[Resolvido] Erro ao Carregar Google no Firefox

Eduardo Moreira dos Santos · Junho 3, 2008

Prezados amigos,

Ao tentar carregar a página do Google a partir do browser Firefox abre-se uma janela onde está escrito:

_______________________________________

Abrir ig

Você selecionou abrir:

ig

Tipo: application/octet-stream

Site: http://www.google.com.br

O que o Firefox deve fazer?

Abrir com: procurar

Open with default Win32 application

Salvar (marcado)

Memorizar a decisão para este tipo de arquivo

OK - Cancelar

________________________________________

É importante informar que o Google funciona corretamente se atraves do Internet Explorer e também que outras ferramentas de busca, tal como o Yahoo! também funcionam corretamente no Firefox.

Fui em CMD e dei PING www.google.com e obtive o endereço IP 66.249.91.103. Fui no Firefox e invoquei o Google com o endereço IP: http://66.249.91.103/ e dessa forma o site carregou normalmente.

Suspeitei haver em minha máquina algum tipo de virus e resolvi passar o HiJackThis cujo resultado copio abaixo:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:02:29, on 3/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe

C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmon.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrcmon.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\FolderSize\FolderSizeSvc.exe

C:\Documents and Settings\Eduardo\Configurações locais\Dados de aplicativos\Google\Update\1.1.27.0\GoogleUpdate.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Documents and Settings\Eduardo\Configurações locais\Dados de aplicativos\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe"

O4 - HKLM\..\Run: [LXBRKsk] C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eduardo\Configurações locais\Dados de aplicativos\Google\Update\1.1.27.0\GoogleUpdate.exe" /lang en

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - Startup: Google Talk, Labs Edition.lnk = ?

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209131389734

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3D8ED383-5067-4DE1-B9D3-8A7BCC5A7D58}: NameServer = 85.255.113.78,85.255.112.39

O17 - HKLM\System\CCS\Services\Tcpip\..\{88851292-B848-4D63-86D2-F61CC9E17966}: NameServer = 85.255.113.78,85.255.112.39

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.78 85.255.112.39

O17 - HKLM\System\CS1\Services\Tcpip\..\{3D8ED383-5067-4DE1-B9D3-8A7BCC5A7D58}: NameServer = 85.255.113.78,85.255.112.39

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.78 85.255.112.39

O17 - HKLM\System\CS2\Services\Tcpip\..\{3D8ED383-5067-4DE1-B9D3-8A7BCC5A7D58}: NameServer = 85.255.113.78,85.255.112.39

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.78 85.255.112.39

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Folder Size (FolderSize) - Brio - C:\Arquivos de programas\FolderSize\FolderSizeSvc.exe

O23 - Service: Gerenciador do Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

--

End of file - 9130 bytes

Peço ajuda para resolver esse problema.

Muito grato,

Eduardo Moreira dos Santos

Silas Martins · Junho 3, 2008

ComboFix

Baixe o ComboFix e salve na área de trabalho.

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

Eduardo Moreira dos Santos · Junho 3, 2008

Silas Martins,

Obrigado pela rapidez na resposta. Conforme você solicitou, estou postando aqui abaixo os resultados do Combofix.exe e do HiJackThis:

ComboFix 08-06-01.6 - Eduardo 2008-06-03 19:18:24.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1309 [GMT -3:00]

Executando de: C:\Documents and Settings\Eduardo\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\JORGE ANDRÉ\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\WINDOWS\system32\kdody.exe

C:\WINDOWS\system32\x64

.

((((((((((((((((((((((( Ficheiros criados de 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))

.

2008-06-03 17:19 . 2008-06-03 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-06-03 17:19 . 2008-06-03 17:20 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-06-03 16:02 . 2008-06-03 16:02 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-06-03 09:29 . 2008-06-03 09:30 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-06-03 08:37 . 2008-06-03 08:29 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-06-03 08:29 . 2008-06-03 08:37 <DIR> d-------- C:\Documents and Settings\Eduardo\.housecall6.6

2008-05-28 16:15 . 2008-06-01 18:42 <DIR> d-------- C:\Documents and Settings\JORGE ANDR

2008-05-28 16:15 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-07 10:49 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-05-07 10:49 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-05-07 10:49 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-05-07 10:49 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-03 22:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

2008-06-03 22:18 --------- d-----w C:\Arquivos de programas\ESET

2008-06-03 02:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-05-03 03:13 --------- d-----w C:\Documents and Settings\Eduardo\Dados de aplicativos\Ahead

2008-04-26 00:49 --------- d-----w C:\Documents and Settings\Eduardo\Dados de aplicativos\Skype

2008-04-25 21:22 --------- d-----w C:\Documents and Settings\Eduardo\Dados de aplicativos\Babylon

2008-04-25 21:17 --------- d-----w C:\Documents and Settings\Eduardo\Dados de aplicativos\skypePM

2008-04-25 20:34 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-04-25 20:34 --------- d-----w C:\Arquivos de programas\Windows Live

2008-04-25 20:33 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-04-25 14:54 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-04-25 14:48 --------- d-----w C:\Arquivos de programas\CONEXANT

2008-04-25 13:33 --------- d-----w C:\Documents and Settings\Eduardo\Dados de aplicativos\OfficeUpdate12

2008-04-25 13:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-04-25 13:25 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-04-25 00:00 --------- d-----w C:\Documents and Settings\Eduardo\Dados de aplicativos\Media Player Classic

2008-04-24 23:08 --------- d-----w C:\Documents and Settings\Eduardo\Dados de aplicativos\Winamp

2008-04-24 22:16 --------- d-----w C:\Arquivos de programas\Winamp

2008-04-24 21:42 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight

2008-04-24 15:48 --------- d-----w C:\Arquivos de programas\TUGZip

2008-04-24 15:39 --------- d-----w C:\Documents and Settings\Eduardo\Dados de aplicativos\TextPad

2008-04-24 15:39 --------- d-----w C:\Arquivos de programas\TextPad 4

2008-04-24 15:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-04-24 15:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-04-24 14:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-04-24 14:58 --------- d-----w C:\Arquivos de programas\Nero

2008-04-24 13:33 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-04-24 12:20 --------- d-----w C:\Arquivos de programas\Google

2008-04-24 12:11 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-04-24 12:06 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-04-24 12:06 --------- d-----w C:\Arquivos de programas\Skype

2008-04-24 12:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-04-24 12:02 --------- d--h--w C:\Arquivos de programas\Zero G Registry

2008-04-24 12:02 --------- d-----w C:\Arquivos de programas\GeoGebra

2008-04-24 11:56 --------- d-----w C:\Arquivos de programas\Java

2008-04-24 11:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-04-24 11:42 --------- d-----w C:\Arquivos de programas\FolderSize

2008-04-24 11:39 --------- d-----w C:\Documents and Settings\Eduardo\Dados de aplicativos\Azureus

2008-04-24 11:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Azureus

2008-04-24 11:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-04-24 11:27 --------- d-----w C:\Arquivos de programas\DVD Shrink

2008-04-24 11:09 --------- d-----w C:\Arquivos de programas\Foxit Software

2008-04-24 03:07 --------- d-----w C:\Arquivos de programas\Babylon

2008-04-24 02:53 --------- d-----w C:\Arquivos de programas\Azureus

2008-04-24 02:29 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-24 02:18 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys

2008-04-24 02:18 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys

2008-04-23 11:43 --------- d-----w C:\Arquivos de programas\Lavalys

2008-04-22 22:53 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-04-22 22:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-04-22 19:08 1,033 ----a-w C:\ChangeVLKey2600.vbs

2008-04-22 01:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd

2008-04-22 01:53 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-22 01:40 --------- d-----w C:\Arquivos de programas\Lexmark 3100 Series

2008-04-22 01:40 --------- d-----w C:\Arquivos de programas\ABBYY FineReader 6.0

2008-04-22 01:40 --------- d-----w C:\Arquivos de programas\ABBYY FineReader 5.0 Sprint

2008-04-21 18:52 --------- d-----w C:\Arquivos de programas\Picasa2

2008-04-21 18:05 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-04-21 18:05 --------- d-----w C:\Arquivos de programas\Realtek

2008-04-21 18:05 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-03-17 17:49 524,288 ----a-w C:\WINDOWS\opuc.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Google Update"="C:\Documents and Settings\Eduardo\Configurações locais\Dados de aplicativos\Google\Update\1.1.27.0\GoogleUpdate.exe" [ ]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C:\WINDOWS\system32\kdody.exe"="C:\WINDOWS\system32\kdody.exe" [ ]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-13 11:56 142104]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-13 11:55 162584]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-13 11:55 138008]

"SkyTel"="SkyTel.EXE" [2007-08-03 02:22 1826816 C:\WINDOWS\SkyTel.exe]

"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-21 15:50 29744]

"Lexmark 3100 Series"="C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 00:10 106496]

"LXBRKsk"="C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 11:58 282624]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 04:21 16384000 C:\WINDOWS\RTHDCPL.exe]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2008-04-23 23:18 949376]

"Babylon Client"="C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2006-12-13 16:15 2785256]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-04-01 15:49 36352]

C:\Documents and Settings\Eduardo\Menu Iniciar\Programas\Inicializar\

Google Talk, Labs Edition.lnk - C:\Documents and Settings\Eduardo\Configura‡äes locais\Dados de aplicativos\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-04-21 15:43:32 94704]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Google Updater.lnk - C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2008-04-21 15:50:15 124400]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

"C:\\Arquivos de programas\\Azureus\\Azureus.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

S3 GoogleDesktopManager-022208-143751;Gerenciador do Google Desktop 5.7.802.22438;"C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-21 15:50]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-03 19:24:01

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Arquivos de programas\Eset\pr_imon.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\FolderSize\FolderSizeSvc.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\ESET\nod32krn.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmon.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrcmon.exe

C:\Documents and Settings\Eduardo\Configurações locais\Dados de aplicativos\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-06-03 19:25:08 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-03 22:25:06

Pre-Run: 21,110,890,496 bytes disponíveis

Post-Run: 21,491,286,016 bytes dispon¡veis

170 --- E O F --- 2008-05-18 13:19:15

________________________________________________________________________________

________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:28:22, on 3/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\FolderSize\FolderSizeSvc.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe

C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Eduardo\Configurações locais\Dados de aplicativos\Google\Update\1.1.27.0\GoogleUpdate.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrcmon.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Documents and Settings\Eduardo\Configurações locais\Dados de aplicativos\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdody.exe] C:\WINDOWS\system32\kdody.exe