_bruninha 0 Denunciar post Postado Abril 18, 2009 Olá galera, estou com um problemão aqui. Meu anti-virus McAfee nã abre, o Spybot - Search & Destroy,Ad-Aware também não e nem o CCleaner eu estou conseguindo abrir aqui. preciso de uma ajuda urgente. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:31:59, on 18/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\MAS\Meus documentos\Downloads\HiJackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zombol.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\ARQUIV~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{ABA17553-A768-4D00-9F0E-DA50514A97F3}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{B32126D9-01AA-4ECB-9F7D-4681B2A7CE96}: NameServer = 200.221.11.100,200.221.11.101 O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\bin\bin\httpd.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 18, 2009 Bom Dia! _bruninha <@> Baixe: < FindyKill > ( ...par Chiquitine29 ) <@> Salve-a em Arquivos de Programas! <@> Feche programas que estejam abertos. <@> Desabilite a proteção residente de antivírus e antispywares. <@> Ps: A detecção dessa ferramenta,por antivírus,é um falso positivo! <@> Instale a ferramenta,e aceite todas as condições pedidas. <@> Terminando;execute a ferramenta com um duplo-clique,em: C:\Arquivos de Programas\FindyKill\FindyKill.bat <-- <@> No prompt,aperte o C. --> Enter. <-- Opção de linguas! <@> À seguir,aperte o 2. ( "Eliminar los ficheros infectados" ) <@> Aperte Enter --> O computador vai reiniciar,por duas vezes! --> Aguarde! <@> Terminando,clique em uma área vazia do prompt! --> Aperte Enter. <@> Abrir-se-à o Bloco de Notas,com o relatório: C:\FindyKill.txt <-- Rapport! <><><><><><><><><><><> <@> Baixe: < > <@> Salve-o no desktop! <@> Reinicie o computador em Modo de Segurança. <@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit. <@> Na janela que abrir,clique em Iniciar --> OK. <@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda! <@> Terminando,marque a caixa de "Verificação Completa". <@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis". Neste modo são verificados os seguintes objectos: * Sectores de Arranque de Todos os Discos. <-- * Todas as Unidades Removíveis. <-- * Todos os Discos Locais. <-- <@> Clique em "Iniciar verificação" --> Aguarde! <@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim. <@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios". <@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Texto! <@> Poste: DrWeb.csv + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
_bruninha 0 Denunciar post Postado Abril 18, 2009 Aqui estão DigRam DrWeb.csv DrWeb.csv HijackThis atualizado. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:29:53, on 18/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\MAS\Meus documentos\Downloads\HiJackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zombol.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\ARQUIV~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B32126D9-01AA-4ECB-9F7D-4681B2A7CE96}: NameServer = 200.221.11.100,200.221.11.101 O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\bin\bin\httpd.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe -- End of file - 7518 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 18, 2009 Boa Tarde! _bruninha <!> Voçê teve 3 antivírus no PC e esse problema,também,ocorreu com os outros? <><><><><><><><><><><><> <@> Baixe: < > ( ...by sUBs ) <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link! <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <><><><><><><><><><><><> <@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
_bruninha 0 Denunciar post Postado Abril 19, 2009 Aqui estão DigRam tive que desinstalar o mcAfee para consegui desativar a proteção residente dele. ComboFix.txt ComboFix 09-04-19.05 - MAS 19/04/2009 13:14.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.2037.1604 [GMT -3:00] Executando de: c:\documents and settings\MAS\Meus documentos\Downloads\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\MAS\Dados de aplicativos\inst.exe c:\windows\system32\x64 . (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))) . 2009-04-19 16:08 . 2009-04-19 16:08 -------- d-----w c:\windows\LastGood 2009-04-18 18:50 . 2009-04-18 18:50 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys 2009-04-18 15:04 . 2009-04-18 15:04 -------- d-----w c:\documents and settings\Administrador\DoctorWeb 2009-04-18 07:41 . 2009-04-18 14:59 -------- d-----w C:\FindyKill 2009-04-18 07:24 . 2009-04-18 18:50 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Spyware Terminator 2009-04-18 07:24 . 2009-04-18 19:06 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator 2009-04-18 07:24 . 2009-04-18 19:06 -------- d-----w c:\arquivos de programas\Spyware Terminator 2009-04-18 07:11 . 2009-04-18 07:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-04-18 05:50 . 2009-04-18 05:50 -------- d-----w c:\arquivos de programas\pdfsam 2009-04-18 05:32 . 2009-04-18 18:48 -------- d-----w c:\arquivos de programas\Panda Security 2009-04-18 04:29 . 2009-04-18 05:22 290 ----a-w c:\windows\pdfpage.INI 2009-04-18 04:27 . 2009-04-18 05:22 1024 ----a-w c:\windows\system32\pdfpg.dat 2009-04-18 04:16 . 2009-04-18 04:16 -------- d-----w c:\arquivos de programas\PDF Split-Merge v2.2 2009-04-16 17:40 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 17:40 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 17:40 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 17:40 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 17:40 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 17:39 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 17:39 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 17:39 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 17:39 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 17:36 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-13 01:14 . 2009-04-13 01:14 -------- d-----w c:\arquivos de programas\Arquivos comuns\Symantec Shared 2009-04-13 01:14 . 2009-04-18 07:18 -------- d-----w c:\arquivos de programas\Norton Security Scan 2009-04-06 18:12 . 2009-04-18 19:27 54156 ---ha-w c:\windows\QTFont.qfn 2009-04-06 18:12 . 2009-04-06 18:12 1409 ----a-w c:\windows\QTFont.for 2009-03-21 14:08 . 2009-03-21 14:08 1028608 -c----w c:\windows\system32\dllcache\kernel32.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-19 05:48 . 2008-09-04 13:52 -------- d-----w c:\arquivos de programas\eMule 2009-04-19 05:29 . 2008-10-12 05:56 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\uTorrent 2009-04-18 18:45 . 2009-01-22 07:33 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-04-18 14:59 . 2009-04-18 14:53 3458 ----a-w C:\FindyKill.txt 2009-04-18 14:41 . 2001-09-06 12:00 75230 ----a-w c:\windows\system32\perfc016.dat 2009-04-18 14:41 . 2001-09-06 12:00 460722 ----a-w c:\windows\system32\perfh016.dat 2009-04-17 04:31 . 2008-12-04 19:01 -------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\SACore 2009-04-16 11:10 . 2008-12-04 18:57 -------- d-----w c:\arquivos de programas\McAfee 2009-04-16 04:24 . 2008-09-06 20:32 30696 ----a-w c:\documents and settings\MAS\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-04-13 22:51 . 2008-11-23 00:07 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Vso 2009-04-13 22:31 . 2008-10-20 01:40 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2009-04-13 18:29 . 2008-09-12 14:10 -------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-03-25 14:06 . 2008-12-04 18:57 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys 2009-03-25 14:06 . 2008-12-04 18:57 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys 2009-03-25 14:06 . 2008-12-04 18:57 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys 2009-03-25 14:06 . 2008-06-27 08:08 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys 2009-03-25 14:05 . 2008-12-04 18:56 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys 2009-03-15 22:20 . 2009-03-15 04:08 -------- d-----w c:\arquivos de programas\DAP 2009-03-15 04:08 . 2009-03-15 04:08 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit 2009-03-15 04:08 . 2009-03-15 04:08 50688 ----a-w c:\windows\system32\wbhelp2.dll 2009-03-14 20:11 . 2009-03-14 20:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\TVU Networks 2009-03-06 14:20 . 2001-09-06 12:00 286208 ----a-w c:\windows\system32\pdh.dll 2009-03-03 05:19 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Free Download Manager 2009-03-03 00:06 . 2001-09-06 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-01 02:24 . 2008-12-26 21:24 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Dev-Cpp 2009-02-28 05:36 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Software Informer 2009-02-21 23:13 . 2008-10-14 17:38 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\foobar2000 2009-02-21 04:54 . 2009-01-20 20:35 -------- d-----w c:\windows\system32\config\systemprofile\Dados de aplicativos\SACore 2009-02-20 17:11 . 2008-09-02 21:56 78336 ------w c:\windows\system32\ieencode.dll 2009-02-19 05:42 . 2009-01-20 06:39 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Rosetta Stone 2009-02-18 19:43 . 2008-12-07 18:19 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\FLEXnet 2009-02-18 19:35 . 2009-02-18 19:34 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\RosettaStoneLtdBackup 2009-02-09 14:06 . 2001-09-06 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:25 . 2001-09-05 23:10 2028032 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 11:25 . 2001-09-06 12:00 2149376 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:25 . 2001-09-06 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2001-09-06 12:00 731648 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2001-09-06 12:00 730624 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:53 . 2001-09-06 12:00 683520 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 2001-09-06 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-06 10:39 . 2001-09-06 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:58 . 2001-09-06 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2009-01-20 03:01 . 2009-01-20 03:01 4608 ----a-w c:\windows\system32\w95inf32.dll 2009-01-20 03:01 . 2009-01-20 03:01 2272 ----a-w c:\windows\system32\w95inf16.dll 2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat 2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat 2008-11-23 00:07 . 2008-11-23 00:07 47360 ----a-w c:\documents and settings\MAS\Dados de aplicativos\pcouffin.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Monitor Apache Servers.lnk] backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^MAS^Menu Iniciar^Programas^Inicializar^HDDlife.lnk] backup=c:\windows\pss\HDDlife.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Fake Webcam\\FakeWebcam.exe"= "c:\\bin\\bin\\httpd.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "<NO NAME>"= R2 0021281240157320mcinstcleanup;McAfee Application Installer Cleanup (0021281240157320); [x] R2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys [2002-10-20 515803] R3 Apache2.2;Apache2.2;c:\bin\bin\httpd.exe [2008-06-13 24635] R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512] R3 HDDlife HDD Access service;HDDlife HDD Access service;c:\arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe [2008-02-15 832760] R3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2002-07-24 10986] . Conteúdo da pasta 'Tarefas Agendadas' 2009-04-18 c:\windows\Tasks\Norton Security Scan for MAS.job - c:\arquivos de programas\Norton Security Scan\Nss.exe [2009-03-13 23:20] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.zombol.com/ uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html TCP: {ABA17553-A768-4D00-9F0E-DA50514A97F3} = 200.204.0.10 200.204.0.138 TCP: {B32126D9-01AA-4ECB-9F7D-4681B2A7CE96} = 200.221.11.100,200.221.11.101 Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll FF - ProfilePath - c:\documents and settings\MAS\Dados de aplicativos\Mozilla\Firefox\Profiles\6u8zjpib.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q= FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPJava11.dll FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPJava12.dll FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPJava13.dll FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPJava32.dll FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPJPI141_01.dll FF - plugin: c:\arquivos de programas\Java\j2re1.4.1_01\bin\NPOJI610.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPJava11.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPJava12.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPJava13.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPJava32.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPJPI141_01.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPOJI610.dll FF - plugin: c:\arquivos de programas\Opera\program\plugins\NPJava11.dll FF - plugin: c:\arquivos de programas\Opera\program\plugins\NPJava12.dll FF - plugin: c:\arquivos de programas\Opera\program\plugins\NPJava13.dll FF - plugin: c:\arquivos de programas\Opera\program\plugins\NPJava32.dll FF - plugin: c:\arquivos de programas\Opera\program\plugins\NPJPI141_01.dll FF - plugin: c:\arquivos de programas\Opera\program\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\documents and settings\MAS\Dados de aplicativos\Mozilla\Firefox\Profiles\6u8zjpib.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-19 13:15 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL] "ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1343024091-1606980848-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7d,8f,49,49,87,6b,0c,10,d2,2d,ea,8b,02,33,54,09,0b,4d,12,33,c8,2a,99, c6,19,a6,b7,bb,e3,f2,0a,81,23,47,ea,a3,de,5e,64,83,e5,db,8e,7c,fc,77,67,ca,\ "??"=hex:da,67,ba,fe,e8,bf,67,12,97,2a,ff,04,d9,61,a3,7f . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(692) c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Tempo para conclusão: 2009-04-19 13:15 ComboFix-quarantined-files.txt 2009-04-19 16:15 Pré-execução: 23 pasta(s) 82.067.427.328 bytes disponíveis Pós execução: 22 pasta(s) 82.131.431.424 bytes disponíveis WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 225 --- E O F --- 2009-04-17 05:56 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:19:19, on 19/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\MAS\Meus documentos\Downloads\HiJackThis (1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zombol.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{ABA17553-A768-4D00-9F0E-DA50514A97F3}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{B32126D9-01AA-4ECB-9F7D-4681B2A7CE96}: NameServer = 200.221.11.100,200.221.11.101 O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: McAfee Application Installer Cleanup (0021281240157320) (0021281240157320mcinstcleanup) - Unknown owner - C:\DOCUME~1\MAS\CONFIG~1\Temp\002128~1.EXE (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\bin\bin\httpd.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe -- End of file - 7002 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 20, 2009 Boa Dia! _bruninha <!> Poste o relatório do FindyKill,que foi pedido anteriormente. <><><><><><><><><><> <!> Desinstale: Spyware Terminator avg8 Panda Security Norton <><><><><><><><><><> <!> Utilize o RevoUninstaller,para os mais renitentes. <><><><><><><><><><> <@> Baixe: < Revo Uninstaller > <@> Salve-o no desktop. <@> Instale o utilitário e verifique se na tela principal aparece o programa a ser desinstalado. <@> Selecione-o e clique em Desinstalar. <@> Ps: Este desinstalador,possui opções para remover entradas no registro. <@> Para maiores detalhes,leia o < Tutorial > <><><><><><><><><><> <!> Para o McAfee,utilize a Tool,logo abaixo. <><><><><><><><><><> <!> Baixe: < McAfee Consumer Product Removal Tool 2.0.106.5 > <><><><><><><><><><> "IMPORTANTE: Se seus produtos McAfee tiverem sido pré-instalados pelo fabricante do computador, ative sua assinatura McAfee antes de desinstalar." <><><><><><><><><><> <!> Concluindo,poste um novo log do ComboFix+ HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
_bruninha 0 Denunciar post Postado Abril 20, 2009 DigRam, fiz tudo que me pediu aqui vão os FindyKill, ComboFix e hijackthis FindyKill ############################## [ FindyKill V4.724 ] # User : MAS (Administradores) # MARCIO # Update on 15/04/09 by Chiquitine29 # Start at: 12:35:01 | 20/4/2009 # Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ # Processador Intel Pentium III Xeon # Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3 # Internet Explorer 7.0.5730.13 # Windows Firewall Status : Enabled # A:\ # Unidade de disquete de 3 1/2 polegadas # C:\ # Disco fixo local # 127,99 Go (83,18 Go free) # NTFS # D:\ # Disco CD-ROM # E:\ # Disco CD-ROM # M:\ # Disco fixo local # 206,04 Go (153,09 Go free) # NTFS # N:\ # Disco fixo local # 131,73 Go (104,8 Go free) # NTFS ############################## [ Active Processes ] C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ] Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf ################## [ C:\WINDOWS\System32... ] ################## [ C:\Users\...\AppData\Roaming ] ################## [ Cleaning .. Temp Files... ] ################## [ Registry / Infected keys ] ################## [ Cleaning Removable drives ] # Deleting Files : ################## [ Registry / Mountpoint2 ] # -> Not found ! ################## [ States / Restarting of services ] # Services : [ Auto=2 / Request=3 / Disable=4 ] # Ndisuio -> # Type of startup =3 # EapHost -> # Type of startup =2 # Ip6Fw -> # Type of startup =2 # SharedAccess -> # Type of startup =2 # wuauserv -> # Type of startup =2 # wscsvc -> # Type of startup =2 ################## [ Searching Other Infections ] # -> Nothing found. ################## [ Corrupted files # Re-Installation required ] C:\Arquivos de programas\Java Web Start\helper.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe C:\Arquivos de programas\PHP Editor\remover.exe C:\Arquivos de programas\Symantec\Norton PartitionMagic 8.0\DOCS\PM8Flash.exe C:\Arquivos de programas\Symantec\Norton PartitionMagic 8.0\DrvMap.exe C:\Arquivos de programas\Symantec\Norton PartitionMagic 8.0\pqbw.exe C:\Documents and Settings\MAS\Meus documentos\Downloads\HiJackThis.exe ################## [ ! End of Report # FindyKill V4.724 ! ] ComboFix ComboFix 09-04-19.05 - MAS 20/04/2009 12:52.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.2037.1601 [GMT -3:00] Executando de: c:\documents and settings\MAS\Desktop\ComboFix.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))) . 2009-04-19 17:13 . 2009-04-19 18:53 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira 2009-04-18 15:04 . 2009-04-18 15:04 -------- d-----w c:\documents and settings\Administrador\DoctorWeb 2009-04-18 07:41 . 2009-04-20 15:38 -------- d-----w C:\FindyKill 2009-04-18 07:11 . 2009-04-19 19:13 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-04-18 05:50 . 2009-04-18 05:50 -------- d-----w c:\arquivos de programas\pdfsam 2009-04-18 05:32 . 2009-04-18 18:48 -------- d-----w c:\arquivos de programas\Panda Security 2009-04-18 04:29 . 2009-04-18 05:22 290 ----a-w c:\windows\pdfpage.INI 2009-04-18 04:27 . 2009-04-18 05:22 1024 ----a-w c:\windows\system32\pdfpg.dat 2009-04-18 04:16 . 2009-04-18 04:16 -------- d-----w c:\arquivos de programas\PDF Split-Merge v2.2 2009-04-16 17:40 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 17:40 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 17:40 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 17:40 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 17:40 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 17:39 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 17:39 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 17:39 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 17:39 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 17:36 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-13 01:14 . 2009-04-19 17:23 -------- d-----w c:\arquivos de programas\Norton Security Scan 2009-04-06 18:12 . 2009-04-18 19:27 54156 ---ha-w c:\windows\QTFont.qfn 2009-04-06 18:12 . 2009-04-06 18:12 1409 ----a-w c:\windows\QTFont.for . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-20 15:38 . 2009-04-20 15:33 2928 ----a-w C:\FindyKill.txt 2009-04-20 15:09 . 2008-12-04 18:57 -------- d-----w c:\arquivos de programas\McAfee 2009-04-19 19:15 . 2009-01-22 07:33 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-04-19 18:23 . 2008-10-12 05:56 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\uTorrent 2009-04-19 17:25 . 2008-12-13 05:11 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\phpDesigner 2009-04-19 05:48 . 2008-09-04 13:52 -------- d-----w c:\arquivos de programas\eMule 2009-04-18 14:41 . 2001-09-06 12:00 75230 ----a-w c:\windows\system32\perfc016.dat 2009-04-18 14:41 . 2001-09-06 12:00 460722 ----a-w c:\windows\system32\perfh016.dat 2009-04-17 04:31 . 2008-12-04 19:01 -------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\SACore 2009-04-16 04:24 . 2008-09-06 20:32 30696 ----a-w c:\documents and settings\MAS\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-04-13 22:51 . 2008-11-23 00:07 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Vso 2009-04-13 22:31 . 2008-10-20 01:40 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2009-04-13 18:29 . 2008-09-12 14:10 -------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-03-15 22:20 . 2009-03-15 04:08 -------- d-----w c:\arquivos de programas\DAP 2009-03-15 04:08 . 2009-03-15 04:08 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit 2009-03-15 04:08 . 2009-03-15 04:08 50688 ----a-w c:\windows\system32\wbhelp2.dll 2009-03-14 20:11 . 2009-03-14 20:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\TVU Networks 2009-03-06 14:20 . 2001-09-06 12:00 286208 ----a-w c:\windows\system32\pdh.dll 2009-03-03 05:19 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Free Download Manager 2009-03-03 00:06 . 2001-09-06 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-01 02:24 . 2008-12-26 21:24 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Dev-Cpp 2009-02-28 05:36 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Software Informer 2009-02-21 23:13 . 2008-10-14 17:38 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\foobar2000 2009-02-21 04:54 . 2009-01-20 20:35 -------- d-----w c:\windows\system32\config\systemprofile\Dados de aplicativos\SACore 2009-02-20 17:11 . 2008-09-02 21:56 78336 ------w c:\windows\system32\ieencode.dll 2009-02-09 14:06 . 2001-09-06 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:25 . 2001-09-05 23:10 2028032 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 11:25 . 2001-09-06 12:00 2149376 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:25 . 2001-09-06 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2001-09-06 12:00 731648 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2001-09-06 12:00 730624 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:53 . 2001-09-06 12:00 683520 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 2001-09-06 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-06 10:39 . 2001-09-06 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:58 . 2001-09-06 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat 2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat 2008-11-23 00:07 . 2008-11-23 00:07 47360 ----a-w c:\documents and settings\MAS\Dados de aplicativos\pcouffin.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Monitor Apache Servers.lnk] backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^MAS^Menu Iniciar^Programas^Inicializar^HDDlife.lnk] backup=c:\windows\pss\HDDlife.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Fake Webcam\\FakeWebcam.exe"= "c:\\bin\\bin\\httpd.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "<NO NAME>"= R2 0021281240157320mcinstcleanup;McAfee Application Installer Cleanup (0021281240157320); [x] R2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys [2002-10-20 515803] R3 Apache2.2;Apache2.2;c:\bin\bin\httpd.exe [2008-06-13 24635] R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512] R3 HDDlife HDD Access service;HDDlife HDD Access service;c:\arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe [2008-02-15 832760] R3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2002-07-24 10986] . Conteúdo da pasta 'Tarefas Agendadas' . - - - - ORFÃOS REMOVIDOS - - - - Notify-avgrsstarter - avgrsstx.dll . ------- Scan Suplementar ------- . uStart Page = hxxp://www.zombol.com/ uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html TCP: {B32126D9-01AA-4ECB-9F7D-4681B2A7CE96} = 200.221.11.100,200.221.11.101 Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll FF - ProfilePath - c:\documents and settings\MAS\Dados de aplicativos\Mozilla\Firefox\Profiles\6u8zjpib.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q= ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-20 12:53 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL] "ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1343024091-1606980848-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7d,8f,49,49,87,6b,0c,10,d2,2d,ea,8b,02,33,54,09,0b,4d,12,33,c8,2a,99, c6,19,a6,b7,bb,e3,f2,0a,81,23,47,ea,a3,de,5e,64,83,e5,db,8e,7c,fc,77,67,ca,\ "??"=hex:da,67,ba,fe,e8,bf,67,12,97,2a,ff,04,d9,61,a3,7f . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(684) c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(3992) c:\arquivos de programas\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclusão: 2009-04-20 12:54 ComboFix-quarantined-files.txt 2009-04-20 15:54 ComboFix2.txt 2009-04-19 16:15 Pré-execução: 23 pasta(s) 89.482.534.912 bytes disponíveis Pós execução: 22 pasta(s) 89.501.388.800 bytes disponíveis 173 --- E O F --- 2009-04-17 05:56 hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:13:31, on 20/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\MAS\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Documents and Settings\MAS\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zombol.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B32126D9-01AA-4ECB-9F7D-4681B2A7CE96}: NameServer = 200.221.11.100,200.221.11.101 O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing) O23 - Service: McAfee Application Installer Cleanup (0021281240157320) (0021281240157320mcinstcleanup) - Unknown owner - C:\DOCUME~1\MAS\CONFIG~1\Temp\002128~1.EXE (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\bin\bin\httpd.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe -- End of file - 5915 bytes Obrigada pela ajuda Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 20, 2009 Boa Noite! _bruninha <!> Se estás em dúvida,quanto ao seu antivírus,e pretende mudar de programa...sugiro o Avira. <!> Execute,novamente,a ferramenta de desinstalação do McAfee. <!> Caso queira mante-lo,no PC,instale-o após a limpeza com o ComboFix. <><><><><><><><><><><> <@> Baixe: < Avira > <@> Instale o programa --> Atualize-o! --> Configure-o --> Execute-o! <@> Poste,à seguir,o relatório! <><><><><><><><><><><> <@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas. <@> Salve-as,no desktop,como: CFScript <-- Texto! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Driver:: "0021281240157320mcinstcleanup" Folder:: c:\arquivos de programas\McAfee c:\arquivos de programas\Panda Security c:\arquivos de programas\Norton Security Scan Regnull:: [HKEY_USERS\S-1-5-21-1343024091-1606980848-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Arraste o CFScript.txt,para o ícone do ComboFix. <@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe. <@> Terminando,poste: ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
_bruninha 0 Denunciar post Postado Abril 24, 2009 OLá DigRam!! HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:12:18, on 24/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\MAS\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zombol.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B32126D9-01AA-4ECB-9F7D-4681B2A7CE96}: NameServer = 200.221.11.100,200.221.11.101 O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\bin\bin\httpd.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe -- End of file - 5694 bytes ComboFix.txt ComboFix 09-04-23.A3 - MAS 23/04/2009 14:30.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.2037.1555 [GMT -3:00] Executando de: c:\documents and settings\MAS\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\MAS\Desktop\CFScript.txt * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\McAfee c:\arquivos de programas\McAfee\SiteAdvisor\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\.name c:\arquivos de programas\Norton Security Scan c:\arquivos de programas\Norton Security Scan\BilBDRes.dll c:\arquivos de programas\Panda Security . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_0021281240157320MCINSTCLEANUP -------\Service_0021281240157320mcinstcleanup (((((((((((((((( Arquivos/Ficheiros criados de 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))) . 2009-04-19 17:13 . 2009-04-19 18:53 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira 2009-04-18 15:04 . 2009-04-18 15:04 -------- d-----w c:\documents and settings\Administrador\DoctorWeb 2009-04-18 07:41 . 2009-04-20 15:38 -------- d-----w C:\FindyKill 2009-04-18 07:11 . 2009-04-19 19:13 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-04-18 05:50 . 2009-04-18 05:50 -------- d-----w c:\arquivos de programas\pdfsam 2009-04-18 04:29 . 2009-04-18 05:22 290 ----a-w c:\windows\pdfpage.INI 2009-04-18 04:27 . 2009-04-18 05:22 1024 ----a-w c:\windows\system32\pdfpg.dat 2009-04-18 04:16 . 2009-04-18 04:16 -------- d-----w c:\arquivos de programas\PDF Split-Merge v2.2 2009-04-16 17:40 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 17:40 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 17:40 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 17:40 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 17:40 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 17:39 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 17:39 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 17:39 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 17:39 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 17:36 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-06 18:12 . 2009-04-23 03:54 54156 ---ha-w c:\windows\QTFont.qfn 2009-04-06 18:12 . 2009-04-06 18:12 1409 ----a-w c:\windows\QTFont.for . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-22 23:48 . 2008-09-04 13:52 -------- d-----w c:\arquivos de programas\eMule 2009-04-20 15:38 . 2009-04-20 15:33 2928 ----a-w C:\FindyKill.txt 2009-04-19 19:15 . 2009-01-22 07:33 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-04-19 18:23 . 2008-10-12 05:56 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\uTorrent 2009-04-19 17:25 . 2008-12-13 05:11 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\phpDesigner 2009-04-18 14:41 . 2001-09-06 12:00 75230 ----a-w c:\windows\system32\perfc016.dat 2009-04-18 14:41 . 2001-09-06 12:00 460722 ----a-w c:\windows\system32\perfh016.dat 2009-04-17 04:31 . 2008-12-04 19:01 -------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\SACore 2009-04-16 04:24 . 2008-09-06 20:32 30696 ----a-w c:\documents and settings\MAS\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-04-13 22:51 . 2008-11-23 00:07 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Vso 2009-04-13 22:31 . 2008-10-20 01:40 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2009-04-13 18:29 . 2008-09-12 14:10 -------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-04-03 02:01 . 2008-09-02 21:59 30696 ----a-w c:\documents and settings\MAS\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2009-03-15 22:20 . 2009-03-15 04:08 -------- d-----w c:\arquivos de programas\DAP 2009-03-15 04:08 . 2009-03-15 04:08 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit 2009-03-15 04:08 . 2009-03-15 04:08 50688 ----a-w c:\windows\system32\wbhelp2.dll 2009-03-14 20:11 . 2009-03-14 20:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\TVU Networks 2009-03-06 14:20 . 2001-09-06 12:00 286208 ----a-w c:\windows\system32\pdh.dll 2009-03-03 05:19 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Free Download Manager 2009-03-03 00:06 . 2001-09-06 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-01 02:24 . 2008-12-26 21:24 -------- d-----w c:\documents and settings\MAS\Dados de aplicativos\Dev-Cpp 2009-02-28 05:36 . 2009-02-28 05:36 -------- d-----w c:\arquivos de programas\Software Informer 2009-02-20 17:11 . 2008-09-02 21:56 78336 ------w c:\windows\system32\ieencode.dll 2009-02-09 14:06 . 2001-09-06 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:25 . 2001-09-05 23:10 2028032 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 11:25 . 2001-09-06 12:00 2149376 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:25 . 2001-09-06 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2001-09-06 12:00 731648 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2001-09-06 12:00 730624 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:53 . 2001-09-06 12:00 683520 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 2001-09-06 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-06 10:39 . 2001-09-06 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:58 . 2001-09-06 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat 2008-12-26 19:22 . 2008-12-26 14:48 116632 ----a-w c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat 2008-11-23 00:07 . 2008-11-23 00:07 47360 ----a-w c:\documents and settings\MAS\Dados de aplicativos\pcouffin.sys . ((((((((((((((((((((((((((((( SnapShot@2009-04-19_16.15.11 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-02 21:40 . 2001-09-06 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat + 2008-09-06 12:18 . 2008-01-18 15:13 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat + 2008-09-06 12:18 . 2008-01-18 15:13 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-12-19 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Monitor Apache Servers.lnk] backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^MAS^Menu Iniciar^Programas^Inicializar^HDDlife.lnk] backup=c:\windows\pss\HDDlife.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Fake Webcam\\FakeWebcam.exe"= "c:\\bin\\bin\\httpd.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Arquivos de programas\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "<NO NAME>"= R2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys [2002-10-20 515803] R3 Apache2.2;Apache2.2;c:\bin\bin\httpd.exe [2008-06-13 24635] R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512] R3 HDDlife HDD Access service;HDDlife HDD Access service;c:\arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe [2008-02-15 832760] R3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2002-07-24 10986] . Conteúdo da pasta 'Tarefas Agendadas' . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.zombol.com/ uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html TCP: {ABA17553-A768-4D00-9F0E-DA50514A97F3} = 200.204.0.10 200.204.0.138 TCP: {B32126D9-01AA-4ECB-9F7D-4681B2A7CE96} = 200.221.11.100,200.221.11.101 Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll FF - ProfilePath - c:\documents and settings\MAS\Dados de aplicativos\Mozilla\Firefox\Profiles\6u8zjpib.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q= ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-23 14:34 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(692) c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(556) c:\arquivos de programas\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Tempo para conclusão: 2009-04-23 14:35 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-04-23 17:35 ComboFix2.txt 2009-04-20 15:54 ComboFix3.txt 2009-04-19 16:15 Pré-execução: 23 pasta(s) 88.115.068.928 bytes disponíveis Pós execução: 22 pasta(s) 88.046.166.016 bytes disponíveis Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 24, 2009 Boa Tarde! _bruninha <@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK. <@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança ) <@> Clique em Executar --> Aguarde! <@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK. <@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório! <><><><><><><><><><><> <@> Execute estas tools,para remoção de entradas no registro,que possam dificultar ou impossibilitar a instalação de seus programas de proteção. <@> Após isso,tente reinstalar o Avira ou McAfee. <><><><><><><><><><><> <@> Baixe: < Norton Removal Tool > <@> Baixe: < avgremover > <><><><><><><><><><><> <@> Vá a esta página e baixe: < Avira Antivir RegistryCleaner > <@> Execute o utilitário,mas...não esqueça de tirá-lo do zip. <><><><><><><><><><><> <!> Após instalar seu antivirus,faça um scan com o mesmo e poste o relatório. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Maio 25, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
