[1].txt

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@adultfriendfinder[2].txt

Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@sexlist[1].txt

Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@cs.sexcounter[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Luis\Configurações locais\Temp\Cookies\luis@ig.com[1].txt

Dialer:Dialer.ABR

[jgarcia 1]

Opa Bond2006,

 

Baixe o SpySweeper e atualize o banco de dados, mas não o execute ainda.

 

Baixe o CCleaner, mas não o execute ainda.

 

Reinicie em Modo Seguro.

 

Execute uma verificação completa com o SpySweeper.

 

Reinicie em Modo Normal.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Execute o Active Scan novamente e veja se ainda detecta algo.

 

Abraços.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.