[Resolvido!] Correção/Validação

DigRam · Maio 30, 2010

Boa Tarde! EDSSX

Todos os últimos itens ( Windows File Protection ) do dia 21/05/2010 do log infra do DDS; seria erros no sistema no qual façamos estas correções ?

<!> Provavelmente! E...devido às versões contraditórias dos arquivos,as correções apresentaram problemas ou bugs no sistema. Se você possui o CD de instalação do Windows XP,execute o comando "SFC scan",presente no Dial-a-fix.

<!> Caso não funcione,pode formatar o computador! Mas...procure adquirir mídia original,e livre desses problemas de certificações,que não são corrigidas por patches de atualizações.

Abraços!

EDSSX · Maio 30, 2010

Boa tade ! DigRam

Ok, pode encerrar este tópico . Vou verificar o que irei de fazer; pois aqui existem arquivos/trabalhos/pesquisas de 10 anos ; portanto formatação pelo menos por enquanto não posso . Estou usando também o ubuntu para navegar na www, porém dá alguns erros também rsrsrs .

Para finalizar rodei novamente o combofix com o TS-2 e com o último script; rodou e gerou log cfe. infra sem erros de tela algum . Obrigado pela tua dedicação e abraços .

ComboFix 10-05-29.05 - edsom luis 30/05/2010 16:46:08.24.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.274 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\windows\ie8\mshtml.dll . . . está infectado!!

d:\windows\ie8\wininet.dll . . . está infectado!!

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-28 to 2010-05-30 ))))))))))))))))))))))))))))

.

2010-05-28 23:59 . 2010-05-28 23:59 -------- d-----w- d:\windows\system32\wbem\Repository

2010-05-28 22:04 . 2010-05-28 22:04 -------- d-----w- d:\windows\system32\6-11-pre-r300_xp-2k_dd_ccc_wdm_38185

2010-05-28 19:56 . 2010-05-28 19:56 -------- d-----w- D:\Recycled(2)

2010-05-28 17:34 . 2010-05-28 17:34 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Office Genuine Advantage

2010-05-27 23:10 . 2010-05-27 23:10 -------- d-----w- d:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2010-05-27 23:10 . 2010-05-27 23:10 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-05-27 14:50 . 2008-06-03 11:31 8704 ----a-w- d:\windows\system32\fixccs.exe

2010-05-26 20:31 . 2008-06-03 11:31 8704 ----a-w- D:\fixccs.exe

2010-05-24 13:58 . 2010-05-24 13:58 503808 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-78abc9e4-n\msvcp71.dll

2010-05-24 13:58 . 2010-05-24 13:58 499712 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-78abc9e4-n\jmc.dll

2010-05-24 13:58 . 2010-05-24 13:58 348160 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-78abc9e4-n\msvcr71.dll

2010-05-24 13:58 . 2010-05-24 13:58 61440 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d19f863-n\decora-sse.dll

2010-05-24 13:58 . 2010-05-24 13:58 12800 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d19f863-n\decora-d3d.dll

2010-05-23 19:44 . 2008-11-06 05:03 -------- d-----w- D:\SDFix

2010-05-23 12:43 . 2010-05-23 12:43 -------- d-----w- d:\documents and settings\edsom luis\.VirtualBox

2010-05-23 12:39 . 2010-05-23 12:39 -------- d-----w- d:\arquivos de programas\Oracle

2010-05-22 19:15 . 2010-05-22 19:15 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\CA

2010-05-21 00:43 . 2010-05-21 00:43 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\K-Meleon

2010-05-21 00:42 . 2010-05-21 00:42 -------- d-----w- d:\arquivos de programas\K-Meleon

2010-05-18 23:28 . 2010-05-18 23:28 133648 ----a-w- d:\windows\system32\VBoxNetFltNotify.dll

2010-05-18 23:28 . 2010-05-18 23:28 111248 ----a-w- d:\windows\system32\drivers\VBoxNetFlt.sys

2010-05-18 23:09 . 2010-05-17 19:48 702120 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-05-18 23:09 . 2010-05-17 19:48 868456 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-05-18 22:11 . 2010-05-18 22:11 -------- d-----w- d:\arquivos de programas\MSBuild

2010-05-15 21:20 . 2010-05-15 21:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\QuickScan

2010-05-05 13:14 . 2010-05-05 13:14 -------- d-----w- d:\arquivos de programas\navilog1

2010-05-05 12:53 . 2010-05-05 12:53 -------- d-----w- D:\Lop SD

2010-05-05 12:53 . 2010-04-04 16:04 537842 ----a-w- D:\HaxFix.exe

2010-05-05 12:53 . 2010-05-05 12:53 -------- d---a-w- D:\Navilog1

2010-05-04 18:34 . 2010-05-04 18:34 12552 ----a-w- d:\windows\system32\drivers\hddirect.sys

2010-05-04 03:41 . 2010-05-04 03:41 -------- d-----w- d:\arquivos de programas\CCleaner

2010-05-03 18:07 . 2010-05-03 18:07 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Avira

2010-05-03 18:00 . 2010-03-01 13:05 124784 ----a-w- d:\windows\system32\drivers\avipbb.sys

2010-05-03 18:00 . 2010-02-16 17:24 60936 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2010-05-03 18:00 . 2009-05-11 15:49 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2010-05-03 18:00 . 2010-05-03 18:00 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2010-05-03 18:00 . 2010-05-03 18:00 -------- d-----w- d:\arquivos de programas\Avira

2010-05-03 18:00 . 2009-05-11 15:49 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2010-05-03 01:06 . 2010-05-28 18:33 15 ----a-w- d:\documents and settings\edsom luis\settings.dat

2010-05-02 21:04 . 2010-04-29 18:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2010-05-02 21:04 . 2010-04-29 18:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2010-05-01 14:11 . 2010-05-01 14:11 -------- d-----w- d:\arquivos de programas\Opera

2010-04-30 21:42 . 2008-04-13 17:44 2560 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Microsoft\USMT\iconlib.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-29 21:38 . 2009-08-27 01:37 664 ----a-w- d:\windows\system32\d3d9caps.dat

2010-05-27 19:05 . 2009-09-22 20:52 1 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2010-05-18 23:28 . 2009-09-18 16:11 100368 ----a-w- d:\windows\system32\drivers\VBoxNetAdp.sys

2010-05-18 23:28 . 2009-09-18 16:11 142864 ----a-w- d:\windows\system32\drivers\VBoxDrv.sys

2010-05-18 23:28 . 2009-09-18 16:10 41744 ----a-w- d:\windows\system32\drivers\VBoxUSBMon.sys

2010-05-18 23:02 . 2001-10-28 21:07 81050 ----a-w- d:\windows\system32\perfc016.dat

2010-05-18 23:02 . 2001-10-28 21:07 472248 ----a-w- d:\windows\system32\perfh016.dat

2010-05-18 02:30 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2010-05-17 18:52 . 2010-02-06 22:21 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt

2010-04-22 23:54 . 2010-04-22 23:54 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware

2010-04-21 18:22 . 2010-04-18 01:03 79488 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\jre1.6.0_20\gtapi.dll

2010-04-21 18:22 . 2010-04-18 01:03 152576 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\jre1.6.0_20\lzma.dll

2010-04-18 20:27 . 2010-04-18 20:27 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Stardock

2010-04-18 00:33 . 2010-04-18 00:33 411368 ----a-w- d:\windows\system32\deployJava1.dll

2010-04-14 07:02 . 2007-09-19 14:24 327168 ----a-w- d:\windows\IsUn0416.exe

2010-04-06 01:42 . 2010-04-06 01:42 -------- d-----w- d:\arquivos de programas\Safari

2010-04-06 01:41 . 2010-04-06 01:41 -------- d-----w- d:\arquivos de programas\Apple Software Update

2010-04-04 19:14 . 2010-04-04 19:14 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Apple

2010-04-04 19:14 . 2010-04-04 19:14 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Apple

2010-04-01 20:31 . 2010-04-01 20:31 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\WinZip

2010-03-10 06:16 . 2004-08-04 10:45 420352 ----a-w- d:\windows\system32\vbscript.dll

2010-03-04 07:00 . 2010-03-04 07:00 79144 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2009-12-01 18:16 . 2009-12-01 18:16 38338 ------w- d:\arquivos de programas\Uninst.isu

2009-11-27 21:47 . 2009-11-13 21:19 218 ------w- d:\arquivos de programas\Arquivos comuns\operaprefs_default.ini

2009-11-20 22:11 . 2009-11-20 22:11 15828 ------w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-11-20 22:01 . 2009-11-20 22:01 832296 ------w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-11-20 22:01 . 2009-11-20 22:01 4450088 ------w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-11-20 22:00 . 2009-11-20 22:00 20480 ------w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-11-20 22:00 . 2009-11-20 22:00 653419 ------w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-11-13 21:19 . 2009-03-27 23:27 2320 ------w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-08-19 08:39 . 2009-08-19 08:39 330 ------w- d:\arquivos de programas\setup.ini

2009-07-10 06:20 . 2009-12-01 18:16 621546 ----a-w- d:\arquivos de programas\Arquivos comuns\ACIHELP.HLP.vir

2009-07-10 06:20 . 2009-12-01 18:16 3219 ----a-w- d:\arquivos de programas\Arquivos comuns\Acihelp.cnt.vir

2009-06-17 17:41 . 2009-06-17 17:41 3870 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt.vir

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml.vir

2004-02-26 16:35 . 2004-02-26 16:35 7904 ------w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ------w- d:\arquivos de programas\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ------w- d:\arquivos de programas\instmsia.exe

2009-11-24 09:18 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

.

------- Sigcheck -------

[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\system32\mshtml.dll

[7] 2010-02-25 . 23099BB44DA6A7D80B15FF4F7C51877D . 5944832 . . [8.00.6001.18904] . . d:\windows\ie8\mshtml.dll

[-] 2009-12-22 . 9CEF5BDCA08EF0E1EDBE554DD42EA78A . 3092480 . . [6.00.2900.5921] . . d:\windows\ServicePackFiles\i386\TS\mshtml.dll

[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\system32\wininet.dll

[7] 2010-02-25 . E5CC74D62E06066451D59248CBFBAED0 . 916480 . . [8.00.6001.18904] . . d:\windows\ie8\wininet.dll

[-] 2009-12-22 . 48447E9A4417F21933C1A2C2CCC37E4E . 669184 . . [6.00.2900.5921] . . d:\windows\ServicePackFiles\i386\TS\wininet.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-05-29_03.12.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-30 19:53 . 2010-05-30 19:53 16384 d:\windows\temp\Perflib_Perfdata_198.dat

+ 2010-05-30 17:07 . 2010-05-30 17:08 16384 d:\windows\temp\Perflib_Perfdata_178.dat

+ 2010-05-29 12:53 . 2010-05-29 12:53 8192 d:\windows\ERDNT\29-5-2010\Users\00000004\UsrClass.dat

+ 2010-05-29 12:53 . 2010-05-29 12:53 8192 d:\windows\ERDNT\29-5-2010\Users\00000002\UsrClass.dat

+ 2010-05-29 12:53 . 2010-05-29 12:53 462848 d:\windows\ERDNT\29-5-2010\Users\00000006\UsrClass.dat

+ 2010-05-29 12:53 . 2010-05-29 12:53 233472 d:\windows\ERDNT\29-5-2010\Users\00000003\NTUSER.DAT

+ 2010-05-29 12:53 . 2010-05-29 12:53 229376 d:\windows\ERDNT\29-5-2010\Users\00000001\NTUSER.DAT

+ 2010-05-29 12:53 . 2005-10-20 15:02 163328 d:\windows\ERDNT\29-5-2010\ERDNT.EXE

+ 2004-08-04 10:40 . 2010-02-17 17:07 2194176 d:\windows\system32\ntoskrnl.exe

+ 2004-08-04 03:40 . 2010-02-16 19:07 2071040 d:\windows\system32\ntkrnlpa.exe

+ 2010-02-17 17:07 . 2010-02-17 17:07 2194176 d:\windows\ServicePackFiles\i386\TS\ntoskrnl.exe

+ 2010-02-16 19:07 . 2010-02-16 19:07 2071040 d:\windows\ServicePackFiles\i386\TS\ntkrnlpa.exe

+ 2010-05-29 12:53 . 2010-05-29 12:53 12955648 d:\windows\ERDNT\29-5-2010\Users\00000005\NTUSER.DAT

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CursorXP"="d:\arquivos de programas\CursorXP\CursorXP.exe" [2005-01-19 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

"HonorAutoRunSetting"= 0 (0x0)

"NoFileUrl"= 0 (0x0)

"NoUpdateCheck"= 0 (0x0)

"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_15.01.2010_15-37.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_18.02.2010_16-03.lnk]

[HKLM\~\startupfolder\^.mjsync_pt_BR]

path=\.mjsync_pt_BR

[HKLM\~\startupfolder\^catchme.exe]

path=\catchme.exe

[HKLM\~\startupfolder\^Desktop.rar]

path=\Desktop.rar

[HKLM\~\startupfolder\^dumphive.exe]

path=\dumphive.exe

[HKLM\~\startupfolder\^Favoritos.rar]

path=\Favoritos.rar

[HKLM\~\startupfolder\^haxoth2.txt]

path=\haxoth2.txt

[HKLM\~\startupfolder\^md5file.exe]

path=\md5file.exe

[HKLM\~\startupfolder\^moveex.exe]

path=\moveex.exe

[HKLM\~\startupfolder\^NTUSER.DAT]

path=\ntuser.dat

[HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt]

path=\NTUSER.DAT.bak_jv16pt

[HKLM\~\startupfolder\^ntuser.dat.LOG]

path=\ntuser.dat.LOG

[HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG]

path=\NTUSER.DAT.tmp.LOG

[HKLM\~\startupfolder\^ntuser.ini]

path=\ntuser.ini

[HKLM\~\startupfolder\^ntuser.pol]

path=\ntuser.pol

[HKLM\~\startupfolder\^PrivacIE.rar]

path=\PrivacIE.rar

[HKLM\~\startupfolder\^process.exe]

path=\process.exe

[HKLM\~\startupfolder\^rebuilt.Menu Iniciar.rar]

path=\rebuilt.Menu Iniciar.rar

[HKLM\~\startupfolder\^rebuilt.UserData.rar]

path=\rebuilt.UserData.rar

[HKLM\~\startupfolder\^run2.hax]

path=\run2.hax

[HKLM\~\startupfolder\^swreg.exe]

path=\swreg.exe

[HKLM\~\startupfolder\^swsc.exe]

path=\swsc.exe

[HKLM\~\startupfolder\^tool_en.log]

path=\tool_en.log

[HKLM\~\startupfolder\^UserData.rar]

path=\UserData.rar

[HKLM\~\startupfolder\^vfind.exe]

path=\vfind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- d:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 03:20 15360 ----a-w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]

2005-01-19 19:34 128000 ----a-w- d:\arquivos de programas\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

2008-11-04 04:44 435096 ------w- d:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 14:43 248040 ----a-w- d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"GoogleDesktopManager-060409-093314"=3 (0x3)

"ZeppelinService"=2 (0x2)

"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Arquivos de programas\\Arquivos comuns\\opera.exe"=

"d:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"d:\\Arquivos de programas\\Opera\\opera.exe"=

"d:\\Arquivos de programas\\Oracle\\VirtualBox\\VirtualBox.exe"=

R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/9/2009 13:11 142864]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/9/2009 13:10 41744]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/3/2005 12:00 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [3/5/2010 15:00 135336]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/9/2009 13:11 100368]

R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [18/5/2010 20:28 111248]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/3/2007 02:00 30032]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-05-30 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

------- Scan Suplementar -------

.

mWindow Title =

IE: E&xportar para o Microsoft Excel

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR

FF - component: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: d:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-30 16:55

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\.Default\Software\Stardock\WindowBlinds\WB5.ini\Installed]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1048)

d:\windows\system32\sfc_os.dll

d:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1104)

d:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(2852)

d:\windows\system32\WININET.dll

d:\windows\system32\COMRes.dll

d:\windows\System32\cscui.dll

d:\windows\system32\ntshrui.dll

d:\windows\system32\msi.dll

d:\windows\system32\LINKINFO.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\NETSHELL.dll

d:\windows\system32\credui.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

d:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

d:\arquivos de programas\Java\jre6\bin\jqs.exe

d:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

d:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

d:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

d:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-05-30 16:58:33 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-05-30 19:58

ComboFix2.txt 2010-05-30 17:12

ComboFix3.txt 2010-05-30 16:08

ComboFix4.txt 2010-05-30 13:52

ComboFix5.txt 2010-05-30 19:45

Pré-execução: 22 pasta(s) 41.264.381.952 bytes disponíveis

Pós execução: 23 pasta(s) 41.224.372.224 bytes disponíveis

- - End Of File - - B77E00B0A198EE9E35F3486DE6A5A855

Obrigado pela tua dedicação e abraços

DigRam · Maio 30, 2010

Boa Noite! EDSSX

Ok, pode encerrar este tópico . Vou verificar o que irei de fazer; pois aqui existem arquivos/trabalhos/pesquisas de 10 anos ; portanto formatação pelo menos por enquanto não posso . Estou usando também o ubuntu para navegar na www, porém dá alguns erros também rsrsrs .

<!> Faça backups e formate! Essa é a melhor opção.

Para finalizar rodei novamente o combofix com o TS-2 e com o último script; rodou e gerou log cfe. infra sem erros de tela algum . Obrigado pela tua dedicação e abraços .

<!> Se TS-2 estava na pasta i386,os relatórios não indicaram sua presença.

<!> É...foi uma boa luta! Valeu a experiência. :lol:

Abraços!

EDSSX · Junho 22, 2010

Boa tarde !

Conforme nossa mp, segue os logs :

ComboFix 10-06-22.02 - edsom luis 22/06/2010 17:49:41.27.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.293 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\windows\rrxx.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-22 to 2010-06-22 ))))))))))))))))))))))))))))

.

2010-06-22 19:10 . 2010-06-22 19:10 -------- d-----w- d:\arquivos de programas\Opera 10.60 Beta

2010-06-22 17:52 . 2010-06-22 17:52 -------- d-----w- D:\FOUND.000

2010-06-21 22:35 . 2010-06-21 22:35 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\MySQL

2010-06-09 14:40 . 2010-06-09 14:40 -------- d-----w- d:\arquivos de programas\Safari

2010-06-09 14:38 . 2010-06-09 14:38 -------- d-----w- d:\arquivos de programas\Apple Software Update

2010-06-07 13:12 . 2010-06-07 13:12 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\IObit

2010-06-04 15:29 . 2010-06-04 15:29 71992 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

2010-06-03 20:40 . 2010-06-03 20:40 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-05-31 23:57 . 2010-04-04 16:04 537842 ----a-w- D:\HaxFix.exe

2010-05-31 18:54 . 2010-05-31 19:34 702120 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-05-31 18:54 . 2010-05-31 19:34 868456 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-05-30 21:29 . 2010-05-05 13:14 -------- d---a-w- D:\Navilog1

2010-05-30 20:32 . 2010-05-30 20:32 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Panda Security