[Arquivado] Erro no micro ao conectar via telefone

[Reinaldo 0]

Boa noite!

gostaira que fosse analisado esse log, o micro estava dando erro e fechando a conexao.

 

 

ComboFix 09-03-22.01 - Ive 2009-03-23 21:28:09.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.247.85 [GMT -3:00]

Executando de: D:\ComboFix.exe

AV: avast! antivirus 4.7.892 [VPS 90322-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))

.

 

2009-03-23 00:26 . 2009-03-23 00:26 <DIR> d-------- c:\documents and settings\Ive\Dados de aplicativos\Malwarebytes

2009-03-23 00:26 . 2009-03-23 00:26 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-03-23 00:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-23 00:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-22 14:57 . 2009-03-22 14:57 <DIR> d-------- c:\arquivos de programas\MSECache

2009-03-22 14:39 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-03-22 14:39 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-03-22 14:39 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-03-22 01:48 . 2009-03-22 01:48 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-03-22 01:48 . 2009-03-22 05:46 <DIR> d-------- c:\documents and settings\Ive\Contacts

2009-03-22 01:43 . 2009-03-22 01:47 <DIR> d-------- c:\arquivos de programas\Windows Live

2009-03-22 01:43 . 2009-03-22 01:47 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-03-22 01:42 . 2009-03-22 01:42 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-03-22 01:39 . 2009-03-22 01:39 <DIR> d-------- c:\documents and settings\LocalService\Menu Iniciar

2009-03-22 01:24 . 2004-08-04 00:45 221,184 --a------ c:\windows\system32\wmpns.dll

2009-03-22 01:20 . 2009-03-22 01:20 <DIR> d-------- c:\windows\provisioning

2009-03-22 01:05 . 2004-07-17 11:40 19,528 --a------ c:\windows\003760_.tmp

2009-03-22 01:04 . 2004-08-03 22:42 15,872 --a------ c:\windows\system32\spupdsvc.exe

2009-03-22 00:08 . 2009-03-22 00:10 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-21 23:53 . 2009-03-22 01:23 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NOS

2009-03-21 23:53 . 2009-03-22 01:23 <DIR> d-------- c:\arquivos de programas\NOS

2009-03-21 23:49 . 2009-03-21 23:48 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-21 23:41 . 2009-03-21 23:42 <DIR> d-------- c:\documents and settings\Ive\Dados de aplicativos\MSN6

2009-03-21 23:41 . 2009-03-21 23:41 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\MSN6

2009-03-21 23:38 . 2009-03-21 23:38 <DIR> d---s---- c:\windows\system32\Microsoft

2009-03-21 23:37 . 2009-03-22 23:23 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-21 23:37 . 2006-07-14 12:38 332,288 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-03-21 23:15 . 2009-03-21 23:15 <DIR> d-------- c:\windows\ServicePackFiles

2009-03-21 23:15 . 2009-03-22 01:21 <DIR> d-------- c:\windows\ehome

2009-03-21 23:03 . 2004-08-04 00:45 4,274,816 --------- c:\windows\system32\nv4_disp.dll

2009-03-21 23:00 . 2004-07-17 11:38 956,990 --a------ c:\windows\system32\instcat.sql

2009-03-21 22:59 . 2004-08-04 00:45 1,251,840 --a------ c:\windows\system32\comsvcs.dll

2009-03-21 22:58 . 2004-08-04 00:45 552,960 --a------ c:\windows\system32\appwiz.cpl

2009-03-21 22:58 . 2004-08-04 00:45 263,680 --a------ c:\windows\system32\adsnt.dll

2009-03-21 22:58 . 2004-08-04 00:45 175,616 --a------ c:\windows\system32\adsldp.dll

2009-03-21 22:58 . 2004-08-04 00:45 143,360 --a------ c:\windows\system32\adsldpc.dll

2009-03-21 22:58 . 2004-08-04 00:45 126,976 --a------ c:\windows\system32\apphelp.dll

2009-03-21 22:58 . 2004-08-04 00:35 114,688 --a------ c:\windows\system32\asctrls.ocx

2009-03-21 22:58 . 2004-08-04 00:45 100,352 --a------ c:\windows\system32\6to4svc.dll

2009-03-21 22:58 . 2004-08-04 00:45 98,304 --a------ c:\windows\system32\ahui.exe

2009-03-21 22:58 . 2004-08-04 00:45 68,096 --a------ c:\windows\system32\adsmsext.dll

2009-03-21 22:58 . 2004-08-04 00:45 44,544 --a------ c:\windows\system32\alg.exe

2009-03-21 22:58 . 2004-08-04 00:35 41,472 --------- c:\windows\system32\drivers\amdk7.sys

2009-03-21 22:58 . 2004-08-04 00:45 25,600 --a------ c:\windows\system32\at.exe

2009-03-21 21:00 . 2009-03-22 13:45 69 --a------ c:\windows\NeroDigital.ini

2009-03-21 20:39 . 2009-03-21 20:39 <DIR> d-------- c:\arquivos de programas\Easy Outlook Express Backup

2009-03-21 20:32 . 2009-03-21 20:32 <DIR> d-------- c:\documents and settings\Ive\Dados de aplicativos\EA9Backup

2009-03-21 20:31 . 2009-03-21 20:31 <DIR> d-------- c:\documents and settings\Ive\Dados de aplicativos\Eazy-Ware

2009-03-21 20:31 . 2009-03-21 20:41 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-03-21 20:30 . 2009-03-21 20:30 <DIR> d-------- c:\arquivos de programas\Eazy-Ware

2009-03-21 20:30 . 2009-03-21 20:30 <DIR> d-------- c:\arquivos de programas\EA9

2009-03-21 20:30 . 2009-03-21 20:30 <DIR> d-------- c:\arquivos de programas\AJSystems Common

2009-03-21 20:30 . 2005-11-29 12:05 493,400 --a------ c:\windows\system32\XceedZip.dll

2009-03-21 20:11 . 2004-08-04 00:45 338,944 --a------ c:\windows\system32\zipfldr.dll

2009-03-21 20:05 . 2004-08-04 00:45 75,264 --a------ c:\windows\system32\locator.exe

2009-03-21 20:03 . 2004-08-04 00:45 143,872 --a------ c:\windows\system32\itircl.dll

2009-03-21 20:03 . 2004-08-04 00:45 134,144 --a------ c:\windows\system32\itss.dll

2009-03-21 20:03 . 2004-08-04 00:45 38,912 --a------ c:\windows\system32\hhsetup.dll

2009-03-21 20:03 . 2004-08-04 00:45 10,752 --a------ c:\windows\hh.exe

2009-03-21 19:58 . 2004-08-04 00:45 240,640 --a------ c:\windows\system32\srrstr.dll

2009-03-21 19:54 . 2009-03-21 20:14 <DIR> d--h-c--- c:\windows\$xpsp1hfm$

2009-03-21 19:54 . 2004-08-04 00:45 152,576 --a------ c:\windows\system32\shmedia.dll

2009-03-21 19:54 . 2003-08-02 01:14 25,600 --a------ c:\windows\system32\xpsp1hfm.exe

2009-03-21 19:15 . 2009-03-21 19:15 <DIR> d-------- c:\documents and settings\Ive\Dados de aplicativos\AdobeUM

2009-03-21 18:46 . 2009-03-21 18:46 <DIR> d-------- c:\arquivos de programas\GPLGS

2009-03-21 18:32 . 2009-03-21 18:32 <DIR> d-------- c:\arquivos de programas\Acro Software

2009-03-21 18:32 . 2007-07-12 22:33 87,552 --a------ c:\windows\system32\cpwmon2k.dll

2009-03-21 18:31 . 2009-03-21 18:31 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-21 18:31 . 2007-08-18 03:54 380,928 --a------ c:\windows\system32\ac3filter.acm

2009-03-21 18:22 . 2009-03-21 18:22 <DIR> d-------- c:\arquivos de programas\Real

2009-03-21 18:22 . 2009-03-21 18:22 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\xing shared

2009-03-21 18:22 . 2009-03-21 18:22 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Real

2009-03-21 18:20 . 2009-03-21 18:20 <DIR> d-------- c:\arquivos de programas\Discador iBest

2009-03-21 18:19 . 2009-03-22 17:44 <DIR> d-------- c:\arquivos de programas\eMule

2009-03-21 18:06 . 2009-03-21 18:06 0 --a------ c:\windows\nsreg.dat

2009-03-21 18:02 . 2009-03-21 23:48 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-21 18:01 . 2009-03-21 23:48 <DIR> d-------- c:\arquivos de programas\Java

2009-03-21 18:01 . 2009-03-21 18:01 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Java

2009-03-21 18:00 . 2009-03-21 18:00 <DIR> d-------- c:\arquivos de programas\Alwil Software

2009-03-21 18:00 . 2003-03-18 18:20 1,060,864 --a------ c:\windows\system32\MFC71.dll

2009-03-21 18:00 . 2003-03-18 17:14 499,712 --a------ c:\windows\system32\MSVCP71.dll

2009-03-21 18:00 . 2003-02-21 01:42 348,160 --a------ c:\windows\system32\MSVCR71.dll

2009-03-21 17:32 . 2009-03-21 17:32 <DIR> d-------- c:\windows\system32\bits

2009-03-21 17:30 . 2004-08-04 00:45 351,232 --a------ c:\windows\system32\winhttp.dll

2009-03-21 17:30 . 2004-08-04 00:45 18,944 --a------ c:\windows\system32\qmgrprxy.dll

2009-03-21 17:30 . 2004-08-04 00:45 8,192 --------- c:\windows\system32\bitsprx2.dll

2009-03-21 17:30 . 2004-08-04 00:45 7,168 --------- c:\windows\system32\bitsprx3.dll

2009-03-21 17:23 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll

2009-03-21 17:23 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll

2009-03-21 17:23 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl

2009-03-21 17:23 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll

2009-03-21 17:23 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll

2009-03-21 17:23 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2009-03-21 17:23 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui

2009-03-21 17:23 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2009-03-21 17:23 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui

2009-03-21 17:21 . 2009-03-21 17:21 <DIR> d---s---- c:\documents and settings\Ive\UserData

2009-03-21 17:16 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2009-03-21 17:16 . 2009-03-21 17:16 421 --a------ c:\windows\ODBC.INI

2009-03-21 17:15 . 2009-03-21 17:15 <DIR> d-------- c:\windows\SHELLNEW

2009-03-21 17:11 . 2009-03-21 17:11 <DIR> dr-h----- C:\MSOCache

2009-03-21 17:00 . 2009-03-21 17:00 <DIR> d-------- c:\windows\system32\CatRoot_bak

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 19:55 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-03-21 19:55 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2009-03-21 19:55 --------- d-----w c:\arquivos de programas\CyberLink

2009-03-21 19:55 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-03-21 19:53 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead

2009-03-21 19:53 --------- d-----w c:\arquivos de programas\Ahead

2009-03-21 19:50 --------- d-----w c:\arquivos de programas\PCI Fax Modem

2009-03-21 19:47 --------- d-----w c:\arquivos de programas\VIAudioi

2009-03-21 19:47 --------- d-----w c:\arquivos de programas\S3

2009-03-21 19:36 --------- d-----w c:\arquivos de programas\microsoft frontpage

2009-03-21 19:34 --------- d-----w c:\arquivos de programas\Serviços on-line

2009-03-21 19:33 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2004-08-04 03:45 162,153 --sha-r c:\windows\system32\cnyqize.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"iBest.baloon"="c:\arquivos de programas\Discador iBest\baloon.exe" [2005-03-14 77824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 108160]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-21 136600]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SMSERIAL"="sm56hlpr.exe" [2004-06-29 c:\windows\sm56hlpr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6416:TCP"= 6416:TCP:kndywt

 

 

--- ---

 

*Deregistered* - ALG

*Deregistered* - aswUpdSv

*Deregistered* - AudioSrv

*Deregistered* - avast! Antivirus

*Deregistered* - avast! Mail Scanner

*Deregistered* - avast! Web Scanner

*Deregistered* - Browser

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - helpsvc

*Deregistered* - ImapiService

*Deregistered* - JavaQuickStarterService

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - PolicyAgent

*Deregistered* - ProtectedStorage

*Deregistered* - RasMan

*Deregistered* - RemoteRegistry

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - srservice

*Deregistered* - SSDPSRV

*Deregistered* - TapiSrv

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - UMWdf

*Deregistered* - W32Time

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WmiApSrv

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

borpr

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Ive\Dados de aplicativos\Mozilla\Firefox\Profiles\nxyonfqf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-23 21:31:55

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\borpr]

"ServiceDll"="c:\windows\system32\cnyqize.dll"

.

Tempo para conclusão: 2009-03-23 21:34:06

ComboFix-quarantined-files.txt 2009-03-24 00:33:56

 

Pré-execução: 11 pasta(s) 19.089.952.768 bytes disponíveis

Pós execução: 11 pasta(s) 23,375,601,664 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

 

241 --- E O F --- 2009-03-21 23:14:46

[DigRam 144]

Boa Noite! Reinaldo

 

 

<!> Poste o log do HijackThis,segundo este Tutorial.

 

< Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! >

 

Abraços!

[Reinaldo 0]

Segue log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:48:41, on 29/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\iBest\Discador.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\ive lima\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador iBest.lnk = C:\Arquivos de programas\iBest\Discador.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238267737374

O17 - HKLM\System\CCS\Services\Tcpip\..\{0928B44A-2F19-496A-92B4-7BFA4F236077}: NameServer = 200.223.0.84 200.223.0.83

O17 - HKLM\System\CS1\Services\Tcpip\..\{0928B44A-2F19-496A-92B4-7BFA4F236077}: NameServer = 200.223.0.84 200.223.0.83

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4546 bytes

[DigRam 144]

Bom Dia! Reinaldo

 

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

c:\windows\system32\cnyqize.dll

c:\windows\003760_.tmp

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6416:TCP"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\borpr]

NetSvc::

"borpr"

Driver::

"borpr"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Reinaldo 0]

segue relatórios conforme solicitado

 

 

ComboFix 09-03-29.04 - ive lima 2009-03-30 23:31:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.247.128 [GMT -3:00]

Executando de: c:\combofix\ComboFix.exe

Comandos utilizados :: c:\documents and settings\ive lima\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

 

FILE ::

c:\windows\003760_.tmp

c:\windows\system32\cnyqize.dll

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-28 to 2009-03-31 ))))))))))))))))))))))))))))

.

 

2009-03-30 23:12 . 2009-03-30 23:11 400,384 --a------ c:\windows\system32\CF15070.exe

2009-03-29 19:22 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-03-29 19:22 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-03-29 19:22 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-03-29 19:21 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

2009-03-28 22:25 . 2009-03-28 22:25 <DIR> d-------- c:\documents and settings\ive lima\Dados de aplicativos\InstallShield

2009-03-28 22:25 . 2009-03-28 22:25 <DIR> d-------- c:\arquivos de programas\Philips

2009-03-28 22:25 . 2008-01-14 16:58 19,840 --a------ c:\windows\system32\drivers\StMp3Rec.sys

2009-03-28 20:15 . 2009-03-28 20:15 <DIR> d-------- c:\documents and settings\ive lima\Dados de aplicativos\MSN6

2009-03-28 20:15 . 2009-03-28 20:15 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\MSN6

2009-03-28 19:41 . 2009-03-30 23:30 <DIR> d-------- c:\arquivos de programas\iBest

2009-03-28 19:40 . 2009-03-28 19:40 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-28 19:37 . 2009-03-28 19:37 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2009-03-28 19:37 . 2009-03-28 19:37 <DIR> d-------- c:\arquivos de programas\CyberLink

2009-03-28 19:35 . 2009-03-28 19:35 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Ahead

2009-03-28 19:35 . 2009-03-28 19:35 <DIR> d-------- c:\arquivos de programas\Ahead

2009-03-28 19:35 . 2004-07-20 16:24 1,568,768 --------- c:\windows\system32\ImagX7.dll

2009-03-28 19:35 . 2004-07-20 16:24 476,320 --------- c:\windows\system32\ImagXpr7.dll

2009-03-28 19:35 . 2004-07-20 16:24 471,040 --------- c:\windows\system32\ImagXRA7.dll

2009-03-28 19:35 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll

2009-03-28 19:35 . 2004-07-20 16:24 262,144 --------- c:\windows\system32\ImagXR7.dll

2009-03-28 19:35 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2009-03-28 19:35 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2009-03-28 19:35 . 2001-06-26 07:15 38,912 --------- c:\windows\system32\picn20.dll

2009-03-28 19:31 . 2009-03-28 20:16 <DIR> d-------- c:\documents and settings\ive lima\Contacts

2009-03-28 19:28 . 2009-03-28 19:28 268 --ah----- C:\sqmdata00.sqm

2009-03-28 19:28 . 2009-03-28 19:28 244 --ah----- C:\sqmnoopt00.sqm

2009-03-28 19:27 . 2009-03-28 19:27 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-03-28 19:23 . 2009-03-28 19:26 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-03-28 19:22 . 2009-03-28 19:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-03-28 19:22 . 2009-03-28 19:27 <DIR> d-------- c:\arquivos de programas\Windows Live

2009-03-28 18:48 . 2009-03-28 18:48 <DIR> d-------- c:\documents and settings\ive lima\Dados de aplicativos\EA9Backup

2009-03-28 18:46 . 2009-03-28 18:46 <DIR> d-------- c:\documents and settings\ive lima\Dados de aplicativos\Eazy-Ware

2009-03-28 18:46 . 2009-03-28 18:56 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-03-28 18:46 . 2009-03-28 18:46 <DIR> d-------- c:\arquivos de programas\Eazy-Ware

2009-03-28 18:46 . 2009-03-28 18:46 <DIR> d-------- c:\arquivos de programas\EA9

2009-03-28 18:46 . 2009-03-28 18:46 <DIR> d-------- c:\arquivos de programas\AJSystems Common

2009-03-28 18:46 . 2005-11-29 12:05 493,400 --a------ c:\windows\system32\XceedZip.dll

2009-03-28 18:42 . 2009-03-28 18:42 <DIR> d-------- c:\documents and settings\ive lima\Dados de aplicativos\AdobeUM

2009-03-28 18:35 . 2009-03-28 18:35 0 --a------ c:\windows\nsreg.dat

2009-03-28 18:34 . 2009-03-28 19:54 <DIR> d-------- c:\arquivos de programas\eMule

2009-03-28 18:32 . 2009-03-28 18:32 <DIR> d-------- c:\arquivos de programas\Real

2009-03-28 18:32 . 2009-03-28 18:32 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\xing shared

2009-03-28 18:32 . 2009-03-28 18:32 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Real

2009-03-28 18:28 . 2009-03-28 19:40 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-28 18:19 . 2009-03-28 19:40 <DIR> d-------- c:\arquivos de programas\Java

2009-03-28 18:19 . 2009-03-28 18:19 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Java

2009-03-28 18:18 . 2007-08-18 03:54 380,928 --a------ c:\windows\system32\ac3filter.acm

2009-03-28 18:17 . 2009-03-28 18:18 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-28 18:12 . 2009-03-28 18:12 <DIR> d-------- c:\arquivos de programas\GPLGS

2009-03-28 18:00 . 2007-07-12 22:33 87,552 --a------ c:\windows\system32\cpwmon2k.dll

2009-03-28 17:59 . 2009-03-28 17:59 <DIR> d-------- c:\arquivos de programas\Acro Software

2009-03-28 17:55 . 2009-03-28 17:55 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-28 17:45 . 2009-03-28 18:26 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-03-28 17:45 . 2009-03-28 17:45 421 --a------ c:\windows\ODBC.INI

2009-03-28 17:44 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2009-03-28 17:42 . 2009-03-28 17:43 <DIR> d-------- c:\windows\SHELLNEW

2009-03-28 17:38 . 2009-03-28 17:38 <DIR> dr-h----- C:\MSOCache

2009-03-28 17:11 . 2009-03-28 17:41 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-28 17:11 . 2006-07-14 12:38 332,288 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-03-28 17:10 . 2009-03-28 17:10 <DIR> d-------- c:\documents and settings\LocalService\Menu Iniciar

2009-03-28 17:08 . 2009-03-28 17:08 <DIR> d---s---- c:\windows\system32\Microsoft

2009-03-28 17:03 . 2009-03-28 18:15 316,640 --a------ c:\windows\WMSysPr9.prx

2009-03-28 16:54 . 2005-02-25 00:34 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-28 16:54 . 2004-07-17 11:40 19,528 --a------ c:\windows\003553_.tmp

2009-03-28 16:41 . 2009-03-28 16:41 <DIR> d-------- c:\windows\ServicePackFiles

2009-03-28 16:41 . 2009-03-28 17:02 <DIR> d-------- c:\windows\ehome

2009-03-28 16:32 . 2004-07-17 11:38 956,990 --a------ c:\windows\system32\instcat.sql

2009-03-28 16:31 . 2004-08-04 00:45 1,298,432 --a------ c:\windows\system32\dxdiag.exe

2009-03-28 16:20 . 2009-03-28 16:20 <DIR> d-------- c:\windows\system32\bits

2009-03-28 16:18 . 2004-08-04 00:45 351,232 --a------ c:\windows\system32\winhttp.dll

2009-03-28 16:18 . 2004-08-04 00:45 18,944 --a------ c:\windows\system32\qmgrprxy.dll

2009-03-28 16:18 . 2004-08-04 00:45 8,192 --------- c:\windows\system32\bitsprx2.dll

2009-03-28 16:18 . 2004-08-04 00:45 7,168 --------- c:\windows\system32\bitsprx3.dll

2009-03-28 16:17 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll

2009-03-28 16:17 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll

2009-03-28 16:17 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl

2009-03-28 16:17 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll

2009-03-28 16:17 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll

2009-03-28 16:17 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2009-03-28 16:17 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui

2009-03-28 16:17 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2009-03-28 16:17 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui

2009-03-28 16:15 . 2009-03-28 16:15 <DIR> d---s---- c:\documents and settings\ive lima\UserData

2009-03-28 16:10 . 2009-03-28 16:10 <DIR> d-------- c:\windows\OPTIONS

2009-03-28 16:10 . 2009-03-28 16:10 <DIR> d-------- c:\windows\Motorola

2009-03-28 16:10 . 2009-03-28 16:10 <DIR> d-------- c:\arquivos de programas\PCI Fax Modem

2009-03-28 16:10 . 2009-03-28 22:25 <DIR> d--h----- c:\arquivos de programas\InstallShield Installation Information

2009-03-28 16:10 . 2009-03-28 19:36 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-03-28 16:10 . 2004-06-29 18:43 923,570 --a------ c:\windows\system32\drivers\smserial.sys

2009-03-28 16:10 . 2004-06-29 18:42 569,344 --a------ c:\windows\sm56hlpr.exe

2009-03-28 16:10 . 2004-06-29 18:42 73,728 --a------ c:\windows\system32\sm56co.dll

2009-03-28 16:10 . 2001-08-17 21:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys

2009-03-28 16:10 . 2001-08-17 21:57 16,128 --a--c--- c:\windows\system32\dllcache\modemcsa.sys

2009-03-28 16:08 . 2004-08-03 23:15 82,944 --a------ c:\windows\system32\drivers\wdmaud.sys

2009-03-28 16:08 . 2001-08-17 22:00 54,272 --a------ c:\windows\system32\drivers\swmidi.sys

2009-03-28 16:08 . 2001-08-17 22:00 54,272 --a--c--- c:\windows\system32\dllcache\swmidi.sys

2009-03-28 16:08 . 2004-08-03 23:07 52,864 --a------ c:\windows\system32\drivers\dmusic.sys

2009-03-28 16:08 . 2004-08-03 23:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys

2009-03-28 16:07 . 2009-03-28 16:07 <DIR> d-------- c:\arquivos de programas\VIAudioi

2009-03-28 16:06 . 2009-03-28 16:06 <DIR> d-------- c:\documents and settings\ive lima\WINDOWS

2009-03-28 16:06 . 2003-02-18 00:18 774,144 -ra------ c:\windows\system32\nbicdnt.dll

2009-03-28 16:04 . 2004-10-05 16:54 306,688 --a------ c:\windows\IsUninst.exe

2009-03-28 16:04 . 2001-09-05 23:07 36,224 --a------ c:\windows\system32\drivers\isapnp.sys

2009-03-28 16:04 . 2001-09-05 23:07 36,224 --a--c--- c:\windows\system32\dllcache\isapnp.sys

2009-03-28 16:04 . 2003-07-01 17:42 27,904 -ra------ c:\windows\system32\drivers\VIAAGP1.SYS

2009-03-28 16:04 . 2001-10-18 01:00 6,144 -ra------ c:\windows\system32\drivers\viaidexp.sys

2009-03-28 16:00 . 2009-03-28 16:00 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-03-28 16:00 . 2009-03-28 16:00 <DIR> d-------- c:\arquivos de programas\Avira

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-28 21:32 499,712 ----a-w c:\windows\system32\msvcp71.dll

2009-03-28 18:38 --------- d-----w c:\arquivos de programas\microsoft frontpage

2009-03-28 18:36 --------- d-----w c:\arquivos de programas\Serviços on-line

2009-03-28 18:35 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2004-08-04 03:45 166,503 --sha-r c:\windows\system32\zzmcn.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-28 148888]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-03-28 185896]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"SMSERIAL"="sm56hlpr.exe" [2004-06-29 c:\windows\sm56hlpr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Discador iBest.lnk - c:\arquivos de programas\iBest\Discador.exe [2008-12-15 480768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\eMule\\LinkCreator.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4028:TCP"= 4028:TCP:wlrmtkdu

 

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-03-28 22360]

R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-03-28 45416]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-03-28 108289]

S2 eurrg;Universal Helper;c:\windows\system32\svchost.exe -k netsvcs [2001-10-28 14336]

S3 pgemyi;pgemyi;\??\c:\windows\system32\044.tmp --> c:\windows\system32\044.tmp [?]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

eurrg

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\ive lima\Dados de aplicativos\Mozilla\Firefox\Profiles\zwpwlbj7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-30 23:32:49

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pgemyi]

"ImagePath"="\??\c:\windows\system32\044.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eurrg]

"ServiceDll"="c:\windows\system32\zzmcn.dll"

.

Tempo para conclusão: 2009-03-30 23:34:28

ComboFix-quarantined-files.txt 2009-03-31 02:34:19

 

Pré-execução: 9 pasta(s) 25.991.282.688 bytes disponíveis

Pós execução: 8 pasta(s) 26,036,658,176 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

 

204 --- E O F --- 2009-03-28 20:33:46

 

 

################################################################################

#

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:40:51, on 30/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\iBest\Discador.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\ive lima\Meus documentos\programas\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador iBest.lnk = C:\Arquivos de programas\iBest\Discador.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238267737374

O17 - HKLM\System\CCS\Services\Tcpip\..\{0928B44A-2F19-496A-92B4-7BFA4F236077}: NameServer = 200.223.0.83 200.223.0.84

O17 - HKLM\System\CS1\Services\Tcpip\..\{0928B44A-2F19-496A-92B4-7BFA4F236077}: NameServer = 200.223.0.83 200.223.0.84

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4699 bytes

[DigRam 144]

Bom Dia! Reinaldo

 

<!> Desinstale: iBest <-- Estabeleça seu próprio discador!

<><><><><><><><><><><>

<@> Baixe: < EliTriIP >

<@> Salve-o no Desktop!

<@> Desabilite,temporariamente,seu antivírus.

<@> Reinicie o computador e entre em Modo de Segurança.

<@> Execute a ferramenta EliTriIP,com um duplo-clique.

<@> Aceite as condições propostas e aguarde o término do scan.

<@> Permita o escaneamento exploratório,que pode demorar alguns minutos.

<@> Terminando,reinicie em Modo Normal.

<@> Poste o relatório: infoSAT.txt,que está na raíz C:. ( Disco Local-C ) <--

<><><><><><><><><><><>

<@> Baixe: < FixWareout.exe >

 

<@> Ou --> < Link >

 

<@> Salve-o no Desktop! --> Esteja conectado! <-- Importante!

<@> Com todos os programas fechados,dê um duplo clique em FixWareout.exe

<@> Clique no botão Next --> Clique,depois,em Install.

<@> Verifique se a caixa Run fixit está marcada! --> Clique em Finish.

<@> Siga as instruções da tela e,quando perguntar se quer reiniciar ( Restart ),clique em Sim!

<@> Vai demorar para reiniciar.Aguarde!

<@> Verifique se foi gerado,no Disco local ( C ) o relatório. ( report.txt ) <--

<><><><><><><><><><><>

<@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas.

<@> Salve-as,no desktop,como: CFScript <-- Texto!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4028:TCP"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eurrg]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pgemyi]

File::

c:\windows\system32\044.tmp

Driver::

"pgemyi"

"eurrg"

NetSvc::

"eurrg"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste o CFScript.txt,para o ícone do ComboFix.

<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.

<@> Terminando,poste: ComboFix.txt + HijackThis,atualizado + report.txt

 

Abraços!

[Reinaldo 0]

Boa noite caro amigo, segue os logs:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:08:25, on 1/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\ive lima\Meus documentos\programas\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238267737374

O17 - HKLM\System\CCS\Services\Tcpip\..\{0928B44A-2F19-496A-92B4-7BFA4F236077}: NameServer = 200.223.0.84 200.223.0.83

O17 - HKLM\System\CS1\Services\Tcpip\..\{0928B44A-2F19-496A-92B4-7BFA4F236077}: NameServer = 200.223.0.84 200.223.0.83

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4355 bytes

 

################################################################################

 

ComboFix 09-03-22.01 - ive lima 2009-04-01 0:05:25.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.247.96 [GMT -3:00]

Executando de: D:\ComboFix.exe

Comandos utilizados :: c:\documents and settings\ive lima\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

- MODO DE FUNCIONALIDADE REDUZIDA -

 

FILE ::

c:\windows\system32\044.tmp

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\InfoSat.txt

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-01 to 2009-04-01 ))))))))))))))))))))))))))))

.

 

2009-03-31 23:47 . 2009-03-31 23:51 <DIR> d-------- C:\fixwareout

2009-03-29 19:22 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-03-29 19:22 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-03-29 19:22 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-03-29 19:21 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

2009-03-28 22:25 . 2009-03-28 22:25 <DIR> d-------- c:\documents and settings\ive lima\Dados de aplicativos\InstallShield

2009-03-28 22:25 . 2009-03-28 22:25 <DIR> d-------- c:\arquivos de programas\Philips

2009-03-28 22:25 . 2008-01-14 16:58 19,840 --a------ c:\windows\system32\drivers\StMp3Rec.sys

2009-03-28 20:15 . 2009-03-28 20:15 <DIR> d-------- c:\documents and settings\ive lima\Dados de aplicativos\MSN6

2009-03-28 20:15 . 2009-03-28 20:15 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\MSN6

2009-03-28 19:40 . 2009-03-28 19:40 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-28 19:37 . 2009-03-28 19:37 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2009-03-28 19:37 . 2009-03-28 19:37 <DIR> d-------- c:\arquivos de programas\CyberLink

2009-03-28 19:35 . 2009-03-28 19:35 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Ahead

2009-03-28 19:35 . 2009-03-28 19:35 <DIR> d-------- c:\arquivos de programas\Ahead

2009-03-28 19:35 . 2004-07-20 16:24 1,568,768 --------- c:\windows\system32\ImagX7.dll

2009-03-28 19:35 . 2004-07-20 16:24 476,320 --------- c:\windows\system32\ImagXpr7.dll

2009-03-28 19:35 . 2004-07-20 16:24 471,040 --------- c:\windows\system32\ImagXRA7.dll

2009-03-28 19:35 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll

2009-03-28 19:35 . 2004-07-20 16:24 262,144 --------- c:\windows\system32\ImagXR7.dll

2009-03-28 19:35 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2009-03-28 19:35 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2009-03-28 19:35 . 2001-06-26 07:15 38,912 --------- c:\windows\system32\picn20.dll

2009-03-28 19:31 . 2009-03-28 20:16 <DIR> d-------- c:\documents and settings\ive lima\Contacts

2009-03-28 19:28 . 2009-03-28 19:28 268 --ah----- C:\sqmdata00.sqm

2009-03-28 19:28 . 2009-03-28 19:28 244 --ah----- C:\sqmnoopt00.sqm

2009-03-28 19:27 . 2009-03-28 19:27 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-03-28 19:23 . 2009-03-28 19:26 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-03-28 19:22 . 2009-03-28 19:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-03-28 19:22 . 2009-03-28 19:27 <DIR> d-------- c:\arquivos de programas\Windows Live

2009-03-28 18:48 . 2009-03-28 18:48 <DIR> d-------- c:\documents and settings\ive lima\Dados de aplicativos\EA9Backup

2009-03-28 18:46 . 2009-03-28 18:46 <DIR> d-------- c:\documents and settings\ive lima\Dados de aplicativos\Eazy-Ware

2009-03-28 18:46 . 2009-03-28 18:56 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-03-28 18:46 . 2009-03-28 18:46 <DIR> d-------- c:\arquivos de programas\Eazy-Ware

2009-03-28 18:46 . 2009-03-28 18:46 <DIR> d-------- c:\arquivos de programas\EA9

2009-03-28 18:46 . 2009-03-28 18:46 <DIR> d-------- c:\arquivos de programas\AJSystems Common

2009-03-28 18:46 . 2005-11-29 12:05 493,400 --a------ c:\windows\system32\XceedZip.dll

2009-03-28 18:42 . 2009-03-28 18:42 <DIR> d-------- c:\documents and settings\ive lima\Dados de aplicativos\AdobeUM

2009-03-28 18:35 . 2009-03-28 18:35 0 --a------ c:\windows\nsreg.dat

2009-03-28 18:34 . 2009-03-28 19:54 <DIR> d-------- c:\arquivos de programas\eMule

2009-03-28 18:32 . 2009-03-28 18:32 <DIR> d-------- c:\arquivos de programas\Real

2009-03-28 18:32 . 2009-03-28 18:32 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\xing shared

2009-03-28 18:32 . 2009-03-28 18:32 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Real

2009-03-28 18:28 . 2009-03-28 19:40 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-28 18:19 . 2009-03-28 19:40 <DIR> d-------- c:\arquivos de programas\Java

2009-03-28 18:19 . 2009-03-28 18:19 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Java

2009-03-28 18:18 . 2007-08-18 03:54 380,928 --a------ c:\windows\system32\ac3filter.acm

2009-03-28 18:17 . 2009-03-28 18:18 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-28 18:12 . 2009-03-28 18:12 <DIR> d-------- c:\arquivos de programas\GPLGS

2009-03-28 18:00 . 2007-07-12 22:33 87,552 --a------ c:\windows\system32\cpwmon2k.dll

2009-03-28 17:59 . 2009-03-28 17:59 <DIR> d-------- c:\arquivos de programas\Acro Software

2009-03-28 17:55 . 2009-03-28 17:55 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-28 17:45 . 2009-03-28 18:26 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-03-28 17:45 . 2009-03-28 17:45 421 --a------ c:\windows\ODBC.INI

2009-03-28 17:44 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2009-03-28 17:42 . 2009-03-28 17:43 <DIR> d-------- c:\windows\SHELLNEW

2009-03-28 17:38 . 2009-03-28 17:38 <DIR> dr-h----- C:\MSOCache

2009-03-28 17:11 . 2009-03-28 17:41 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-28 17:11 . 2006-07-14 12:38 332,288 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-03-28 17:10 . 2009-03-28 17:10 <DIR> d-------- c:\documents and settings\LocalService\Menu Iniciar

2009-03-28 17:08 . 2009-03-28 17:08 <DIR> d---s---- c:\windows\system32\Microsoft

2009-03-28 17:03 . 2009-03-28 18:15 316,640 --a------ c:\windows\WMSysPr9.prx

2009-03-28 16:54 . 2005-02-25 00:34 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-28 16:54 . 2004-07-17 11:40 19,528 --a------ c:\windows\003553_.tmp

2009-03-28 16:41 . 2009-03-28 16:41 <DIR> d-------- c:\windows\ServicePackFiles

2009-03-28 16:41 . 2009-03-28 17:02 <DIR> d-------- c:\windows\ehome

2009-03-28 16:32 . 2004-07-17 11:38 956,990 --a------ c:\windows\system32\instcat.sql

2009-03-28 16:31 . 2004-08-04 00:45 1,298,432 --a------ c:\windows\system32\dxdiag.exe

2009-03-28 16:20 . 2009-03-28 16:20 <DIR> d-------- c:\windows\system32\bits

2009-03-28 16:18 . 2004-08-04 00:45 351,232 --a------ c:\windows\system32\winhttp.dll

2009-03-28 16:18 . 2004-08-04 00:45 18,944 --a------ c:\windows\system32\qmgrprxy.dll

2009-03-28 16:18 . 2004-08-04 00:45 8,192 --------- c:\windows\system32\bitsprx2.dll

2009-03-28 16:18 . 2004-08-04 00:45 7,168 --------- c:\windows\system32\bitsprx3.dll

2009-03-28 16:17 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll

2009-03-28 16:17 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll

2009-03-28 16:17 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl

2009-03-28 16:17 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll

2009-03-28 16:17 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll

2009-03-28 16:17 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2009-03-28 16:17 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui

2009-03-28 16:17 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2009-03-28 16:17 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui

2009-03-28 16:15 . 2009-03-28 16:15 <DIR> d---s---- c:\documents and settings\ive lima\UserData

2009-03-28 16:10 . 2009-03-28 16:10 <DIR> d-------- c:\windows\OPTIONS

2009-03-28 16:10 . 2009-03-28 16:10 <DIR> d-------- c:\windows\Motorola

2009-03-28 16:10 . 2009-03-28 16:10 <DIR> d-------- c:\arquivos de programas\PCI Fax Modem

2009-03-28 16:10 . 2009-03-28 22:25 <DIR> d--h----- c:\arquivos de programas\InstallShield Installation Information

2009-03-28 16:10 . 2009-03-28 19:36 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-03-28 16:10 . 2004-06-29 18:43 923,570 --a------ c:\windows\system32\drivers\smserial.sys

2009-03-28 16:10 . 2004-06-29 18:42 569,344 --a------ c:\windows\sm56hlpr.exe

2009-03-28 16:10 . 2004-06-29 18:42 73,728 --a------ c:\windows\system32\sm56co.dll

2009-03-28 16:10 . 2001-08-17 21:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys

2009-03-28 16:10 . 2001-08-17 21:57 16,128 --a--c--- c:\windows\system32\dllcache\modemcsa.sys

2009-03-28 16:08 . 2004-08-03 23:15 82,944 --a------ c:\windows\system32\drivers\wdmaud.sys

2009-03-28 16:08 . 2001-08-17 22:00 54,272 --a------ c:\windows\system32\drivers\swmidi.sys

2009-03-28 16:08 . 2001-08-17 22:00 54,272 --a--c--- c:\windows\system32\dllcache\swmidi.sys

2009-03-28 16:08 . 2004-08-03 23:07 52,864 --a------ c:\windows\system32\drivers\dmusic.sys

2009-03-28 16:08 . 2004-08-03 23:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys

2009-03-28 16:07 . 2009-03-28 16:07 <DIR> d-------- c:\arquivos de programas\VIAudioi

2009-03-28 16:06 . 2009-03-28 16:06 <DIR> d-------- c:\documents and settings\ive lima\WINDOWS

2009-03-28 16:06 . 2003-02-18 00:18 774,144 -ra------ c:\windows\system32\nbicdnt.dll

2009-03-28 16:04 . 2004-10-05 16:54 306,688 --a------ c:\windows\IsUninst.exe

2009-03-28 16:04 . 2001-09-05 23:07 36,224 --a------ c:\windows\system32\drivers\isapnp.sys

2009-03-28 16:04 . 2001-09-05 23:07 36,224 --a--c--- c:\windows\system32\dllcache\isapnp.sys

2009-03-28 16:04 . 2003-07-01 17:42 27,904 -ra------ c:\windows\system32\drivers\VIAAGP1.SYS

2009-03-28 16:04 . 2001-10-18 01:00 6,144 -ra------ c:\windows\system32\drivers\viaidexp.sys

2009-03-28 16:00 . 2009-03-28 16:00 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-03-28 16:00 . 2009-03-28 16:00 <DIR> d-------- c:\arquivos de programas\Avira

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-28 21:32 499,712 ----a-w c:\windows\system32\msvcp71.dll

2009-03-28 18:38 --------- d-----w c:\arquivos de programas\microsoft frontpage

2009-03-28 18:36 --------- d-----w c:\arquivos de programas\Serviços on-line

2009-03-28 18:35 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2004-08-04 03:45 166,503 --sha-r c:\windows\system32\zzmcn.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-30_23.33.32,29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-01 02:50:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_638.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-28 148888]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"SMSERIAL"="sm56hlpr.exe" [2004-06-29 c:\windows\sm56hlpr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\eMule\\LinkCreator.exe"=

 

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-03-28 22360]

R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-03-28 45416]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-03-28 108289]

S2 eurrg;Universal Helper;c:\windows\system32\svchost.exe -k netsvcs [2001-10-28 14336]

S3 ecniyr;ecniyr;\??\c:\windows\system32\09A.tmp --> c:\windows\system32\09A.tmp [?]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {0928B44A-2F19-496A-92B4-7BFA4F236077} = 200.223.0.84 200.223.0.83

FF - ProfilePath - c:\documents and settings\ive lima\Dados de aplicativos\Mozilla\Firefox\Profiles\zwpwlbj7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-01 00:05:40

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ecniyr]

"ImagePath"="\??\c:\windows\system32\09A.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eurrg]

"ServiceDll"="c:\windows\system32\zzmcn.dll"

.

Tempo para conclusão: 2009-04-01 0:07:16

ComboFix-quarantined-files.txt 2009-04-01 03:07:03

ComboFix2.txt 2009-03-31 02:34:30

 

Pré-execução: 10 pasta(s) 25.999.511.552 bytes disponíveis

Pós execução: 10 pasta(s) 25,989,619,712 bytes disponíveis

 

201 --- E O F --- 2009-03-28 20:33:46

 

################################################################################

##

 

 

 

Username "ive lima" - 31/03/2009 23:48:22 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

 

Liberação do cache do DNS Resolver bem-sucedida.

 

 

System was rebooted successfully.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="\"C:\\Arquivos de programas\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"

"SMSERIAL"="sm56hlpr.exe"

"SunJavaUpdateSched"="\"C:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe\""

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"RemoteControl"="\"C:\\Arquivos de programas\\CyberLink\\PowerDVD\\PDVDServ.exe\""

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

[DigRam 144]

Bom Dia! Reinaldo

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><>

<@> Baixe: < OTMoveIt3 > ( ...by OldTimer Tools )

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Services

ecniyr

eurrg

:Files

c:\windows\system32\09A.tmp

:Reg

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ecniyr]

"ImagePath"=-

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eurrg]

"ServiceDll"=-

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua execução.

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Reinaldo 0]

Olá meu caro, segue os logs.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:59:40, on 1/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\ive lima\Meus documentos\programas\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238267737374

O17 - HKLM\System\CCS\Services\Tcpip\..\{0928B44A-2F19-496A-92B4-7BFA4F236077}: NameServer = 200.223.0.83 200.223.0.84

O17 - HKLM\System\CS1\Services\Tcpip\..\{0928B44A-2F19-496A-92B4-7BFA4F236077}: NameServer = 200.223.0.83 200.223.0.84

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4350 bytes

---------------------------

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

 

Service\Driver ecniyr deleted successfully.

 

Service\Driver eurrg deleted successfully.

========== FILES ==========

File/Folder c:\windows\system32\09A.tmp not found.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ecniyr not found.

Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eurrg\\ServiceDll not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\IVELIM~1\CONFIG~1\Temp\~DF1F38.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\IVELIM~1\CONFIG~1\Temp\~DF1F4E.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\IVELIM~1\CONFIG~1\Temp\~DF2EAE.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\IVELIM~1\CONFIG~1\Temp\~DF2F54.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\ive lima\Configurações locais\Temporary Internet Files\Content.IE5\S12ZWT2V\01[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\ive lima\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_668.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04012009_233727

 

Files moved on Reboot...

File C:\DOCUME~1\IVELIM~1\CONFIG~1\Temp\~DF1F38.tmp not found!

File C:\DOCUME~1\IVELIM~1\CONFIG~1\Temp\~DF1F4E.tmp not found!

File C:\DOCUME~1\IVELIM~1\CONFIG~1\Temp\~DF2EAE.tmp not found!

File C:\DOCUME~1\IVELIM~1\CONFIG~1\Temp\~DF2F54.tmp not found!

C:\Documents and Settings\ive lima\Configurações locais\Temporary Internet Files\Content.IE5\S12ZWT2V\01[1].htm moved successfully.

File C:\WINDOWS\temp\Perflib_Perfdata_668.dat not found!

[DigRam 144]

Bom Dia! Reinaldo

 

<@> Submeta este ficheiro,abaixo,a uma análise em: < VirSCAN.org >

 

c:\windows\system32\zzmcn.dll

 

<@> Terminando,clique em "Copiar para a 'Area'" ou salve-o como texto.

<@> A tabela,que aparece,pode ser selecionada e copiada no Bloco de Notas. <-- Poste!

<><><><><><><><><><>

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo clique em dds.scr.

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

 

Abraços!

[Reinaldo 0]

Meu amigo, tudo bem?

Não foi encontrado o arquivo informado:zzmcn.dll

o que faço agora?

[DigRam 144]

Meu amigo, tudo bem?

Não foi encontrado o arquivo informado:zzmcn.dll

o que faço agora?

<><><><><><><><><><>

Opa! Reinaldo

 

<!> Siga,então,o procedimento,com o DDS.

<!> Houve uma redução no erro? Tudo Ok?

 

Abraços!

[Reinaldo 0]

Bom dia!

O anti virus continua dando alerta de virus, estou usando a Avira.

E a conexão ontem a noite caiu varias vezes e apagou todos os dados de conexão, mais até aí tudo bem eu refiz.

Vou dar continuidade aos procedimentos e retorno.

[DigRam 144]

Bom dia!

O anti virus continua mostrando dando alert de virus, estou usando a Avira.

E a conexão ontem a noite caiu varias vezes e apagou todos os dados de conexão, mais até aí tudo bem eu refiz.

Vou dar proseguimento no procedimento e retorno.

<><><><><><><><><>

Opa! Reinaldo

 

<!> Quedas na conecção podem ser ocasionadas por muitos fatores:

 

<1> Problemas com o Modem. ( Hardware )

<2> Fluxo de dados recebidos,insuficientes.

<3> Infecções pelo Wareout ou flush.

<4> Pilha winsock corrompida.

<5> Ajustes incorretos,para o seu tipo de conecção,caso possua algum utilitário para esse serviço.

<><><><><><><><><>

<!> Cabe resaltar,que a ferramenta DDS é somente para diagnóstico.

 

Abraços!

[Reinaldo 0]

Boa noite!

segue os logs abaixo:

 

 

DDS (Ver_09-03-16.01) - NTFSx86

Run by ive lima at 23:35:47,20 on --- 03/04/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.247.138 [GMT -3:00]

 

AV: AntiVir Desktop *On-access scanning enabled* (Updated)

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\ive lima\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = about:blank

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [sMSERIAL] sm56hlpr.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238267737374

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\ivelim~1\dadosd~1\mozilla\firefox\profiles\zwpwlbj7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

 

============= SERVICES / DRIVERS ===============

 

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-3-28 22360]

R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-3-28 45416]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-3-28 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-3-28 185089]

S2 iluppkqs;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [2001-10-28 14336]

 

============== File Associations ===============

 

txtfile=Notepad.exe "%1"

 

=============== Created Last 30 ================

 

2009-04-01 23:37 <DIR> --d----- C:\_OTMoveIt

2009-03-31 23:47 <DIR> --d----- C:\fixwareout

2009-03-30 23:30 <DIR> a-dshr-- C:\cmdcons

2009-03-30 23:12 161,792 a------- c:\windows\SWREG.exe

2009-03-30 23:12 98,816 a------- c:\windows\sed.exe

2009-03-29 19:22 208,744 a------- c:\windows\system32\muweb.dll

2009-03-29 19:22 27,496 a------- c:\windows\system32\mucltui.dll.mui

2009-03-29 19:22 268,648 a------- c:\windows\system32\mucltui.dll

2009-03-29 19:21 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys

2009-03-28 22:25 19,840 a------- c:\windows\system32\drivers\StMp3Rec.sys

2009-03-28 22:25 <DIR> --d----- c:\arquivos de programas\Philips

2009-03-28 19:40 410,984 a------- c:\windows\system32\deploytk.dll

2009-03-28 19:35 106,496 a------- c:\windows\system32\TwnLib20.dll

2009-03-28 19:35 1,568,768 -------- c:\windows\system32\ImagX7.dll

2009-03-28 19:35 476,320 -------- c:\windows\system32\ImagXpr7.dll

2009-03-28 19:35 471,040 -------- c:\windows\system32\ImagXRA7.dll

2009-03-28 19:35 364,544 -------- c:\windows\system32\TwnLib4.dll

2009-03-28 19:35 262,144 -------- c:\windows\system32\ImagXR7.dll

2009-03-28 19:35 38,912 -------- c:\windows\system32\picn20.dll

2009-03-28 19:35 155,648 a------- c:\windows\system32\NeroCheck.exe

2009-03-28 19:35 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Ahead

2009-03-28 19:31 <DIR> --d----- c:\documents and settings\ive lima\Contacts

2009-03-28 19:28 268 a---h--- C:\sqmdata00.sqm

2009-03-28 19:28 244 a---h--- C:\sqmnoopt00.sqm

2009-03-28 19:23 <DIR> -cdsh--- c:\arquivos de programas\arquivos comuns\WindowsLiveInstaller

2009-03-28 18:48 <DIR> --d----- c:\docume~1\ivelim~1\dadosd~1\EA9Backup

2009-03-28 18:46 <DIR> --d----- c:\docume~1\ivelim~1\dadosd~1\Eazy-Ware

2009-03-28 18:46 493,400 a------- c:\windows\system32\XceedZip.dll

2009-03-28 18:46 <DIR> --d----- c:\arquivos de programas\Eazy-Ware

2009-03-28 18:46 <DIR> --d----- c:\arquivos de programas\AJSystems Common

2009-03-28 18:46 <DIR> --d----- c:\arquivos de programas\EA9

2009-03-28 18:34 <DIR> --d----- c:\arquivos de programas\eMule

2009-03-28 18:32 <DIR> --d----- c:\arquivos de programas\arquivos comuns\xing shared

2009-03-28 18:32 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Real

2009-03-28 18:28 73,728 a------- c:\windows\system32\javacpl.cpl

2009-03-28 18:18 380,928 a------- c:\windows\system32\ac3filter.acm

2009-03-28 18:17 <DIR> --d----- c:\arquivos de programas\XP Codec Pack

2009-03-28 18:14 <DIR> --d----- c:\windows\RegisteredPackages

2009-03-28 18:12 <DIR> --d----- c:\arquivos de programas\GPLGS

2009-03-28 18:00 87,552 a------- c:\windows\system32\cpwmon2k.dll

2009-03-28 17:59 <DIR> --d----- c:\arquivos de programas\Acro Software

2009-03-28 17:45 <DIR> --d----- c:\windows\system32\CatRoot_bak

2009-03-28 17:45 421 a------- c:\windows\ODBC.INI

2009-03-28 17:44 17,920 a------- c:\windows\system32\mdimon.dll

2009-03-28 17:42 <DIR> --d----- c:\windows\SHELLNEW

2009-03-28 17:33 <DIR> --d----- c:\windows\system32\PreInstall

2009-03-28 17:11 <DIR> --d-h--- c:\windows\$hf_mig$

2009-03-28 17:11 332,288 -c------ c:\windows\system32\dllcache\netapi32.dll

2009-03-28 17:08 <DIR> --ds---- c:\windows\system32\Microsoft

2009-03-28 17:03 316,640 a------- c:\windows\WMSysPr9.prx

2009-03-28 16:54 19,528 a------- c:\windows\003553_.tmp

2009-03-28 16:54 22,752 a------- c:\windows\system32\spupdsvc.exe

2009-03-28 16:41 <DIR> --d----- c:\windows\ServicePackFiles

2009-03-28 16:41 <DIR> --d----- c:\windows\ehome

2009-03-28 16:34 870,784 -------- c:\windows\system32\ati3d1ag.dll

2009-03-28 16:32 294,400 a------- c:\windows\system32\kerberos.dll

2009-03-28 16:31 88,576 a------- c:\windows\system32\fldrclnr.dll

2009-03-28 16:20 <DIR> --d----- c:\windows\system32\bits

2009-03-28 16:18 351,232 a------- c:\windows\system32\winhttp.dll

2009-03-28 16:18 18,944 a------- c:\windows\system32\qmgrprxy.dll

2009-03-28 16:18 8,192 -------- c:\windows\system32\bitsprx2.dll

2009-03-28 16:18 7,168 -------- c:\windows\system32\bitsprx3.dll

2009-03-28 16:17 31,768 a------- c:\windows\system32\wucltui.dll.mui

2009-03-28 16:17 213,528 a------- c:\windows\system32\wuaucpl.cpl

2009-03-28 16:17 27,672 a------- c:\windows\system32\wuaucpl.cpl.mui

2009-03-28 16:17 27,672 a------- c:\windows\system32\wuapi.dll.mui

2009-03-28 16:17 18,968 a------- c:\windows\system32\wuaueng.dll.mui

2009-03-28 16:15 <DIR> --ds---- c:\documents and settings\ive lima\UserData

2009-03-28 16:10 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys

2009-03-28 16:10 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys

2009-03-28 16:10 <DIR> --d----- c:\windows\Motorola

2009-03-28 16:10 <DIR> --d----- c:\windows\OPTIONS

2009-03-28 16:10 923,570 a------- c:\windows\system32\drivers\smserial.sys

2009-03-28 16:10 569,344 a------- c:\windows\sm56hlpr.exe

2009-03-28 16:10 73,728 a------- c:\windows\system32\sm56co.dll

2009-03-28 16:10 <DIR> --d----- c:\arquivos de programas\PCI Fax Modem

2009-03-28 16:10 <DIR> --d----- c:\arquivos de programas\arquivos comuns\InstallShield

2009-03-28 16:08 6,400 a------- c:\windows\system32\drivers\splitter.sys

2009-03-28 16:08 82,944 a------- c:\windows\system32\drivers\wdmaud.sys

2009-03-28 16:08 52,864 a------- c:\windows\system32\drivers\dmusic.sys

2009-03-28 16:08 54,272 ac------ c:\windows\system32\dllcache\swmidi.sys

2009-03-28 16:08 54,272 a------- c:\windows\system32\drivers\swmidi.sys

2009-03-28 16:07 <DIR> --d----- c:\arquivos de programas\VIAudioi

2009-03-28 16:06 52,553 a----r-- c:\windows\system32\S3Ovrlay.cfg

2009-03-28 16:06 <DIR> --d----- c:\documents and settings\ive lima\WINDOWS

2009-03-28 16:04 6,144 a----r-- c:\windows\system32\drivers\viaidexp.sys

2009-03-28 16:04 27,904 a----r-- c:\windows\system32\drivers\VIAAGP1.SYS

2009-03-28 16:04 36,224 ac------ c:\windows\system32\dllcache\isapnp.sys

2009-03-28 16:04 36,224 a------- c:\windows\system32\drivers\isapnp.sys

2009-03-28 16:04 <DIR> --d----- c:\windows\system32\ReinstallBackups

2009-03-28 16:04 306,688 a------- c:\windows\IsUninst.exe

2009-03-28 16:00 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Avira

2009-03-28 16:00 <DIR> --d----- c:\arquivos de programas\Avira

2009-03-28 15:46 <DIR> --dsh--- c:\windows\Installer

2009-03-28 15:45 <DIR> --d-hr-- c:\documents and settings\ive lima\Dados de aplicativos

2009-03-28 15:45 <DIR> --d-h--- c:\documents and settings\ive lima\Modelos

2009-03-28 15:45 <DIR> --d-h--- c:\documents and settings\ive lima\Configurações locais

2009-03-28 15:45 <DIR> --d-h--- c:\documents and settings\ive lima\Ambiente de rede

2009-03-28 15:45 <DIR> --d-h--- c:\documents and settings\ive lima\Ambiente de impressão

2009-03-28 15:45 <DIR> --d--r-- c:\documents and settings\ive lima\Meus documentos

2009-03-28 15:45 <DIR> --d--r-- c:\documents and settings\ive lima\Menu Iniciar

2009-03-28 15:45 <DIR> --d--r-- c:\documents and settings\ive lima\Favoritos

2009-03-28 15:45 <DIR> --d----- c:\documents and settings\ive lima

2009-03-28 15:41 8,192 a------- c:\windows\REGLOCS.OLD

2009-03-28 15:39 19,456 ac------ c:\windows\system32\dllcache\simptcp.dll

2009-03-28 15:38 31,744 ac------ c:\windows\system32\dllcache\fxsroute.dll

2009-03-28 15:37 2,969 a------- c:\windows\system32\CONFIG.NT

2009-03-28 15:37 0 a------- c:\windows\control.ini

2009-03-28 15:37 25,065 a------- c:\windows\system32\wmpscheme.xml

2009-03-28 15:37 23,392 a------- c:\windows\system32\nscompat.tlb

2009-03-28 15:37 16,832 a------- c:\windows\system32\amcompat.tlb

2009-03-28 15:37 299,552 a------- c:\windows\WMSysPrx.prx

2009-03-28 15:36 <DIR> --dsh--- c:\documents and settings\all users\DRM

2009-03-28 15:35 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Serviços

2009-03-28 15:35 <DIR> --d----- c:\arquivos de programas\arquivos comuns\MSSoap

2009-03-28 15:34 <DIR> --d-h--- c:\arquivos de programas\WindowsUpdate

2009-03-28 15:34 <DIR> --d----- c:\arquivos de programas\Serviços on-line

2009-03-28 15:34 <DIR> --d----- c:\arquivos de programas\Messenger

2009-03-28 15:34 <DIR> --d----- c:\arquivos de programas\MSN Gaming Zone

2009-03-28 15:34 <DIR> --d----- c:\arquivos de programas\Windows NT

2009-03-28 15:28 <DIR> --d----- c:\arquivos de programas\arquivos comuns\ODBC

2009-03-28 15:28 <DIR> --d----- c:\arquivos de programas\arquivos comuns\SpeechEngines

2009-03-28 15:28 <DIR> --d-h--- c:\documents and settings\all users\Modelos

2009-03-28 15:28 <DIR> --d--r-- c:\documents and settings\all users\Menu Iniciar

2009-03-28 15:28 <DIR> --d--r-- c:\documents and settings\all users\Documentos

2009-03-28 15:28 <DIR> --d----- c:\documents and settings\all users\Favoritos

2009-03-28 15:27 <DIR> --d-hr-- c:\documents and settings\all users\Dados de aplicativos

 

==================== Find3M ====================

 

2009-03-28 18:32 499,712 a------- c:\windows\system32\msvcp71.dll

2009-03-28 17:22 344,380 a------- c:\windows\system32\perfh016.dat

2009-03-28 17:22 48,628 a------- c:\windows\system32\perfc016.dat

2009-03-28 17:06 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-03-28 15:34 21,844 a------- c:\windows\system32\emptyregdb.dat

2004-08-04 00:45 169,925 a--shr-- c:\windows\system32\zzmcn.dll

 

============= FINISH: 23:36:15,00 ===============

 

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-03-16.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 28/3/2009 15:40:22

System Uptime: 4/3/2009 20:19:46 (723 hours ago)

 

Motherboard: | | P4M266A-8235

Processor: Intel® Celeron® CPU 2.13GHz | Socket 478 | 2144/133mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 24,261 GiB free.

D: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Controlador USB (Universal Serial Bus)

Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_50041458&REV_86\3&13C0B0C5&0&84

Manufacturer:

Name: Controlador USB (Universal Serial Bus)

PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_50041458&REV_86\3&13C0B0C5&0&84

Service:

 

==== System Restore Points ===================

 

RP1: 1/4/2009 19:51:21 - Ponto de verificação do sistema

RP2: 2/4/2009 21:16:32 - Ponto de verificação do sistema

 

==== Installed Programs ======================

 

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.8 - Português

Arquivo do WinRAR

Atualização de Segurança para Windows XP (KB921883)

Atualização para Windows XP (KB898461)

Avira AntiVir Personal - Free Antivirus

CutePDF Writer 2.7

eMule

Express Assist 9.0

HijackThis 2.0.2

Java 6 Update 13

Java 6 Update 7

Microsoft Office Professional Edição 2003

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.0.8)

Nero OEM

PCI Fax Modem

PowerDVD

RealPlayer

S3Display

S3Gamma2

S3Info2

S3Overlay

SA30xx Device Manager

SA30xx Media Converter

VIA Audio Driver Setup Program

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Live installer

Windows Live Messenger

Windows Media Format Runtime

Windows Media Player 10

Windows XP Service Pack 2

XP Codec Pack

 

==== End Of File ===========================

[DigRam 144]

Bom Dia! Reinaldo

 

<@> Abra o OTMoveIt3.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Services

iluppkqs

:Files

c:\windows\system32\zzmcn.dll

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua execução.

<><><><><><><><><><><>

<@> Vá a este link,e baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[Reinaldo 0]

VAmos lá meu caro, segue mais logs.

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

 

Service\Driver iluppkqs deleted successfully.

========== FILES ==========

File/Folder c:\windows\system32\zzmcn.dll not found.

========== COMMANDS ==========

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\ive lima\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_63c.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04042009_221812

 

Files moved on Reboot...

File C:\WINDOWS\temp\Perflib_Perfdata_63c.dat not found!

 

 

 

 

 

 

 

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

 

 

 

 

Malwarebytes' Anti-Malware 1.35

Versão do banco de dados: 1940

Windows 5.1.2600 Service Pack 2

 

4/4/2009 23:14:34

mbam-log-2009-04-04 (23-14-34).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 91386

Tempo decorrido: 20 minute(s), 55 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Not selected for removal.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\GPAZCLYZ\cvxngj[1].bmp (Worm.Conficker) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zzmcn.dll (Worm.Conficker) -> Delete on reboot.

 

 

 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:56:14, on 4/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\ive lima\Meus documentos\programas\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238267737374

O17 - HKLM\System\CCS\Services\Tcpip\..\{0928B44A-2F19-496A-92B4-7BFA4F236077}: NameServer = 200.223.0.83 200.223.0.84

O17 - HKLM\System\CS1\Services\Tcpip\..\{0928B44A-2F19-496A-92B4-7BFA4F236077}: NameServer = 200.223.0.83 200.223.0.84

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4350 bytes

[DigRam 144]

Bom Dia! Reinaldo

 

<@> Baixe: < >

<@> Salve-o no desktop!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Texto!

<@> Poste: DrWeb.csv + HijackThis,atualizado.

 

Abraços!

[Reinaldo 0]

Bom dia!

 

Segue logs.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:38:40, on 6/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\ive lima\Meus documentos\programas\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238267737374

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 4054 bytes

---------------------------

 

knrwth.exeC:\Documents and Settings\All Users\DocumentosWin32.HLLW.Autohit.3438Incurável.Movido.zitudh.exe/data002\new_update_all\kidpo\DO4C.au3.tblC:\Documents and Settings\All Users\Documentos\zitudh.exe/data002Win32.HLLW.Autoruner.baseddata002C:\Documents and Settings\All Users\DocumentosA pasta contem objectos infectadoszitudh.exeC:\Documents and Settings\All Users\DocumentosA pasta contem objectos infectadosMovido.googletalk-setup-pt-BR.exe\data009C:\Documents and Settings\ive lima\Meus documentos\programas\googletalk-setup-pt-BR.exeTrojan.Click.4944googletalk-setup-pt-BR.exeC:\Documents and Settings\ive lima\Meus documentos\programasO arquivo contém objectos infectadosMovido.vnc-4_1_2-x86_win32.exe\data005C:\Documents and Settings\ive lima\Meus documentos\programas\vnc-4_1_2-x86_win32.exeProgram.RemoteAdmin.51vnc-4_1_2-x86_win32.exeC:\Documents and Settings\ive lima\Meus documentos\programasO arquivo contém objectos infectadosMovido.awwuadb[1].bmpC:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\GPAZCLYZWin32.HLLW.Shadow.basedEliminado.bzlynoa[1].bmpC:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\GPAZCLYZWin32.HLLW.Shadow.basedEliminado.hfkm[1].jpgC:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\GPAZCLYZWin32.HLLW.Autoruner.5555Eliminado.ndqvyune[1].pngC:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\GPAZCLYZWin32.HLLW.Shadow.basedEliminado.A0000002.exeC:\System Volume Information\_restore{8A970A4D-AB66-4D36-857B-7DED635891DE}\RP0Win32.HLLWAutohit.3438Incurável.Movido.A0000003.exe/data002\new_update_all\kidpo\DO4C.au3.tblC:\System Volume Information\_restore{8A970A4D-AB66-4D36-857B-7DED635891DE}\RP0\A0000003.exe/data002Win32.HLLW.Autoruner.baseddata002C:\System Volume Information\_restore{8A970A4D-AB66-4D36-857B-7DED635891DE}\RP0A pasta contem objectos infectadosA0000003.exeC:\System Volume Information\_restore{8A970A4D-AB66-4D36-857B-7DED635891DE}\RP0A pasta contem objectos infectadosMovido.zzmcn.dllC:\WINDOWS\system32Win32.HLLW.Shadow.basedEliminado.

[DigRam 144]

Boa Tarde! Reinaldo

 

<!> Os erros,ainda,permanecem?

<><><><><><><><><><>

<@> Baixe: < avz4en.zip > ou < avz_antiviral_toolkit >

<@> Salve-o em Arquivos de programas,e descompacte-o aí mesmo!

<@> Abra a pasta avz4 e execute o aplicativo,com um duplo-clique. <-- Ícone escudo e espada!

<@> Conecte-se à Internet,e atualize o Toolkit. --> "File" --> "Database Update".

<@> Terminando,não faça ainda nenhuma verificação.

<@> Na aba "Search range",marque todas as caixinhas.

<@> Em "File types",marque o botão "All files".

<@> Em "Actions",marque: "Perform healing"

<@> Nos campos,abaixo de "Perform healing",escolha "Report only",para todos os ítens.

<@> Abaixo de "RiskWare",marque a caixa "Copy suspicious files to Quarantine". <-- Somente esta caixa!

<@> No menu "Search parameters",maximize o ajuste "Heuristic analyses".

<@> Marque a caixa "Extended analysis". <-- Somente esta caixa!

<@> Por default,não desmarque as que estão assinaladas!

<@> Feche os programas que estejam abertos,e rode a ferramenta! <-- Clique em Start.

<@> Terminando o scan,clique no ícone "Save log",para dispormos do relatório. ( avz_log )

<@> Clique,também,no ícone dos "óculos".

<@> Clique em "Save as CSV".

<@> Salve,este relatório,no desktop! <-- Formato de texto. ( *.txt )

<@> Nomeie-o como: view_log

<@> Copie e poste: avz_log.txt + view_log.txt,na sua resposta.

 

Abraços!