[Resolvido!] Erro 2889. Será q estou com vírus?

Aline Branco · Outubro 19, 2008

Boa tarde! :grin:

Essa semana, fui instalar dois programas diferentes e em ambos deu erro 2889. :(

Vi na internet q podia ser vírus.

Atualizei AVG, Spybot e Ad-Aware. E scaniei meu computador com os três.

Os programas acharam alguns probleminhas q foram resolvidos.

Tentei novamente instalar um programa e deu o mesmo erro 2889. :cry:

Eu já havia instalado esse mesmo programa no meu computador anteriormente. E desinstalei pq parei de usar. Logo, não acho q o programa que desejo instalar esteja com algum defeito ou problema.

Alguém poderia me ajudar?

O q fazer???? :wacko:

Desde já, muito obrigada!

Aline Branco · Outubro 20, 2008

Boa noite!

Acho q estou mesmo com vírus. Agora, não consigo escanear uma imagem. O programa para no meio. Trava. Não consigo prosseguir e nem fechar. :wacko:

Deu problema também no photoshop. Simplesmente não abriu. :cry: :cry: :cry: :cry: :cry: :cry: :cry:

Por favor me ajudem!!!!!!!!!!!

PedroN · Outubro 20, 2008

Opa Aline Branco, siga o tópico abaixo e retorne aqui com o log do hijackthis.

http://forum.imasters.com.br/index.php?showtopic=165906

Perfect

Aline Branco · Outubro 20, 2008

Muito obrigada por me responder. :thumbsup:

Baixei o programa e vou executar e postar o log agora, ok?!

Muito obrigada mesmo!

Nine

Aline Branco · Outubro 20, 2008

Resultado :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:53:02, on 20/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\WService.EXE

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\Drivers\WTSRV.EXE

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\HiJack\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {C90308FB-3FF3-4FE7-822A-93455841F457} - C:\WINDOWS\system32\cbXOFXQk.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WService] WService.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Arquivos de programas\ICQ6.5\ICQ.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216943210781

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--

End of file - 11390 bytes

PedroN · Outubro 20, 2008

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

- Na solicitação: "Negação de garantia de software" --> Clique em Sim!

-- Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrir-se-á a janela Auto Scan. --> Aguarde!

- Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Aline Branco · Outubro 20, 2008

Ok, vamos lá! Baixei e vou executar.

MUITO OBRIGADA!!!!!!!!!!

Já volto pra postar o resultado.

Nine

Aline Branco · Outubro 20, 2008

Postando o resultado do ComboFix:

ComboFix 08-10-19.04 - Administrador 2008-10-20 20:52:59.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.611 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\kQXFOXbc.ini

C:\WINDOWS\system32\kQXFOXbc.ini2

C:\WINDOWS\system32\ssldivx.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-20 to 2008-10-20 ))))))))))))))))))))))))))))

.

2008-10-20 20:55 . 2008-10-20 20:55 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-10-20 20:55 . 2008-10-20 20:55 <DIR> d-------- C:\WINDOWS\system32\oobe

2008-10-20 20:55 . 2008-10-20 20:55 <DIR> d--hs---- C:\WINDOWS\system32\dllcache

2008-10-20 20:55 . 2008-10-20 20:55 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-10-20 09:45 . 2008-10-20 09:53 <DIR> d-------- C:\HiJack

2008-10-18 15:01 . 2008-10-19 16:24 2,516 --ahs---- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-10-18 15:01 . 2008-10-19 15:01 88 -r-hs---- C:\Documents and Settings\All Users\Dados de aplicativos\90F7399C77.sys

2008-10-18 10:57 . 2008-10-18 10:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis

2008-10-18 10:55 . 2008-10-18 10:55 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-10-18 10:52 . 2008-10-18 10:52 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-10-17 23:00 . 2008-10-20 20:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-10-17 23:00 . 2008-10-18 11:51 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AVGTOOLBAR

2008-10-17 23:00 . 2008-10-17 23:00 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-10-17 23:00 . 2008-10-17 23:00 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-10-17 23:00 . 2008-10-17 23:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-10-16 21:49 . 2008-10-17 23:36 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-10-14 00:46 . 2008-10-14 00:46 221 --a------ C:\WINDOWS\NCLogConfig.ini

2008-10-11 12:58 . 2008-10-11 12:58 <DIR> d-------- C:\Arquivos de programas\Microsoft

2008-10-11 12:53 . 2008-10-11 12:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-10-10 11:48 . 2008-10-10 11:48 268 --ah----- C:\sqmdata19.sqm

2008-10-10 11:48 . 2008-10-10 11:48 244 --ah----- C:\sqmnoopt19.sqm

2008-10-09 11:18 . 2008-10-09 11:18 268 --ah----- C:\sqmdata18.sqm

2008-10-09 11:18 . 2008-10-09 11:18 244 --ah----- C:\sqmnoopt18.sqm

2008-10-09 01:31 . 2008-10-09 01:31 268 --ah----- C:\sqmdata17.sqm

2008-10-09 01:31 . 2008-10-09 01:31 244 --ah----- C:\sqmnoopt17.sqm

2008-10-08 12:52 . 2008-10-08 12:52 268 --ah----- C:\sqmdata16.sqm

2008-10-08 12:52 . 2008-10-08 12:52 244 --ah----- C:\sqmnoopt16.sqm

2008-10-04 12:22 . 2008-10-04 12:22 <DIR> d-------- C:\Arquivos de programas\Ares

2008-09-28 14:46 . 2008-09-28 14:46 142 --a------ C:\WINDOWS\PenSign.INI

2008-09-28 12:34 . 2008-09-28 13:04 <DIR> d-------- C:\Arquivos de programas\GENIUS TABLET

2008-09-28 12:34 . 2003-11-25 08:58 315,392 --a------ C:\WINDOWS\SETUPX32.EXE

2008-09-28 12:34 . 2003-12-23 07:33 378 --a------ C:\WINDOWS\SETUPEXT.INF

2008-09-27 16:40 . 2008-09-27 16:40 <DIR> d-------- C:\PenClean

2008-09-24 02:27 . 2008-09-24 02:27 268 --ah----- C:\sqmdata15.sqm

2008-09-24 02:27 . 2008-09-24 02:27 244 --ah----- C:\sqmnoopt15.sqm

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-18 19:30 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-10-18 18:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-18 17:01 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Corel

2008-10-18 12:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-10-18 12:54 --------- d-----w C:\Arquivos de programas\Corel

2008-10-18 01:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-10-18 00:47 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-10-18 00:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-10-18 00:47 --------- d-----w C:\Arquivos de programas\CyberLink DVD Solution

2008-10-14 13:09 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Image Zone Express

2008-10-11 14:59 --------- d-----w C:\Arquivos de programas\Windows Live

2008-10-04 16:23 18,872 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-09-14 18:24 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2008-09-14 18:23 --------- d-----w C:\Arquivos de programas\Bonjour

2008-09-14 18:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Apple

2008-09-14 18:21 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-09-14 18:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-09-09 03:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll

2008-08-29 13:29 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\ICQ

2008-08-29 13:29 --------- d-----w C:\Arquivos de programas\ICQ6.5

2008-08-29 13:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe

2008-08-29 13:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ICQ

2008-08-29 13:17 --------- d-----w C:\Arquivos de programas\ICQ6Toolbar

2008-08-29 12:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll

2008-08-22 12:37 --------- d-----w C:\Arquivos de programas\DivX

2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

------- Sigcheck -------

2004-08-03 19:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\system32\svchost.exe

2005-08-31 00:12 577536 3ed0a4d74efd5aaf8408095f452e2613 C:\WINDOWS\system32\user32.dll

2004-08-03 19:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\system32\ws2_32.dll

2005-08-31 00:13 661504 cb38f344faa2cc14a3c6d4e64073f07b C:\WINDOWS\system32\wininet.dll

2005-08-31 00:14 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-03 19:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\system32\winlogon.exe

2004-08-03 18:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 18:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-08-31 00:24 2019328 ebe37bd5db4e084001ac3257715ca35e C:\WINDOWS\system32\ntkrnlpa.exe

2005-08-31 00:12 2139648 f7d03e7aa3351104a96af26cdd317451 C:\WINDOWS\system32\ntoskrnl.exe

2005-08-31 00:12 1034240 07af0154923df6dec6de9ca0d4b04f8f C:\WINDOWS\explorer.exe

2004-08-03 19:45 108544 cc73c4430c2fc27fde16a0a4e3678148 C:\WINDOWS\system32\services.exe

2004-08-03 19:45 13312 35c6463b3c5f62d2b20c953b6e1538e9 C:\WINDOWS\system32\lsass.exe

2004-08-03 19:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\system32\ctfmon.exe

2005-08-31 00:13 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe

2004-08-03 19:45 24576 4ca695ec1ee4c7cf2144dfa00ea0e1f7 C:\WINDOWS\system32\userinit.exe

2004-08-03 19:45 296960 23dff6daa7565cc5802e057a6b9f585e C:\WINDOWS\system32\termsrv.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]

"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-01-14 339968]

"QuickTime Task"="C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-10-17 1234712]

"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]

"WService"="WService.EXE" [2002-09-07 C:\WINDOWS\system32\WService.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 44544]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2008-08-21 13:45 888832 C:\Arquivos de programas\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

--a------ 2008-08-03 07:58 172792 C:\Arquivos de programas\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2008-09-09 01:02 3513344 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"C:\\Arquivos de programas\\eMule\\eMule.exe"=

"C:\\Arquivos de programas\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Autodesk\\3dsMax8\\3dsmax.exe"=

"C:\\Arquivos de programas\\Autodesk\\backburner\\monitor.exe"=

"C:\\Arquivos de programas\\Autodesk\\backburner\\manager.exe"=

"C:\\Arquivos de programas\\Autodesk\\backburner\\server.exe"=

"C:\\Arquivos de programas\\ICQ6.5\\ICQ.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-17 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-10-17 875288]

R2 avg8wd;AVG Free8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-10-17 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-17 76040]

R2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

S3 getPlus® Helper;getPlus® Helper;C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{397edf8e-4ed9-11dd-b576-001a928a6fca}]

\Shell\AutoRun\command - NTrun.exe

\Shell\explore\Command - NTrun.exe

\Shell\open\Command - NTrun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-09-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

.

- - - - ORFÃOS REMOVIDOS - - - -

BHO-{C90308FB-3FF3-4FE7-822A-93455841F457} - C:\WINDOWS\system32\cbXOFXQk.dll

HKU-Default-Run-MsnMsgr - C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\3qf46zdg.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.cancerdemama.com.br/

FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-20 20:55:51

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\drivers\WtSrv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-20 21:01:18 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-20 23:00:39

Pré-execução: 16 pasta(s) 18.953.101.312 bytes disponíveis

Pós execução: 16 pasta(s) 19,548,364,800 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

251

Aline Branco · Outubro 20, 2008

Postando HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:07:00, on 20/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\WService.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\Drivers\WTSRV.EXE

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\HiJack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896