~TiuTalk~ 7 Denunciar post Postado Setembro 30, 2008 Olá gente, É a segunda vez que esse spyware acaba com o meu dia (a outra vez foi semana passada, mas consegui remover com o spybot, so que dessa vez não foi)... Vários sites que tendo acessar tão sendo redirecionados pra um site falso do godaddy... Alguém sabe de alguma ferramenta que possa me ajudar? Talvez um reset nos hostfiles resolva... não sei... Abraços Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 30, 2008 Opa ~TiuTalk~, - Poste um log do hijackthis! Compartilhar este post Link para o post Compartilhar em outros sites
~TiuTalk~ 7 Denunciar post Postado Setembro 30, 2008 Log com o meu usuário: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:28:51, on 30/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe C:\arquivos de programas\TuneUp Utilities 2008\MemOptimizer.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\McAfee\Common Framework\McTray.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.cbmultimidia.com.br/intranet/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.cbmultimidia.com.br/intranet/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\arquivos de programas\TuneUp Utilities 2008\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Service Manager.lnk.disabled O8 - Extra context menu item: Append to existing PDF - res://E:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://intranet.cbmultimidia.com.br/intranet/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206653936494 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sjb.com O17 - HKLM\Software\..\Telephony: DomainName = sjb.com O17 - HKLM\System\CCS\Services\Tcpip\..\{335F31FE-AB00-4973-BBA8-1FF0097A9FA7}: NameServer = 128.128.0.71,128.128.0.74 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sjb.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sjb.com O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: MSSQL$SQL - Unknown owner - C:\ARQUIV~1\Microsoft SQL Server\MSSQL$SQL\binn\sqlservr.exe (file missing) O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SQLAgent$SQL - Unknown owner - C:\ARQUIV~1\Microsoft SQL Server\MSSQL$SQL\binn\sqlagent.exe (file missing) O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe -- End of file - 7378 bytes =============================================================== Log com o usuário administrador: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:30:15, on 30/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\xampp\apache\bin\apache.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\ARQUIV~1\Microsoft SQL Server\MSSQL$SQL\binn\sqlservr.exe C:\xampp\mysql\bin\mysqld-nt.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe C:\ARQUIV~1\Microsoft SQL Server\MSSQL$SQL\binn\sqlagent.exe C:\xampp\apache\bin\apache.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.cbmultimidia.com.br/intranet/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.cbmultimidia.com.br/intranet/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [CGFLoader] C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe O4 - HKCU\..\Run: [CalibrizeResume] C:\Arquivos de programas\Calibrize\CalibrizeResume.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-151678558-206113811-152699781-10978\..\Run: [TuneUp MemOptimizer] "C:\arquivos de programas\TuneUp Utilities 2008\MemOptimizer.exe" autostart (User 'brunotrigueiro') O4 - HKUS\S-1-5-21-151678558-206113811-152699781-10978\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (User 'brunotrigueiro') O4 - Global Startup: Service Manager.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://intranet.cbmultimidia.com.br/intranet/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206653936494 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sjb.com O17 - HKLM\Software\..\Telephony: DomainName = sjb.com O17 - HKLM\System\CCS\Services\Tcpip\..\{335F31FE-AB00-4973-BBA8-1FF0097A9FA7}: NameServer = 128.128.0.71,128.128.0.74 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sjb.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sjb.com O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe -- End of file - 8758 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 30, 2008 - Baixe: < ComboFix.exe > - Salve-o no Desktop! - Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) - Feche todas as janelas e execute a ferramenta! Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.Salve-a no desktop,renomeada como: Kombo.exe Ps: Nomeie durante o salvamento,e não após salvá-la! Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas. - Abrirá a janela Auto Scan. Aguarde! - Digite a opção para continuar! >> Enter - Aguarde a conclusão! - Durante o scan,evite manusear o mouse ou teclado! <-- Importante! - Para parar ou sair do ComboFix,tecle "N". ---------------------- - Terminando,poste o relatório: C:\ComboFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
~TiuTalk~ 7 Denunciar post Postado Setembro 30, 2008 Olha só... Ainda não rodei esse combofix (só vou rodar mais tarde), mas creio que descobri aonde tá o arquivo malicioso... na minha pen drive (ainda não conectei ela no pc e tá indo de boa, sem dar problema) e ontem tava c/ ela conectada... 2 coisas: 1 - Tem algum tipo de antivirus pra pendrive, que fique dentro da pen e proteja-a? 2 - Tem como eu fixar esse problema na pen sem deixar que ela 'infecte' o computador mais uma vez? Compartilhar este post Link para o post Compartilhar em outros sites
~TiuTalk~ 7 Denunciar post Postado Outubro 1, 2008 Acho que o combofix resolveu... ComboFix 08-09-30.03 - vanissa 2008-09-30 22:40:06.1 - NTFSx86 NETWORKMicrosoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.264 [GMT -3:00] Executando de: C:\Documents and Settings\vanissa\Desktop\ComboFix.exe ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\angelica.paulo\Configura‡äes locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\brunotrigueiro\Cookies\brunotrigueiro@web2.checkm8[1].txt C:\Documents and Settings\jaimefilho\Configura‡äes locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\juliamoura\Configura‡äes locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\land\Configura‡äes locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\mano\Configura‡äes locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\suv\Configura‡äes locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\system32\AutoRun.inf . ((((((((((((((((((((((( Ficheiros criados de 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))) . 2008-09-30 00:26 . 2008-09-30 00:26 <DIR> d-------- C:\Arquivos de programas\Trend Micro 2008-09-21 20:37 . 2008-09-21 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-09-21 20:37 . 2008-09-21 21:03 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy 2008-09-21 20:00 . 2008-09-21 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft 2008-09-21 20:00 . 2008-09-21 20:00 <DIR> d-------- C:\Arquivos de programas\Lavasoft 2008-09-19 19:15 . 2008-09-21 22:36 <DIR> d-------- C:\EditPlus 2008-09-19 01:16 . 2008-09-19 01:40 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-09-10 18:55 . 2008-09-30 00:30 <DIR> d-------- C:\xampp 2008-09-09 22:19 . 2008-09-29 23:45 <DIR> d-------- C:\Documents and Settings\brunotrigueiro\Dados de aplicativos\MySQL 2008-09-09 22:15 . 2008-09-09 22:15 <DIR> d-------- C:\Arquivos de programas\MySQL 2008-09-09 19:08 . 2008-09-24 00:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-09 19:08 . 2008-09-09 19:08 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-08 18:16 . 2008-09-08 18:16 <DIR> d-------- C:\Arquivos de programas\TomBrennanSoftware 2008-09-06 18:07 . 2008-09-06 18:07 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-09-06 18:07 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-09-06 18:04 . 2008-09-06 18:04 <DIR> d-------- C:\Documents and Settings\brunotrigueiro\Dados de aplicativos\TuneUp Software 2008-09-06 18:03 . 2008-09-06 18:03 <DIR> d-------- C:\Documents and Settings\vanissa\Dados de aplicativos\TuneUp Software 2008-09-06 18:03 . 2008-09-06 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software 2008-09-06 18:02 . 2008-09-06 18:07 <DIR> d-------- C:\Arquivos de programas\TuneUp Utilities 2008 2008-09-06 18:01 . 2008-09-21 20:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2008-09-04 14:55 . 2008-09-04 14:55 <DIR> d-------- C:\Documents and Settings\jaimefilho\Contacts 2008-09-04 14:43 . 2008-03-27 14:30 <DIR> d--h----- C:\Documents and Settings\jaimefilho\Modelos 2008-09-04 14:43 . 2008-09-04 14:56 <DIR> dr------- C:\Documents and Settings\jaimefilho\Meus documentos 2008-09-04 14:43 . 2008-03-27 11:25 <DIR> dr------- C:\Documents and Settings\jaimefilho\Menu Iniciar 2008-09-04 14:43 . 2008-09-04 14:44 <DIR> dr------- C:\Documents and Settings\jaimefilho\Favoritos 2008-09-04 14:43 . 2008-09-04 15:01 <DIR> dr-h----- C:\Documents and Settings\jaimefilho\Dados de aplicativos 2008-09-04 14:43 . 2008-09-30 22:41 <DIR> d--h----- C:\Documents and Settings\jaimefilho\Configura‡äes locais 2008-09-04 14:43 . 2008-03-27 11:25 <DIR> d--h----- C:\Documents and Settings\jaimefilho\Ambiente de rede 2008-09-04 14:43 . 2008-03-27 11:25 <DIR> d--h----- C:\Documents and Settings\jaimefilho\Ambiente de impressÆo 2008-09-04 14:43 . 2008-09-04 17:45 <DIR> d-------- C:\Documents and Settings\jaimefilho 2008-09-02 18:57 . 2008-09-02 18:57 24,576 --a------ C:\WINDOWS\system32\plds4.dll 2008-09-02 18:56 . 2008-09-02 18:56 159,744 --a------ C:\WINDOWS\system32\nspr4.dll 2008-09-02 18:56 . 2008-09-02 18:56 28,672 --a------ C:\WINDOWS\system32\plc4.dll 2008-09-02 18:54 . 2008-09-02 18:53 465,088 --a------ C:\WINDOWS\system32\xpcom.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-30 02:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet 2008-09-18 23:00 --------- d-----w C:\Documents and Settings\brunotrigueiro\Dados de aplicativos\uTorrent 2008-08-26 22:30 --------- d-----w C:\Arquivos de programas\FreeRAM XP Pro 2008-08-16 05:10 --------- d-----w C:\Documents and Settings\vanissa\Dados de aplicativos\uTorrent 2008-08-16 04:53 --------- d-----w C:\Arquivos de programas\Calibrize 2008-08-14 07:13 --------- d-----w C:\Documents and Settings\brunotrigueiro\Dados de aplicativos\Feedreader 2008-08-14 07:02 --------- d-----w C:\Arquivos de programas\QuickRSS 2008-08-12 05:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn 2008-08-11 05:48 --------- d-----w C:\Documents and Settings\brunotrigueiro\Dados de aplicativos\Notepad++ 2008-08-10 01:47 --------- d-----w C:\Arquivos de programas\IE7 2008-08-09 09:00 --------- d-----w C:\Documents and Settings\brunotrigueiro\Dados de aplicativos\Tibia 2008-08-09 05:58 --------- d-----w C:\Documents and Settings\vanissa\Dados de aplicativos\Blumentals 2008-08-09 05:19 --------- d-----w C:\Arquivos de programas\FreeUndelete 2008-08-08 02:18 --------- d-----w C:\Documents and Settings\brunotrigueiro\Dados de aplicativos\DAEMON Tools 2008-08-07 21:51 --------- d-----w C:\Arquivos de programas\FileFilter 2008-08-07 03:28 --------- d-----w C:\Arquivos de programas\Paint.NET 2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-12 15:26 88 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\16509A3618.sys 2008-06-12 15:26 2,516 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2008-02-28 17:30 8,784 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\ractrlkeyhook.dll 2008-02-28 17:33 245,408 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\unicows.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CGFLoader"="C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984] "CalibrizeResume"="C:\Arquivos de programas\Calibrize\CalibrizeResume.exe" [2007-11-26 413696] "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShStatEXE"="C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216] "McAfeeUpdaterUI"="C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ Service Manager.lnk.disabled [2008-07-30 1920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMan"=SOUNDMAN.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"= S2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-06-14 17408] S2 MSSEARCH;Microsoft Search;C:\Arquivos de programas\Arquivos comuns\System\MSSearch\Bin\mssearch.exe [2000-07-12 73728] S2 MSSQL$SQL;MSSQL$SQL;C:\ARQUIV~1\Microsoft SQL Server\MSSQL$SQL\binn\sqlservr.exe [2000-08-06 7442493] S2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] S2 SQLAgent$SQL;SQLAgent$SQL;C:\ARQUIV~1\Microsoft SQL Server\MSSQL$SQL\binn\sqlagent.exe [2000-08-06 303170] S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-06 354560] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005cd5fc-42d4-11dd-a56b-0013d3872dcc}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e670b7-12f9-11dd-a50c-0013d3872dcc}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs . Conteúdo da pasta 'Tarefas Agendadas' . - - - - ORFAOS REMOVIDOS - - - - MSConfigStartUp-NBKeyScan - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Ccan Suplementar ------- . FireFox -: Profile - C:\Documents and Settings\vanissa\Dados de aplicativos\Mozilla\Firefox\Profiles\soxvoj95.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 22:42:18 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-09-30 22:44:38 ComboFix-quarantined-files.txt 2008-10-01 01:43:56 Pre-Run: 17 pasta(s) 68,800,454,656 bytes dispon¡veis Post-Run: 20 pasta(s) 69,137,121,280 bytes dispon¡veis 160 --- E O F --- 2008-09-11 04:26:55 Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 1, 2008 Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005cd5fc-42d4-11dd-a56b-0013d3872dcc}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e670b7-12f9-11dd-a50c-0013d3872dcc}] Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o junto com o novo log do hijackthis Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Novembro 3, 2008 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
