Olá astronautalouco

A mensagem informa algo além de solicitar a inicialização?

*Faça um scan online com o NOD32

/applications/core/interface/imageproxy/imageproxy.php?img=http://www.brimg.com/uploads/8/4682a6d30e.gif&key=65e9422bd3d7ef3b3e75c1906098834ebf522d6bca937539bace0e219aa07bb1" alt="4682a6d30e.gif" />

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

beleza... wings

quanto a sua pergunta

Não, aparece uma mensagem apenas para reiniciar, quando reinicio, pede de novo.

após o scan parou de pedir para reiniciar!

ESETSmartInstaller@High as downloader log:

all ok

version=7

OnlineScannerApp.exe=1.0.0.1

OnlineScanner.ocx=1.0.0.6419

api_version=3.0.2

EOSSerial=e64bc4dbf0ed3e45b574656102954d5a

end=finished

remove_checked=true

archives_checked=true

unwanted_checked=true

unsafe_checked=true

antistealth_checked=true

utc_time=2011-02-20 03:33:08

local_time=2011-02-20 12:33:08 (-0300, Hora oficial do Brasil)

country="Brazil"

lang=1033

osver=5.1.2600 NT Service Pack 2

compatibility_mode=512 16777215 100 0 0 0 0 0

compatibility_mode=770 16774141 100 100 11247994 74002910 0 0

compatibility_mode=1024 16777215 100 0 13509306 13509306 0 0

compatibility_mode=8192 67108863 100 0 0 0 0 0

scanned=86817

found=2

cleaned=2

scan_time=4953

C:\Documents and Settings\Jones\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\23\4b3c5ed7-123b70f7 Java/Agent.AA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\autorun.in Win32/Tifaut.C worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

1.

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

2.

*Baixe o ERUNT e salve-o no desktop

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

3.

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Aceite a instalação do Console de Recuperação do Microsoft Windows, caso não esteja instalado

*Aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas!!

*Cole o relatório apresentado

Segue relatório do combofix.

ComboFix 11-02-21.01 - Jones 21/02/2011 23:26:57.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1917.1377 [GMT -3:00]

Executando de: c:\documents and settings\Jones\Meus documentos\Transferências\ComboFix.exe

AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Fonts\barras2.ttf

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-22 to 2011-02-22 ))))))))))))))))))))))))))))

.

2011-02-22 02:04 . 2011-02-22 02:04 -------- d-----w- C:\erunt

2011-02-20 13:45 . 2011-02-20 13:45 -------- d-----w- c:\arquivos de programas\ESET

2011-02-13 02:38 . 2011-02-13 02:38 388608 ----a-w- C:\HiJackThis.exe

2011-02-12 00:41 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-02-12 00:41 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-02-12 00:41 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-02-12 00:41 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-02-12 00:41 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-02-12 00:41 . 2010-05-06 10:34 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-02-12 00:41 . 2010-05-06 10:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-02-09 13:22 . 2011-02-09 13:31 -------- d-----w- C:\GENESIS

2011-02-09 13:01 . 2011-02-09 13:19 -------- d-----w- C:\JESUS

2011-01-29 11:59 . 2011-02-13 00:03 -------- d-----w- c:\windows\ie8updates

2011-01-29 02:29 . 2011-01-29 02:29 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2011-01-29 02:29 . 2011-01-29 02:29 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2011-01-29 02:29 . 2011-01-29 02:29 59888 ------w- c:\windows\system32\pxwma.dll

2011-01-29 01:20 . 2011-01-29 01:20 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

2011-01-29 01:20 . 2011-01-29 01:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2011-01-29 01:20 . 2011-01-29 01:20 150712 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

2011-01-29 01:20 . 2011-01-29 01:20 100864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-12 02:21 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2011-01-29 02:29 . 2005-10-26 20:12 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys

2010-11-29 19:38 . 2010-11-29 19:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 19:38 . 2010-11-29 19:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-06-25 53248]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-02 630784]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"CloneDVDElbyDelay"="c:\arquivos de programas\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-01-29 273544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-16 262144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Ahead\\Nero ShowTime\\ShowTime.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/10/2010 15:44 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/10/2010 15:44 17744]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?]

R2 hpinst;hpinst;c:\windows\system32\drivers\hpinst.sys [14/8/2009 14:44 7296]

R2 srvcHP2;HP S&P Authorization Service;c:\windows\system\HpServ.exe [21/7/2004 04:02 691200]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?]

S0 lxdyskdz;lxdyskdz;c:\windows\system32\drivers\lxdyskdz.sys --> c:\windows\system32\drivers\lxdyskdz.sys [?]

S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [14/7/2010 20:57 81920]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/9/2010 17:42 136176]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16/7/2009 09:51 264576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

• c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

• c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

2011-02-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1060284298-725345543-1003.job

• c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

2011-02-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1060284298-725345543-1003.job

• c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

2011-02-22 c:\windows\Tasks\WGASetup.job

• c:\windows\system32\KB905474\wgasetup.exe [2010-09-17 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.10.160

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Jones\Dados de aplicativos\Mozilla\Firefox\Profiles\sb2s2u71.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-21 23:29

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

Tempo para conclusão: 2011-02-21 23:31:13

ComboFix-quarantined-files.txt 2011-02-22 02:31

ComboFix2.txt 2011-02-22 02:14

ComboFix3.txt 2010-09-23 02:24

Pré-execução: 36 pasta(s) 13.405.224.960 bytes disponíveis

Pós execução: 37 pasta(s) 13.385.449.472 bytes disponíveis

• - End Of File - - 10CCA497D8CFB9629F53006EE07045CC

*Baixe o SystemLook e salve-o no desktop

*Execute-o e cole o código no espaço em branco:

>
:file

c:\windows\system32\drivers\lxdyskdz.sys

*Clique [Look]

*Cole o relatório apresentado

Executei o prog. e apareceu assim:

c:/documentsandsettings/jones/Desktop/systemlook.exe não é um aplicativo win32 válido.

Ou se escolho outro usuário com senha própria não identifica a senha nem o usuário.

Delete-o e baixe novamente. É possível que esteja corrompido. Caso a mensagem apareça novamente...

*Abra o bloco de notas e cole nele o código abaixo:

>
FileLook::

c:\windows\system32\drivers\lxdyskdz.sys

*Salve o arquivo no desktop como CFScript.txt

*Arraste-o para o Combofix conforme ilustração abaixo:

/applications/core/interface/imageproxy/imageproxy.php?img=http://www.brimg.com/uploads/3/b2ea2c6367.gif&key=451782690bde92be5957ddd7161af4ef06e56dabefbde6c5a8b434dca7137738" alt="b2ea2c6367.gif" />

*Enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

*Cole o relatório apresentado

Relatório do SystemLook:

SystemLook 04.09.10 by jpshortstuff

Log created at 22:43 on 24/02/2011 by Jones

Administrator - Elevation successful

========== file ==========

c:\windows\system32\drivers\lxdyskdz.sys - Unable to find/read file.

-= EOF =-

Relatório do Combofix:

ComboFix 11-02-21.01 - Jones 24/02/2011 22:59:39.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1917.1406 [GMT -3:00]

Executando de: c:\documents and settings\Jones\Meus documentos\Transferências\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Jones\Desktop\CFScript.txt.txt

AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Criado um novo ponto de restauração

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-25 to 2011-02-25 ))))))))))))))))))))))))))))

.

2011-02-22 02:04 . 2011-02-22 02:04 -------- d-----w- C:\erunt

2011-02-13 02:38 . 2011-02-13 02:38 388608 ----a-w- C:\HiJackThis.exe

2011-02-12 00:41 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-02-12 00:41 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-02-12 00:41 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-02-12 00:41 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-02-12 00:41 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-02-12 00:41 . 2010-05-06 10:34 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-02-12 00:41 . 2010-05-06 10:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-02-09 13:22 . 2011-02-09 13:31 -------- d-----w- C:\GENESIS

2011-02-09 13:01 . 2011-02-09 13:19 -------- d-----w- C:\JESUS

2011-01-29 11:59 . 2011-02-13 00:03 -------- d-----w- c:\windows\ie8updates

2011-01-29 02:29 . 2011-01-29 02:29 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2011-01-29 02:29 . 2011-01-29 02:29 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2011-01-29 02:29 . 2011-01-29 02:29 59888 ------w- c:\windows\system32\pxwma.dll

2011-01-29 01:20 . 2011-01-29 01:20 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

2011-01-29 01:20 . 2011-01-29 01:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2011-01-29 01:20 . 2011-01-29 01:20 150712 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

2011-01-29 01:20 . 2011-01-29 01:20 100864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-12 02:21 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2011-01-29 02:29 . 2005-10-26 20:12 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys

2010-11-29 19:38 . 2010-11-29 19:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 19:38 . 2010-11-29 19:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

((((((((((((((((((((((((((((( SnapShot@2011-02-22_02.12.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-25 01:29 . 2011-02-25 01:29 16384 c:\windows\temp\Perflib_Perfdata_77c.dat

• 2011-02-22 01:43 . 2011-02-22 01:43 16384 c:\windows\temp\Perflib_Perfdata_77c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-06-25 53248]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-02 630784]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"CloneDVDElbyDelay"="c:\arquivos de programas\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-01-29 273544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-16 262144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Ahead\\Nero ShowTime\\ShowTime.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/10/2010 15:44 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/10/2010 15:44 17744]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?]

R2 hpinst;hpinst;c:\windows\system32\drivers\hpinst.sys [14/8/2009 14:44 7296]

R2 srvcHP2;HP S&P Authorization Service;c:\windows\system\HpServ.exe [21/7/2004 04:02 691200]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?]

S0 lxdyskdz;lxdyskdz;c:\windows\system32\drivers\lxdyskdz.sys --> c:\windows\system32\drivers\lxdyskdz.sys [?]

S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [14/7/2010 20:57 81920]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/9/2010 17:42 136176]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16/7/2009 09:51 264576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

• c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

• c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

2011-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1060284298-725345543-1003.job

• c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

2011-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1060284298-725345543-1003.job

• c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

2011-02-25 c:\windows\Tasks\WGASetup.job

• c:\windows\system32\KB905474\wgasetup.exe [2010-09-17 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.10.160

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Jones\Dados de aplicativos\Mozilla\Firefox\Profiles\sb2s2u71.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

• - - - ORFÃOS REMOVIDOS - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-24 23:04

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'explorer.exe'(1292)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

Tempo para conclusão: 2011-02-24 23:05:43

ComboFix-quarantined-files.txt 2011-02-25 02:05

ComboFix2.txt 2011-02-22 02:31

ComboFix3.txt 2011-02-22 02:14

ComboFix4.txt 2010-09-23 02:24

Pré-execução: 36 pasta(s) 13.420.019.712 bytes disponíveis

Pós execução: 37 pasta(s) 13.408.141.312 bytes disponíveis

• - End Of File - - 2F44217AA76218D970F16D5E8363998E

1.

*Delete o SystemLook e seu relatório

2.

*Abra o bloco de notas e cole nele o código abaixo:

>
File::

c:\windows\system32\drivers\lxdyskdz.sys

Driver::

lxdyskdz

*Salve o arquivo no desktop como CFScript.txt

*Arraste-o para o Combofix conforme ilustração abaixo:

/applications/core/interface/imageproxy/imageproxy.php?img=http://www.brimg.com/uploads/3/b2ea2c6367.gif&key=451782690bde92be5957ddd7161af4ef06e56dabefbde6c5a8b434dca7137738" alt="b2ea2c6367.gif" />

*Enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

*Cole o relatório apresentado

Então...

Quando o combofix reiniciou a maquina, o spybot notificou uma mudança, algo sobre alterando o value...ou sei lá o quê não deu para ver direito logo a mensagem sumiu. Quando executei o combofix a primeira vez também deu esta notificação e mais três. Não sei se isso é normal, mas achei que era pertinente informar.

Segue log combofix:

ComboFix 11-02-21.01 - Jones 24/02/2011 23:53:03.7.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1917.1365 [GMT -3:00]

Executando de: c:\documents and settings\Jones\Meus documentos\Transferências\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Jones\Desktop\CFScript.txt.txt

AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"c:\windows\system32\drivers\lxdyskdz.sys"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_lxdyskdz

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-25 to 2011-02-25 ))))))))))))))))))))))))))))

.

2011-02-22 02:04 . 2011-02-22 02:04 -------- d-----w- C:\erunt

2011-02-13 02:38 . 2011-02-13 02:38 388608 ----a-w- C:\HiJackThis.exe

2011-02-12 00:41 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-02-12 00:41 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-02-12 00:41 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-02-12 00:41 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-02-12 00:41 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-02-12 00:41 . 2010-05-06 10:34 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-02-12 00:41 . 2010-05-06 10:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-02-09 13:22 . 2011-02-09 13:31 -------- d-----w- C:\GENESIS

2011-02-09 13:01 . 2011-02-09 13:19 -------- d-----w- C:\JESUS

2011-01-29 11:59 . 2011-02-13 00:03 -------- d-----w- c:\windows\ie8updates

2011-01-29 02:29 . 2011-01-29 02:29 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2011-01-29 02:29 . 2011-01-29 02:29 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2011-01-29 02:29 . 2011-01-29 02:29 59888 ------w- c:\windows\system32\pxwma.dll

2011-01-29 01:20 . 2011-01-29 01:20 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

2011-01-29 01:20 . 2011-01-29 01:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2011-01-29 01:20 . 2011-01-29 01:20 150712 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

2011-01-29 01:20 . 2011-01-29 01:20 100864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-12 02:21 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2011-01-29 02:29 . 2005-10-26 20:12 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys

2010-11-29 19:38 . 2010-11-29 19:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 19:38 . 2010-11-29 19:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

((((((((((((((((((((((((((((( SnapShot@2011-02-22_02.12.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-25 02:56 . 2011-02-25 02:56 16384 c:\windows\temp\Perflib_Perfdata_794.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [bU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"RealPlayer0"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-01-29 273544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-06-25 53248]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-02 630784]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"CloneDVDElbyDelay"="c:\arquivos de programas\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-01-29 273544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-16 262144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Ahead\\Nero ShowTime\\ShowTime.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/10/2010 15:44 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/10/2010 15:44 17744]

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [14/7/2010 20:57 81920]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?]

R2 hpinst;hpinst;c:\windows\system32\drivers\hpinst.sys [14/8/2009 14:44 7296]

R2 srvcHP2;HP S&P Authorization Service;c:\windows\system\HpServ.exe [21/7/2004 04:02 691200]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/9/2010 17:42 136176]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16/7/2009 09:51 264576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

• c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

• c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

2011-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1060284298-725345543-1003.job

• c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

2011-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1060284298-725345543-1003.job

• c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

2011-02-25 c:\windows\Tasks\WGASetup.job

• c:\windows\system32\KB905474\wgasetup.exe [2010-09-17 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.10.160

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Jones\Dados de aplicativos\Mozilla\Firefox\Profiles\sb2s2u71.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-24 23:57

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'explorer.exe'(960)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

c:\firebird\bin\fbguard.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

c:\windows\system32\wdfmgr.exe

c:\firebird\bin\fbserver.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Tempo para conclusão: 2011-02-25 00:00:13 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-02-25 03:00

ComboFix2.txt 2011-02-25 02:05

ComboFix3.txt 2011-02-22 02:31

ComboFix4.txt 2011-02-22 02:14

ComboFix5.txt 2011-02-25 02:52

Pré-execução: 36 pasta(s) 13.431.414.784 bytes disponíveis

Pós execução: 37 pasta(s) 13.353.226.240 bytes disponíveis

• - End Of File - - ED4EA3DAC028498473006CE1161D7E72

OK...log limpo.

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

/applications/core/interface/imageproxy/imageproxy.php?img=http://www.brimg.com/uploads/2/9c7dcf5090.jpg&key=3eb615d202784973c9c79805e8200eec70b2d026fa804d0e9f092fa95cecdce5" alt="9c7dcf5090.jpg" />

*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

Um abraço.

Valeu Wings

Muito obrigado,

um grande abç.

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.