Ir ao conteúdo
  • Cadastre-se
alexmed

so7.exe o NOrton bloqueia, diz que remobeu mas ele na

Recommended Posts

DDS (Version 1.0) - NTFSx86

Run by ALEXANDRE at 18:15:03,03 on s*b 06/12/2008

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.3061.2542 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\ALEXANDRE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.terra.com.br/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - c:\arquivos de programas\scpad\scpsssh2.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\arquivos de programas\arquivos comuns\symantec shared\coshared\browser\2.0\coIEPlg.dll

BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\arquiv~1\arquiv~1\symant~1\ids\IPSBHO.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\arquivos de programas\arquivos comuns\symantec shared\coshared\browser\2.0\CoIEPlg.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\arquivos de programas\arquivos comuns\symantec shared\coshared\browser\2.0\CoIEPlg.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [ccApp] "c:\arquivos de programas\arquivos comuns\symantec shared\ccApp.exe"

mRun: [osCheck] "c:\arquivos de programas\norton internet security\osCheck.exe"

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

Notify: igfxcui - igfxdev.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll

STS: {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;"c:\arquivos de programas\arquivos comuns\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]

R2 ccProxy;Symantec Network Proxy;"c:\arquivos de programas\arquivos comuns\symantec shared\ccProxy.exe" [2008-2-18 214888]

R2 ccSetMgr;Symantec Settings Manager;"c:\arquivos de programas\arquivos comuns\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\arquivos de programas\arquivos comuns\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\arquivos de programas\arquivos comuns\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-10-26 99376]

R3 NAVENG;NAVENG;\??\c:\arquiv~1\arquiv~1\symant~1\virusd~1\20081206.003\NAVENG.SYS [2008-12-6 89104]

R3 NAVEX15;NAVEX15;\??\c:\arquiv~1\arquiv~1\symant~1\virusd~1\20081206.003\NAVEX15.SYS [2008-12-6 876112]

S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]

S3 Symantec Core LC;Symantec Core LC;c:\arquiv~1\arquiv~1\symant~1\ccpd-lc\symlcsvc.exe [2008-10-26 1251720]

=============== Created Last 30 ================

2008-12-04 13:27 14,720 ac------ c:\windows\system32\dllcache\kbdhid.sys

2008-12-04 13:27 14,720 a------- c:\windows\system32\drivers\kbdhid.sys

2008-12-04 13:27 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys

2008-12-04 13:27 10,368 a------- c:\windows\system32\drivers\hidusb.sys

2008-11-11 20:23 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2008-11-11 20:23 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-10-26 18:19 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS

2008-10-26 18:19 60,800 a------- c:\windows\system32\S32EVNT1.DLL

2008-10-26 18:19 10,671 a------- c:\windows\system32\drivers\SYMEVENT.CAT

2008-10-26 18:19 805 a------- c:\windows\system32\drivers\SYMEVENT.INF

2008-10-26 14:50 344,734 a------- c:\windows\system32\perfh016.dat

2008-10-26 14:50 48,846 a------- c:\windows\system32\perfc016.dat

2008-10-26 14:37 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2008-10-26 12:36 15,600 a------- c:\windows\gdrv.sys

2008-10-26 12:35 315,392 a------- c:\windows\HideWin.exe

2008-10-26 05:13 21,844 a------- c:\windows\system32\emptyregdb.dat

2008-10-24 09:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2008-09-15 13:26 1,846,528 a------- c:\windows\system32\win32k.sys

2008-09-09 23:15 1,307,648 -------- c:\windows\system32\msxml6.dll

============= FINISH: 18:15:14,15 ===============

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-06 18:22:45

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT 89C35E50 ZwAlertResumeThread

SSDT 89C0DD80 ZwAlertThread

SSDT 89C0EE38 ZwAllocateVirtualMemory

SSDT 8A4CBA10 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA88D6EB0]

SSDT 89BDBB30 ZwCreateMutant

SSDT 89C0EF10 ZwCreateThread

SSDT 89C0CF70 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA88D7130]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA88D7690]

SSDT 89C0F0E0 ZwFreeVirtualMemory

SSDT 89C35C90 ZwImpersonateAnonymousToken

SSDT 89C35D70 ZwImpersonateThread

SSDT 89BD0FB0 ZwMapViewOfSection

SSDT 89BDBA50 ZwOpenEvent

SSDT 89BDBCA0 ZwOpenProcessToken

SSDT 89C4D7D8 ZwOpenSection

SSDT 89BD9AF0 ZwOpenThreadToken

SSDT 89BDBC60 ZwResumeThread

SSDT 89BD9A30 ZwSetContextThread

SSDT 89BD0E20 ZwSetInformationProcess

SSDT 89C57F80 ZwSetInformationThread

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA88D78E0]

SSDT 89C4D8B8 ZwSuspendProcess

SSDT 89C0DE88 ZwSuspendThread

SSDT \??\C:\WINDOWS\system32\drivers\CO_Mon.sys (Behavior Blocker v2007.1 WDM driver (2007.1.1.99)/Symantec Corporation) ZwTerminateProcess [0xBA43C760]

SSDT 89C57EC0 ZwTerminateThread

SSDT 89BD0EF0 ZwUnmapViewOfSection

SSDT 89C0F1B0 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.14 ----

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2688] kernel32.dll!VirtualProtect + 1C 7C801AF0 7 Bytes JMP 04460034

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 4367F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4381179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 43811720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 43811764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 438116AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 438116E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 438117DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 436A16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2688] ole32.dll!CoCreateInstanceEx 774E0526 5 Bytes JMP 044600B8

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[2688] ole32.dll!CoGetClassObject 774F56C5 5 Bytes JMP 0446013F

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!GetSysColor 7E368E78 3 Bytes JMP 6CC1B328 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!GetSysColor + 4 7E368E7C 1 Byte [ EE ]

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!GetSysColorBrush 7E368EAB 3 Bytes JMP 6CC1B360 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!GetSysColorBrush + 4 7E368EAF 1 Byte [ EE ]

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 6CC1B2BC C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 6CC1B26B C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!AdjustWindowRectEx 7E37E7EA 5 Bytes JMP 6CC1B739 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 6CC1B30D C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 6CC1B286 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 6CC1B2D7 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 6CC1B2A1 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 6CC1B2F2 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!AdjustWindowRect 7E381140 5 Bytes JMP 6CC1B65E C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SecurityHistory\mcui32.exe[4012] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 6CC1B250 C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymTheme\1.0\SymTheme.dll (Symantec Theme/Symantec Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste um novo log do DDS, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×