Sideblu 0 Denunciar post Postado Fevereiro 6, 2008 Gostaria da analise de meu log, por favor está aparecendo páginas do nada e erros... Logfile of HijackThis v1.99.1 Scan saved at 12:46:26, on 6/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Downloads\hijackthis removedor de pragas\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=61005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe Obrigado... Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Fevereiro 8, 2008 Opa Sideblu, Baixe o ComboFix em: ComboFix 1) Desabilite o seu anti-vírus temporariamente; 2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos; 3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção); 4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt; 5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco); 6) Para parar ou sair do ComboFix, tecle "N"; 7) Reabilite o seu anti-vírus; 8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Sideblu 0 Denunciar post Postado Fevereiro 10, 2008 Amigo, Posso excluir este programa depois de terminar, gerou mais dois arquivos... Obrigado... Caro... ComboFix 08-02.05.3 - Administrador 2008-02-10 14:20:40.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.191 [GMT -3:00] Executando de: C:\ComboFix para buscar no sistema (cuidado).exe * Criado um novo ponto de restauro WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe . ((((((((((((((((((((((( Ficheiros criados de 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))) . 2008-02-10 14:20 . 2008-02-10 14:20 <DIR> d-------- C:\Temp\WPDNSE 2008-02-10 14:19 . 2008-02-10 14:19 16,384 --a----t- C:\Temp\Perflib_Perfdata_63c.dat 2008-02-10 13:55 . 2008-02-10 13:55 <DIR> d-------- C:\Temp\Google Toolbar 2008-02-10 12:23 . 2008-02-10 14:20 <DIR> d-------- C:\Temp\_avast4_ 2008-02-10 00:20 . 2008-02-10 00:20 1,593,889 --a------ C:\ComboFix para buscar no sistema (cuidado).exe 2008-02-08 23:44 . 2008-02-09 00:50 <DIR> d-------- C:\LinhaDefensiva 2008-02-07 12:30 . 2008-02-07 12:44 <DIR> d-------- C:\Arquivos de programas\DAP 2008-02-07 12:30 . 2008-02-07 12:30 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx 2008-02-07 12:30 . 2008-02-07 12:30 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx 2008-02-07 12:30 . 2008-02-07 12:30 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2008-01-30 19:35 . 2008-02-10 14:22 <DIR> d-------- C:\Temp\MessengerCache 2008-01-30 11:24 . 2008-02-07 12:59 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP 2008-01-29 22:04 . 2008-01-30 11:35 <DIR> dr--s---- C:\WINDOWS\assembly 2008-01-29 22:03 . 2008-01-30 11:35 <DIR> d-------- C:\WINDOWS\Microsoft.NET 2008-01-25 21:19 . 2008-01-25 21:19 0 ---hs---- C:\WINDOWS\S0EF39782.tmp 2008-01-25 21:18 . 2008-01-25 21:54 <DIR> d-------- C:\Arquivos de programas\Elaborate Bytes 2008-01-23 18:55 . 2004-08-04 00:45 380,928 --a------ C:\WINDOWS\system32\irprops.cpl 2008-01-23 18:55 . 2004-08-04 00:45 380,928 --a--c--- C:\WINDOWS\system32\dllcache\irprops.cpl 2008-01-13 11:26 . 2008-01-20 10:57 <DIR> d-------- C:\Arquivos de programas\Free Download Manager 2008-01-12 07:14 . 2008-02-09 15:42 <DIR> d-------- C:\Arquivos de programas\Mozilla Firefox . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 17:18 780,140,544 --sha-w C:\pagefile.sys 2008-02-10 05:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater 2008-02-08 21:00 --------- d-----w C:\Arquivos de programas\Norton Security Scan 2008-02-08 16:26 --------- d-----w C:\Arquivos de programas\Windows Media Player 2008-02-08 11:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared 2008-02-07 18:45 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center 2008-02-04 15:46 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Vso 2008-02-04 15:01 --------- d-----w C:\Arquivos de programas\DVDFab Platinum 4 2008-01-30 21:36 10,752 ----a-w C:\WINDOWS\system32\BASSMOD.dll 2008-01-30 21:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns 2008-01-30 01:03 --------- d-----w C:\Arquivos de programas\Internet Explorer 2008-01-22 12:31 --------- d-----w C:\Arquivos de programas\DivX 2008-01-20 19:14 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-01-20 19:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield 2008-01-09 03:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe 2008-01-09 03:24 --------- d-----w C:\Arquivos de programas\Adobe 2008-01-07 01:24 --------- d-----w C:\Arquivos de programas\EA GAMES 2008-01-06 18:55 --------- d-----w C:\Arquivos de programas\eMule 2008-01-05 02:18 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\DVDFab 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-01-04 03:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk 2008-01-04 02:29 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-01-04 02:29 47,360 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys 2008-01-03 23:06 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink 2008-01-02 18:21 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe 2007-12-25 18:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio 2007-12-24 01:12 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-11-13 11:31 60,416 ------w C:\WINDOWS\system32\tzchange.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 25088] "swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 22:45 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224] "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:45 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 25088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-09-20 15:35 202024 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 00:45 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] --a------ 2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE] c:\Arquivos de programas\Download Direct\DLD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 09:51 1836328 C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 132496 C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-10-18 22:45 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5c1ee65-7434-11dc-9163-000c55f9157b}] \Shell\AutoRun\command - RavMon.exe \Shell\explore\Command - RavMon.exe -e \Shell\open\Command - RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8b640d-cb8e-11dc-9249-0019db90e603}] \shell\play\Command - "C:\Arquivos de programas\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" . Conteúdo da pasta 'Tarefas Agendadas' "2008-02-08 21:00:12 C:\WINDOWS\Tasks\Norton Security Scan.job" - c:\Arquivos de programas\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-10 14:22:42 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Fevereiro 11, 2008 Opa Sideblu, Vá em Iniciar -> Executar -> digite regedit -> dê Ok. Navegue até a seguinte subchave: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2 Localize e delete a seguinte pasta: {a5c1ee65-7434-11dc-9163-000c55f9157b} Saia do Editor do Registro. Poste um novo log do ComboFix. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Sideblu 0 Denunciar post Postado Março 1, 2008 AMIGO, DESCULPE A DEMORA, TIVE PROBLEMAS NO MEU MONITOR... ComboFix 08-03-01.3 - Administrador 2008-03-01 17:59:20.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.187 [GMT -3:00] Executando de: C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\C3VGLVC0\ComboFix[1].exe * Criado um novo ponto de restauro WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe . ((((((((((((((((((((((( Ficheiros criados de 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))) . 2008-03-01 17:59 . 2008-03-01 17:59 <DIR> d-------- C:\Temp\WPDNSE 2008-02-29 22:48 . 2008-02-29 22:48 <DIR> d-------- C:\Temp\Google Toolbar 2008-02-27 23:13 . 2008-03-01 09:02 <DIR> d-------- C:\Temp\_avast4_ 2008-02-27 14:28 . 2008-02-27 14:28 16,384 --------- C:\Temp\Perflib_Perfdata_644.dat 2008-02-25 08:04 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-02-25 08:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-02-25 08:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-02-25 08:04 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-02-25 07:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-25 07:16 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-02-25 07:16 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-24 17:56 . 2008-02-24 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-02-24 17:56 . 2008-02-24 17:56 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-02-24 01:06 . 2008-02-24 01:06 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\ZoomBrowser EX 2008-02-24 00:56 . 2008-02-25 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ZoomBrowser 2008-02-24 00:56 . 2008-02-24 00:57 <DIR> d-------- C:\Arquivos de programas\Canon 2008-02-24 00:53 . 2008-02-24 00:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Canon 2008-02-20 21:54 . 2008-02-20 22:00 <DIR> d-------- C:\Incomplete 2008-02-20 21:52 . 2008-02-20 22:00 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWireTurbo 2008-02-20 21:52 . 2008-02-20 22:08 <DIR> d-------- C:\Arquivos de programas\LimeWire Turbo 2008-02-15 23:47 . 2008-03-01 18:01 <DIR> d-------- C:\Temp\MessengerCache 2008-02-11 07:02 . 2008-02-11 07:02 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-02-10 14:19 . 2004-08-04 00:45 401,920 --a------ C:\WINDOWS\system32\kmd.exe 2008-02-07 12:30 . 2008-02-11 07:03 <DIR> d-------- C:\Arquivos de programas\DAP 2008-02-07 12:30 . 2008-02-07 12:30 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx 2008-02-07 12:30 . 2008-02-07 12:30 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx 2008-02-07 12:30 . 2008-02-07 12:30 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-01 02:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater 2008-03-01 01:10 --------- d-----w C:\Arquivos de programas\Norton Security Scan 2008-02-29 21:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared 2008-02-24 20:56 --------- d-----w C:\Arquivos de programas\Windows Live 2008-02-20 21:28 --------- d-----w C:\Arquivos de programas\eMule 2008-02-15 00:43 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-02-11 10:00 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP 2008-02-07 18:45 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center 2008-02-04 15:46 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Vso 2008-02-04 15:01 --------- d-----w C:\Arquivos de programas\DVDFab Platinum 4 2008-01-26 00:54 --------- d-----w C:\Arquivos de programas\Elaborate Bytes 2008-01-22 12:31 --------- d-----w C:\Arquivos de programas\DivX 2008-01-20 19:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield 2008-01-20 13:57 --------- d-----w C:\Arquivos de programas\Free Download Manager 2008-01-09 03:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe 2008-01-07 01:24 --------- d-----w C:\Arquivos de programas\EA GAMES 2008-01-05 02:18 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\DVDFab 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-01-04 03:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk 2008-01-04 02:29 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-01-04 02:29 47,360 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys 2008-01-03 23:06 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink 2007-12-07 02:09 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr . ------- Sigcheck ------- 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\winlogon.exe ----a-w 543,744 2004-08-04 03:45:46 C:\WINDOWS\system32\winlogon.exe -c--a-w 543,744 2004-08-04 03:45:46 C:\WINDOWS\system32\dllcache\winlogon.exe ----a-w 504,320 2004-08-04 03:45:46 C:\WINDOWS\VistaMizer\old\winlogon.exe 5ba55b3d2a842e71b435da02bf3f996d C:\WINDOWS\system32\ntkrnlpa.exe ----a-w 2,061,184 2005-03-02 18:13:12 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe ----a-w 2,063,616 2007-02-28 16:08:25 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe ------w 2,061,824 2007-02-28 16:02:34 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe ----a-w 2,318,592 2007-02-28 16:02:34 C:\WINDOWS\system32\ntkrnlpa.exe -c--a-w 2,318,592 2007-02-28 16:02:34 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe ----a-w 2,061,824 2007-02-28 16:02:34 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe 8d05273c2f698acdd9cf069b8bf0702d C:\WINDOWS\system32\ntoskrnl.exe ----a-w 2,183,808 2005-03-02 18:13:23 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe ----a-w 2,186,368 2007-02-28 16:08:18 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe ------w 2,184,576 2007-02-28 16:02:28 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe ----a-w 2,441,344 2007-02-28 16:02:28 C:\WINDOWS\system32\ntoskrnl.exe -c--a-w 2,441,344 2007-02-28 16:02:28 C:\WINDOWS\system32\dllcache\ntoskrnl.exe ----a-w 2,184,576 2007-02-28 16:02:28 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe 7062d4a59c277fb6f4447460dbf0ca73 C:\WINDOWS\explorer.exe ----a-w 1,553,920 2007-06-13 13:21:56 C:\WINDOWS\explorer.exe ----a-w 1,035,264 2007-06-13 13:10:29 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe -c--a-w 1,553,920 2007-06-13 13:21:56 C:\WINDOWS\system32\dllcache\explorer.exe ----a-w 1,035,264 2007-06-13 13:21:56 C:\WINDOWS\VistaMizer\old\explorer.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 25088] "swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 22:45 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224] "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 25088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-09-20 15:35 202024 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 00:45 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] --a------ 2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE] c:\Arquivos de programas\Download Direct\DLD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 09:51 1836328 C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 132496 C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-10-18 22:45 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) "ALG"=3 (0x3) "BthServ"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\eMule\\emule.exe"= "C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8b640d-cb8e-11dc-9249-0019db90e603}] \shell\play\Command - "C:\Arquivos de programas\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" *Newly Created Service* - ERASERUTILDRV10741 . Conteúdo da pasta 'Tarefas Agendadas' "2008-02-29 22:44:34 C:\WINDOWS\Tasks\Norton Security Scan.job" - c:\Arquivos de programas\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-01 18:01:53 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-03-01 18:03:10 ComboFix-quarantined-files.txt 2008-03-01 21:02:42 . 2008-02-27 01:38:15 --- E O F --- AGRADEÇO... Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Março 2, 2008 Opa Sideblu, Siga as instruções: 1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote": File::C:\WINDOWS\system32\kmd.exe C:\WINDOWS\_MSRSTRT.EXE ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário. 2. Salve o arquivo como CFScript.txt; 3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe. 4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Sideblu 0 Denunciar post Postado Março 4, 2008 Amigo, desculpe minha ignorância mas nâo entendi o primeiro passo... Você pode colocar de ourea forma... Obrigado... Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Março 9, 2008 Amigo, desculpe minha ignorância mas nâo entendi o primeiro passo... Você pode colocar de ourea forma... Obrigado... 1. Você deve abrir o Bloco de notas (Iniciar -> Programas -> Acessórios); 2. Copiar e colar o seguinte texto: File:: C:\WINDOWS\system32\kmd.exe C:\WINDOWS\_MSRSTRT.EXE 3. Salvar o documento como CFScript em seu desktop; 4. Tal como exemplificado na figura abaixo, arrastar o arquivo CFScript.txt para o ComboFix.exe. 5. Ao término do processo você deverá postar o conteúdo do log gerado (ele estará em C:\ComboFix.txt). Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 13, 2008 Tópico Arquivado Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
