[Resolvido!] [Reaberto] Trojan-Downloader.Murlo

[EDSSX 0]

Meu caro amigo ; após os proçedimentos acima com o java ; para mim o site do imasters (apenas ele ) apareçe assim :

 

 

 

Uploaded with ImageShack.us

 

 

Com os dizres e links enormes ; desinstalei o java e não mais consigo instalar

[EDSSX 0]

Boa tarde !

 

 

O problema com a aparição com dizeres enormes cfe. o post acima é apenas pelo mozilla .

 

 

A mensagem de alerta do FF :

 

 

Alerta: Propriedade desconhecida “-moz-outline”. Declaração ignorada.

Arquivo-fonte: http://forum.imasters.com.br/public/min/index.php?f=public/style_css/css_4/calendar_select.css,public/style_css/css_4/ipb_editor.css,public/style_css/css_4/ipb_styles.css,public/style_css/prettify.css

Linha: 217

 

Abraços

[Renato Utsch 24]

Olá!

 

Você não consegue instalar o java novamente? Tente reinstalar o firefox...

 

 

Abraços :D

[EDSSX 0]

Boa tarde

 

 

Reinstalei o FF e consegui reinstalar o java 6 21 .

 

Agora o site do imasters continua com os dizeres enormes pelo mozilla ; interessante é apenas ele e com o FF ; d+ sites com o ff abre normal .

 

 

Abraços

[EDSSX 0]

Boa noite ! Lord Evil

 

 

Enquanto à aparição do site;explorei o mozilla e normalizei, bastou ir na aba exibir>zoom>normal e pronto .

 

Creio que o log do combofix lá acima e do dds infra estejam limpos .

 

 

 

DDS (Ver_10-03-17.01) - FAT32x86

Run by edsom luis at 22:46:01,07 on sáb 28/08/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.132 [GMT -3:00]

 

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

============== Running Processes ===============

 

D:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

D:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\system32\osk.exe

D:\WINDOWS\system32\MSSWCHX.EXE

D:\Arquivos de programas\Avira\AntiVir Desktop\avnotify.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr

 

============== Pseudo HJT Report ===============

 

mWindow Title =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CursorXP] d:\arquivos de programas\cursorxp\CursorXP.exe

uRun: [msnmsgr] "d:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mRun: [DWQueuedReporting] "d:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t

mRun: [sunJavaUpdateSched] "d:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

IE: E&xportar para o Microsoft Excel

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\izozpjim.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR

FF - component: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: d:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - d:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

 

============= SERVICES / DRIVERS ===============

 

R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2010-5-3 11608]

R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 142864]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41744]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\avira\antivir desktop\sched.exe [2010-5-3 135336]

R2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\AVGUARD.EXE [2010-5-3 267432]

R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2010-5-3 60936]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 100368]

R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2010-5-18 111248]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]

 

=============== Created Last 30 ================

 

2010-08-28 20:03:40 73728 ----a-w- d:\windows\system32\javacpl.cpl

2010-08-28 20:02:17 0 ----a-w- d:\windows\system32\REN28E.tmp

2010-08-28 20:02:17 0 ----a-w- d:\windows\system32\REN28D.tmp

2010-08-28 20:02:17 0 ----a-w- d:\windows\system32\REN28C.tmp

2010-08-28 19:10:42 297808 ----a-w- d:\windows\system32\TBD1F5.tmp

2010-08-28 18:52:06 0 d-----w- d:\windows\system32\wbem\Repository

2010-08-28 17:49:21 297808 ----a-w- d:\windows\system32\TBD1ED.tmp

2010-08-28 12:44:49 297808 ----a-w- d:\windows\system32\TBD21C.tmp

2010-08-28 00:24:56 0 d-sh--w- D:\Recycled

2010-08-25 15:38:43 0 d-----w- d:\arquivos de programas\Windows Live SkyDrive

2010-08-23 15:28:49 574 ----a-w- D:\cleanup.bat

2010-08-20 21:51:40 77312 ----a-w- d:\windows\MBR.exe

2010-08-19 20:23:12 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\Runscanner.net

2010-08-17 22:40:15 0 d---a-r- D:\Autorun.inf

2010-08-12 18:18:09 0 d-----w- d:\arquivos de programas\arquivos comuns\Windows Live

2010-07-31 15:24:27 7383 ----a-w- d:\windows\system32\drivers\pctplsg.cat

 

==================== Find3M ====================

 

2010-08-28 20:03:30 423656 ----a-w- d:\windows\system32\deployJava1.dll

2010-08-03 19:57:26 219648 ----a-w- d:\windows\system32\uxtheme.dll

2010-07-19 22:46:40 56324 ---ha-w- d:\windows\system32\mlfcache.dat

2010-06-30 12:32:26 149504 ----a-w- d:\windows\system32\schannel.dll

2010-06-24 12:24:54 916480 ----a-w- d:\windows\system32\wininet.dll

2010-06-24 09:02:34 1852032 ----a-w- d:\windows\system32\win32k.sys

2010-06-17 14:03:10 80384 ----a-w- d:\windows\system32\iccvid.dll

2010-06-14 07:42:28 1172480 ----a-w- d:\windows\system32\msxml3.dll

2010-06-10 14:34:20 6291456 ----a-w- d:\windows\system32\perfh016.dat

2010-06-10 14:34:20 6029312 ----a-w- d:\windows\system32\perfc016.dat

2009-12-01 18:16:32 38338 ------w- d:\arquivos de programas\Uninst.isu

2009-11-27 21:47:52 218 ------w- d:\arquivos de programas\arquivos comuns\operaprefs_default.ini

2009-11-20 22:11:28 15828 ------w- d:\arquivos de programas\arquivos comuns\license.rtf

2009-11-20 22:01:18 832296 ------w- d:\arquivos de programas\arquivos comuns\opera.exe

2009-11-20 22:01:16 4450088 ------w- d:\arquivos de programas\arquivos comuns\opera.dll

2009-11-20 22:00:42 20480 ------w- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll

2009-11-20 22:00:24 653419 ------w- d:\arquivos de programas\arquivos comuns\encoding.bin

2009-11-13 21:19:06 2320 ------w- d:\arquivos de programas\arquivos comuns\operadef6.ini

2009-08-19 08:39:36 330 ------w- d:\arquivos de programas\setup.ini

2009-07-10 06:20:00 621546 ----a-w- d:\arquivos de programas\arquivos comuns\ACIHELP.HLP.vir

2009-07-10 06:20:00 3219 ----a-w- d:\arquivos de programas\arquivos comuns\Acihelp.cnt.vir

2009-06-17 17:41:58 3870 ----a-w- d:\arquivos de programas\arquivos comuns\lngcode.txt.vir

2008-06-09 13:17:20 301 ----a-w- d:\arquivos de programas\arquivos comuns\c3nform.vxml.vir

2004-02-26 16:35:04 7904 ------w- d:\arquivos de programas\arquivos comuns\html40_entities.dtd

2009-01-21 15:39:44 32768 --sha-w- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat

2009-11-24 09:18:56 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

 

============= FINISH: 22:46:59,48 ===============

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 19/9/2007 10:51:37

System Uptime: 28/8/2010 15:52:44 (7 hours ago)

 

Motherboard: ECS | | M825G

Processor: AMD Sempron 2400+ | Socket-A | 1668/166mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (FAT32) - 17 GiB total, 9,928 GiB free.

D: is FIXED (FAT32) - 59 GiB total, 37,531 GiB free.

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: RADEON 9200 PRO Family (Microsoft Corporation)

Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

Manufacturer: ATI Technologies Inc.

Name: RADEON 9200 PRO Family (Microsoft Corporation)

PNP Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

Service: ati2mtag

 

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: RADEON 9200 PRO SEC Family (Microsoft Corporation)

Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

Manufacturer: ATI Technologies Inc.

Name: RADEON 9200 PRO SEC Family (Microsoft Corporation)

PNP Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

Service: ati2mtag

 

Class GUID:

Description:

Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Manufacturer:

Name:

PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Service:

 

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Manufacturer:

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Service:

 

==== System Restore Points ===================

 

RP55: 28/8/2010 22:34:52 - LCCD

 

==== Installed Programs ======================

 

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2 - Português

Apple Application Support

Apple Software Update

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB978695)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 8 (KB2183461)

Atualização de Segurança para Windows Internet Explorer 8 (KB969897)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB974455)

Atualização de Segurança para Windows Internet Explorer 8 (KB976325)

Atualização de Segurança para Windows Internet Explorer 8 (KB978207)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows Internet Explorer 8 (KB982381)

Atualização de Segurança para Windows XP (KB2079403)

Atualização de Segurança para Windows XP (KB2115168)

Atualização de Segurança para Windows XP (KB2160329)

Atualização de Segurança para Windows XP (KB2229593)

Atualização de Segurança para Windows XP (KB2286198)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB975562)

Atualização de Segurança para Windows XP (KB978542)

Atualização de Segurança para Windows XP (KB979482)

Atualização de Segurança para Windows XP (KB979559)

Atualização de Segurança para Windows XP (KB980195)

Atualização de Segurança para Windows XP (KB980218)

Atualização de Segurança para Windows XP (KB980436)

Atualização de Segurança para Windows XP (KB981852)

Atualização de Segurança para Windows XP (KB981997)

Atualização de Segurança para Windows XP (KB982214)

Atualização de Segurança para Windows XP (KB982665)

Atualização para Windows Internet Explorer 8 (KB973874)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows Internet Explorer 8 (KB976749)

Atualização para Windows Internet Explorer 8 (KB980182)

Avira AntiVir Personal - Free Antivirus

BrOffice.org 3.1

C-Media WDM Audio Driver

CCleaner

CursorXP

EVEREST Home Edition v2.20

Ferramenta de Carregamento do Windows Live

Gadwin PrintScreen

Google Chrome

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix para Windows XP (KB981793)

Java Auto Updater

Java 6 Update 21

K-Meleon 1.5.4 en-US (remove only)

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Speech Recognition Engine 4.0 (English)

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6.8)

MSVCRT

MSXML 4.0 SP2 (KB973688)

Opera 10.61

Revo Uninstaller 1.89

Safari

Segoe UI

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

você 9.0 Runtime

VIA Rhine-Family Fast-Ethernet Adapter

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format 11 runtime

XML Paper Specification Shared Components Pack 1.0

 

==== End Of File ===========================

 

 

 

 

 

 

Obrigado e abraços

[Renato Utsch 24]

Olá!

 

Me desculpe pela demora para responder...

 

________________________________________________________

 

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

 

• Delete o Combofix.exe do seu desktop e baixe uma nova versão AQUI, salvando no seu Desktop.
  
• Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Code":
  

  FILE::d:\windows\system32\REN28E.tmpd:\windows\system32\REN28D.tmpd:\windows\system32\REN28C.tmp

  
   
  

• Salve este arquivo como: CFScript.txt
  
  
• Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe.
  
• Se solicitado, pressione Enter para iniciar o processo de remoção.
  
• Não use o mouse nem o teclado quando o ComboFix estiver rodando.
  
• Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

 

 

Abraços :D

[EDSSX 0]

Bom dia ! Lord Evil

 

 

Tudo bem ; todos nós temos nossos diversos compromissos .

 

 

 

ComboFix 10-08-28.02 - edsom luis 30/08/2010 9:22.53.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.361 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

Comandos utilizados :: d:\documents and settings\edsom luis\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

FILE ::

"d:\windows\system32\REN28C.tmp"

"d:\windows\system32\REN28D.tmp"

"d:\windows\system32\REN28E.tmp"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

d:\windows\system32\REN28C.tmp

d:\windows\system32\REN28D.tmp

d:\windows\system32\REN28E.tmp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))

.

 

2010-08-28 18:52 . 2010-08-28 18:52 -------- d-----w- d:\windows\system32\wbem\Repository

2010-08-25 15:38 . 2010-08-25 15:38 -------- d-----w- d:\arquivos de programas\Windows Live SkyDrive

2010-08-25 15:38 . 2010-08-25 15:38 -------- d-----w- d:\arquivos de programas\Windows Live

2010-08-23 15:28 . 2010-08-23 15:28 574 ----a-w- D:\cleanup.bat

2010-08-19 20:23 . 2010-08-27 23:16 157184 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Runscanner.net\VirusTotalUpload.exe

2010-08-19 20:23 . 2010-08-19 20:23 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Runscanner.net

2010-08-12 18:18 . 2010-08-12 18:18 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Windows Live

2010-08-09 14:07 . 2010-08-09 14:07 503808 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7bdeb69a-n\msvcp71.dll

2010-08-09 14:07 . 2010-08-09 14:07 499712 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7bdeb69a-n\jmc.dll

2010-08-09 14:07 . 2010-08-09 14:07 348160 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7bdeb69a-n\msvcr71.dll

2010-08-09 14:07 . 2010-08-09 14:07 61440 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63c474f1-n\decora-sse.dll

2010-08-09 14:07 . 2010-08-09 14:07 12800 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63c474f1-n\decora-d3d.dll

2010-08-06 12:49 . 2010-07-27 01:30 705208 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-08-06 12:49 . 2010-07-27 01:30 978664 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-30 12:15 . 2009-08-27 01:37 664 ----a-w- d:\windows\system32\d3d9caps.dat

2010-08-28 20:03 . 2010-04-18 00:33 423656 ----a-w- d:\windows\system32\deployJava1.dll

2010-08-24 16:45 . 2009-09-22 20:52 1 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2010-08-03 19:57 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2010-07-19 22:46 . 2010-07-19 22:46 56324 ---ha-w- d:\windows\system32\mlfcache.dat

2010-07-19 18:19 . 2010-07-19 18:19 -------- d-----w- d:\arquivos de programas\Safari

2010-07-19 18:19 . 2010-07-19 18:19 -------- d-----w- d:\arquivos de programas\Apple Software Update

2010-07-19 17:57 . 2010-07-19 17:57 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\K-Meleon

2010-07-19 17:55 . 2010-07-19 17:55 -------- d-----w- d:\arquivos de programas\K-Meleon

2010-07-18 22:12 . 2010-07-18 22:12 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\PC Tools

2010-07-18 22:12 . 2010-07-18 22:12 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\PC Tools

2010-07-18 00:06 . 2010-07-18 00:06 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\IObit

2010-07-16 15:10 . 2010-07-16 15:10 -------- d-----w- d:\arquivos de programas\Opera

2010-07-16 14:40 . 2010-07-16 14:40 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Avira

2010-07-16 14:40 . 2010-07-16 14:40 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2010-07-16 14:05 . 2010-07-16 14:05 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira(2)

2010-07-15 20:48 . 2010-07-15 20:48 -------- d-----w- d:\arquivos de programas\CursorXP

2010-07-15 17:46 . 2010-07-15 17:46 -------- d-----w- d:\arquivos de programas\CursorXP(2)

2010-06-30 12:32 . 2004-08-04 10:45 149504 ----a-w- d:\windows\system32\schannel.dll

2010-06-24 12:24 . 2004-08-04 10:45 916480 ----a-w- d:\windows\system32\wininet.dll

2010-06-24 09:02 . 2004-08-04 10:38 1852032 ----a-w- d:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 09:14 354304 ----a-w- d:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-04 10:45 80384 ----a-w- d:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2007-09-19 13:43 744448 ----a-w- d:\windows\pchealth\helpctr\binaries\HelpSvc.exe

2010-06-14 07:42 . 2004-08-04 10:45 1172480 ----a-w- d:\windows\system32\msxml3.dll

2010-06-10 14:34 . 2001-10-28 21:07 6291456 ----a-w- d:\windows\system32\perfh016.dat

2010-06-10 14:34 . 2001-10-28 21:07 6029312 ----a-w- d:\windows\system32\perfc016.dat

2010-06-04 15:29 . 2010-06-04 15:29 71992 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

2009-12-01 18:16 . 2009-12-01 18:16 38338 ------w- d:\arquivos de programas\Uninst.isu

2009-11-27 21:47 . 2009-11-13 21:19 218 ------w- d:\arquivos de programas\Arquivos comuns\operaprefs_default.ini

2009-11-20 22:11 . 2009-11-20 22:11 15828 ------w- d:\arquivos de programas\Arquivos comuns\license.rtf

2009-11-20 22:01 . 2009-11-20 22:01 832296 ------w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-11-20 22:01 . 2009-11-20 22:01 4450088 ------w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-11-20 22:00 . 2009-11-20 22:00 20480 ------w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-11-20 22:00 . 2009-11-20 22:00 653419 ------w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-11-13 21:19 . 2009-03-27 23:27 2320 ------w- d:\arquivos de programas\Arquivos comuns\operadef6.ini

2009-08-19 08:39 . 2009-08-19 08:39 330 ------w- d:\arquivos de programas\setup.ini

2009-07-10 06:20 . 2009-12-01 18:16 621546 ----a-w- d:\arquivos de programas\Arquivos comuns\ACIHELP.HLP.vir

2009-07-10 06:20 . 2009-12-01 18:16 3219 ----a-w- d:\arquivos de programas\Arquivos comuns\Acihelp.cnt.vir

2009-06-17 17:41 . 2009-06-17 17:41 3870 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt.vir

2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml.vir

2004-02-26 16:35 . 2004-02-26 16:35 7904 ------w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd

2009-11-24 09:18 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat

.

 

------- Sigcheck -------

 

[-] 2008-04-13 . 88578EEECDAC059F9B12B8D3DA41FFAB . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll

[-] 2008-04-13 . 88578EEECDAC059F9B12B8D3DA41FFAB . 1312256 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ole32.dll

[-] 2005-07-26 . B300CB983AB3D3CDE4332E47852706FB . 1285632 . . [5.1.2600.2726] . . d:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll

[-] 2005-04-28 . 86A64F2146E3DE3E2D0251F7DEC38C3A . 1286144 . . [5.1.2600.2665] . . d:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll

 

[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . d:\windows\ServicePackFiles\i386\iexplore.exe

[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . d:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe

[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . d:\windows\ie8\iexplore.exe

[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . d:\windows\ie7updates\KB961260-IE7\iexplore.exe

[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . d:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe

[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . d:\windows\ie7updates\KB958215-IE7\iexplore.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CursorXP"="d:\arquivos de programas\CursorXP\CursorXP.exe" [2005-01-19 128000]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]

 

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_15.01.2010_15-37.lnk]

 

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_18.02.2010_16-03.lnk]

 

[HKLM\~\startupfolder\^.mjsync_pt_BR]

path=\.mjsync_pt_BR

 

[HKLM\~\startupfolder\^catchme.exe]

path=\catchme.exe

 

[HKLM\~\startupfolder\^Desktop.rar]

path=\Desktop.rar

 

[HKLM\~\startupfolder\^dumphive.exe]

path=\dumphive.exe

 

[HKLM\~\startupfolder\^Favoritos.rar]

path=\Favoritos.rar

 

[HKLM\~\startupfolder\^haxoth2.txt]

path=\haxoth2.txt

 

[HKLM\~\startupfolder\^ipconfig]

path=\ipconfig

 

[HKLM\~\startupfolder\^Items.xml]

path=\Items.xml

 

[HKLM\~\startupfolder\^md5file.exe]

path=\md5file.exe

 

[HKLM\~\startupfolder\^moveex.exe]

path=\moveex.exe

 

[HKLM\~\startupfolder\^NTUSER.DAT]

path=\ntuser.dat

 

[HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt]

path=\NTUSER.DAT.bak_jv16pt

 

[HKLM\~\startupfolder\^ntuser.dat.LOG]

path=\ntuser.dat.LOG

 

[HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG]

path=\NTUSER.DAT.tmp.LOG

 

[HKLM\~\startupfolder\^ntuser.ini]

path=\ntuser.ini

 

[HKLM\~\startupfolder\^ntuser.pol]

path=\ntuser.pol

 

[HKLM\~\startupfolder\^PrivacIE.rar]

path=\PrivacIE.rar

 

[HKLM\~\startupfolder\^process.exe]

path=\process.exe

 

[HKLM\~\startupfolder\^rebuilt.Menu Iniciar.rar]

path=\rebuilt.Menu Iniciar.rar

 

[HKLM\~\startupfolder\^rebuilt.UserData.rar]

path=\rebuilt.UserData.rar

 

[HKLM\~\startupfolder\^run2.hax]

path=\run2.hax

 

[HKLM\~\startupfolder\^settings.dat]

path=\settings.dat

 

[HKLM\~\startupfolder\^swsc.exe]

path=\swsc.exe

 

[HKLM\~\startupfolder\^tool_en.log]

path=\tool_en.log

 

[HKLM\~\startupfolder\^UserData.rar]

path=\UserData.rar

 

[HKLM\~\startupfolder\^vfind.exe]

path=\vfind.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- d:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 03:20 15360 ----a-w- d:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]

2005-01-19 19:34 128000 ----a-w- d:\arquivos de programas\CursorXP\CursorXP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

2008-11-04 04:44 435096 ------w- d:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 01:12 3872080 ----a-w- d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 14:44 248552 ----a-w- d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"GoogleDesktopManager-060409-093314"=3 (0x3)

"ZeppelinService"=2 (0x2)

"idsvc"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Arquivos de programas\\Arquivos comuns\\opera.exe"=

"d:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Opera\\opera.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/9/2009 13:11 142864]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/9/2009 13:10 41744]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/3/2005 12:00 277504]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [3/5/2010 15:00 135336]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/9/2009 13:11 100368]

R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [18/5/2010 20:28 111248]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/3/2007 02:00 30032]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-08-30 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

mWindow Title =

IE: E&xportar para o Microsoft Excel

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR

FF - component: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: d:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-30 09:28

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\.Default\Software\Stardock\WindowBlinds\WB5.ini\Installed]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\Microsoft.MSN.MCC.USNJSVC.1\CLSID]

@DACL=(02 0000)

@="{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}"

 

[HKEY_LOCAL_MACHINE\software\Classes\MSN.V2SDeviceHandler\CLSID]

@DACL=(02 0000)

@="{D74C0C0E-14F3-402C-9379-3E2BD0BF5D06}"

 

[HKEY_LOCAL_MACHINE\software\Classes\MSN.V2SDeviceHandler\CurVer]

@DACL=(02 0000)

@="MSN.V2SDeviceHandler.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\MSN.V2SDeviceHandler.1\CLSID]

@DACL=(02 0000)

@="{D74C0C0E-14F3-402C-9379-3E2BD0BF5D06}"

 

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.Dialer\CLSID]

@DACL=(02 0000)

@="{6E2200B4-7C9E-44C6-96A3-F904A7AB8880}"

 

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.Dialer\CurVer]

@DACL=(02 0000)

@="pcsexe.Dialer.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.Dialer.1\CLSID]

@DACL=(02 0000)

@="{6E2200B4-7C9E-44C6-96A3-F904A7AB8880}"

 

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.MessengerDialer\CLSID]

@DACL=(02 0000)

@="{81C63250-607F-4e79-9FCB-F756C16C5AB9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.MessengerDialer\CurVer]

@DACL=(02 0000)

@="pcsexe.Dialer.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.MessengerDialer.1\CLSID]

@DACL=(02 0000)

@="{81C63250-607F-4e79-9FCB-F756C16C5AB9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.PstnOut\CLSID]

@DACL=(02 0000)

@="{630ED07B-04A5-4AB9-A73B-FD94F34D5F09}"

 

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.PstnOut\CurVer]

@DACL=(02 0000)

@="pcsexe.PstnOut.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.PstnOut.1\CLSID]

@DACL=(02 0000)

@="{630ED07B-04A5-4AB9-A73B-FD94F34D5F09}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Dialer\CLSID]

@DACL=(02 0000)

@="{72770783-9801-43c4-9E1F-9084BAE210CF}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Dialer\CurVer]

@DACL=(02 0000)

@="Softphone.Dialer.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Dialer.1\CLSID]

@DACL=(02 0000)

@="{72770783-9801-43c4-9E1F-9084BAE210CF}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.DialerWindow\CLSID]

@DACL=(02 0000)

@="{37E192CB-B5C5-4487-9D66-2550B6F57B7A}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.DialerWindow\CurVer]

@DACL=(02 0000)

@="Softphone.DialerWindow.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.DialerWindow.1\CLSID]

@DACL=(02 0000)

@="{37E192CB-B5C5-4487-9D66-2550B6F57B7A}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Error\CLSID]

@DACL=(02 0000)

@="{C2F86E32-3AD2-42f1-94F2-D7E0414F2C10}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Error\CurVer]

@DACL=(02 0000)

@="Softphone.Error.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Error.1\CLSID]

@DACL=(02 0000)

@="{C2F86E32-3AD2-42f1-94F2-D7E0414F2C10}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneContact\CLSID]

@DACL=(02 0000)

@="{52C92B9C-B117-4AC5-AD94-A6D8604608BB}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneContact\CurVer]

@DACL=(02 0000)

@="Softphone.PhoneContact.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneContact.1\CLSID]

@DACL=(02 0000)

@="{52C92B9C-B117-4AC5-AD94-A6D8604608BB}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneNumber\CLSID]

@DACL=(02 0000)

@="{B0C5F2DF-5D4B-4DBC-888E-D96E971B57F4}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneNumber\CurVer]

@DACL=(02 0000)

@="Softphone.PhoneNumber.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneNumber.1\CLSID]

@DACL=(02 0000)

@="{B0C5F2DF-5D4B-4DBC-888E-D96E971B57F4}"

 

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupJob\CLSID]

@DACL=(02 0000)

@="{9B38B1AC-C774-46AB-AD99-0C19871F0714}"

 

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupJob\CurVer]

@DACL=(02 0000)

@="WindowsLive.SetupJob.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupJob.1\CLSID]

@DACL=(02 0000)

@="{9B38B1AC-C774-46AB-AD99-0C19871F0714}"

 

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupService\CLSID]

@DACL=(02 0000)

@="{585D47D2-CF74-4869-BF4E-DF5662504F11}"

 

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupService\CurVer]

@DACL=(02 0000)

@="WindowsLive.SetupService.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupService.1\CLSID]

@DACL=(02 0000)

@="{585D47D2-CF74-4869-BF4E-DF5662504F11}"

 

[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedCompression.1\CLSID]

@DACL=(02 0000)

@="{4C836512-BB70-11D2-A5A7-00105A9C91C6}"

 

[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedCompression.1\Insertable]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedZip.4\CLSID]

@DACL=(02 0000)

@="{DB797690-40E0-11D2-9BD5-0060082AE372}"

 

[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedZip.4\Insertable]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1044)

d:\windows\system32\sfc_os.dll

d:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(1100)

d:\windows\system32\psbase.dll

.

Tempo para conclusão: 2010-08-30 09:30:49

ComboFix-quarantined-files.txt 2010-08-30 09:30

ComboFix2.txt 2010-08-28 12:15

ComboFix3.txt 2010-08-27 14:29

ComboFix4.txt 2010-08-27 03:23

ComboFix5.txt 2010-08-30 09:20

 

Pré-execução: 16 pasta(s) 39.791.591.424 bytes disponíveis

Pós execução: 17 pasta(s) 39.952.416.768 bytes disponíveis

 

- - End Of File - - 05BFAB89396AB00DE9F3D251ABE4C75B

[Renato Utsch 24]

Olá!

 

Por favor siga o tutorial abaixo e execute o Kaspersky Removal Tool (KRT). Poste o log gerado.

 

Tutorial do Kasperksy Virus Removal Tool

 

Abraços :D

[EDSSX 0]

Boa noite !

 

 

Segue :

 

Autoscan: completed 5 minutes ago (events: 2, objects: 65248, time: 01:20:11)

30/8/2010 19:53:03 Task started

30/8/2010 21:13:14 Task completed

 

 

 

Obrigado e abraços

[Renato Utsch 24]

Olá!

 

Então o log está limpo!

 

 

~> Como está o computador?

 

_________________________________________________

 

Desinstale o ComboFix acessando Iniciar > Executar e digitando: ComboFix /uninstall

 

_________________________________________________

 

Abraços :D

[EDSSX 0]

Bom dia !

 

 

Está bem o meu sistema . Pode encerrar o tópico .

 

 

 

Mais uma vez obrigado pela tua atenção e abraços

[EDSSX 0]

Boa tarde !

 

Desculpe o flood; mas a opção editar não constava mais aqui . Este(s) diretório(s)d:\windows\assembly\NativeImages; cfe. logo infra e cfe. consta também em log do combofix ( já postado neste tópico;Postou 28 agosto 2010 - 12:40 )são maléficos ao pc ? Pois um arquivo consta que foi corrompido e pede - se para fazer o scandisk; ao faze - lo; consta que estes diretórios não são válidos e tuas entradas serão truncadas . Entretanto não apareçendo mais no log do combofix, antes mesmo de executar o scandisk . Mas estão no sistema ainda. Não podem ser rootkits ?

 

 

 

((((((((((((((((((((((((((((( SnapShot_2010-08-28_03.14.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-29 17:16 . 2010-08-27 21:12 41812 d:\windows\system32\Restore\rstrlog.dat

- 2010-08-26 13:03 . 2010-08-26 13:03 37888 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll

+ 2010-08-27 14:21 . 2010-08-27 14:21 37888 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll

+ 2010-08-27 03:20 . 2010-08-27 03:20 82944 d:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll

- 2010-08-26 13:01 . 2010-08-26 13:01 82944 d:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll

- 2010-08-26 13:00 . 2010-08-26 13:00 14336 d:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe

+ 2010-08-27 03:19 . 2010-08-27 03:19 14336 d:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe

- 2010-08-26 13:00 . 2010-08-26 13:00 25600 d:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll

+ 2010-08-27 03:19 . 2010-08-27 03:19 25600 d:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll

+ 2010-08-27 03:22 . 2010-08-27 03:22 141312 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll

- 2010-08-26 13:03 . 2010-08-26 13:03 141312 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll

+ 2010-08-27 14:21 . 2010-08-27 14:21 633856 d:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll

- 2010-08-26 13:03 . 2010-08-26 13:03 633856 d:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll

+ 2010-08-27 03:20 . 2010-08-27 03:20 365056 d:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6fb23d3e6d501b9d34792df0b83eb66d\SMSvcHost.ni.exe

- 2010-08-26 13:01 . 2010-08-26 13:01 365056 d:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6fb23d3e6d501b9d34792df0b83eb66d\SMSvcHost.ni.exe

- 2010-08-26 13:01 . 2010-08-26 13:01 386560 d:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f66db4c34c67e97471d904466012625e\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2010-08-27 03:20 . 2010-08-27 03:20 386560 d:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f66db4c34c67e97471d904466012625e\Microsoft.Transactions.Bridge.Dtc.ni.dll

- 2010-08-26 13:00 . 2010-08-26 13:00 220672 d:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll

+ 2010-08-27 03:19 . 2010-08-27 03:19 220672 d:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll

- 2010-08-26 13:01 . 2010-08-26 13:01 405504 d:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\30d2c5f89fad1f947d6e9666e57919ea\ComSvcConfig.ni.exe

+ 2010-08-27 03:20 . 2010-08-27 03:20 405504 d:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\30d2c5f89fad1f947d6e9666e57919ea\ComSvcConfig.ni.exe

+ 2010-08-27 03:20 . 2010-08-27 03:20 7949824 d:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll

- 2010-08-26 13:01 . 2010-08-26 13:01 7949824 d:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll

+ 2010-08-27 14:22 . 2010-08-27 14:22 1356288 d:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\5254fba10ac1499ed48806ad736272ce\System.WorkflowServices.ni.dll

- 2010-08-26 13:04 . 2010-08-26 13:04 1356288 d:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\5254fba10ac1499ed48806ad736272ce\System.WorkflowServices.ni.dll

+ 2010-08-27 03:23 . 2010-08-27 03:23 2403328 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f9265c92f94e8b52bbabb1383a7885ce\System.Web.Extensions.ni.dll

- 2010-08-26 13:03 . 2010-08-26 13:03 2403328 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f9265c92f94e8b52bbabb1383a7885ce\System.Web.Extensions.ni.dll

+ 2010-08-27 03:21 . 2010-08-27 03:21 1328128 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\65edb47c04cf393973d39a87f7a0725a\System.Data.Services.ni.dll

- 2010-08-26 13:02 . 2010-08-26 13:02 1328128 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\65edb47c04cf393973d39a87f7a0725a\System.Data.Services.ni.dll

+ 2010-08-27 03:20 . 2010-08-27 03:20 2295296 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\b07f7f5dd13eb6b401700dab7c3a172f\System.Core.ni.dll

- 2010-08-26 13:02 . 2010-08-26 13:02 2295296 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\b07f7f5dd13eb6b401700dab7c3a172f\System.Core.ni.dll

- 2010-08-26 13:01 . 2010-08-26 13:01 1093120 d:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\a87fcbf75690d729fd2f2b16651d605d\Microsoft.Transactions.Bridge.ni.dll

+ 2010-08-27 03:20 . 2010-08-27 03:20 1093120 d:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\a87fcbf75690d729fd2f2b16651d605d\Microsoft.Transactions.Bridge.ni.dll

- 2010-08-26 13:03 . 2010-08-26 13:03 11797504 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll

+ 2010-08-27 03:22 . 2010-08-27 03:22 11797504 d:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

 

 

Abraços

[Renato Utsch 24]

Olá!

 

Vamos conferir.

 

Faça o Download do GMER e salve no seu Desktop.

 

• Extraia/tire do zip o arquivo para uma pasta própria.
  
• Feito isso, desligue o PC da Internet e feche todos os programas.
  
• Existe uma pequena hipótese desta aplicação desligar o seu PC. Por isso, salve qualquer trabalho que tenha aberto.
  
• Clique duas vezes em
  
• Se lhe for perguntado, permita que o driver gmer.sys seja rodado.
  
• Se receber um aviso acerca de atividade de rootkit e se quer fazer um scan clique em NO.
  
• Clique nas setas ao lado de Rootkit/Malware
  
• No lado direito (debaixo de file, desmarque todos os drives exceto os seus discos, usualmente o C:\).
  
• Certifique-se que todas as outras caixas, do lado direito do ecrã estejam marcadas, EXCETO para Show All
  
• Clique em Scan e aguarde que o scan seja efetuado.
  
• Nota: Antes do scan, certifique-se que todos os outros programas estejam fechados. Também não use o computador durante o scan.
  
• Quando terminar, clique no botão Copiar e depois clique com o botão direito no seu Desktop, escolha Novo e depois -> Documento de Texto.
  
• Ao ter criado o arquivo, abra-o e novamente botão direito do mouse clique Colar ou Ctrl+V.
  
• Não se esqueça de colorir as linhas que aparecerem em vermelho com a tag [ color=red]linha que apareceu em vermelho[/color] (sem o espaço entre [ e color).
  
• Salve o arquivo como gmer.txt e poste o conteúdo em sua próxima resposta.
  
• Nota: Caso tenha problemas, tente executar o GMER em Modo Seguro (apertando F8, ou F5 em alguns computadores enquanto o computador liga)
  
• Importante! Por favor não marque a caixa "Show all" durante o scan.

 

 

Abraços :D

[EDSSX 0]

Bom dia ! Lord Evil

 

 

Segue o log do gmer :

 

 

 

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-01 10:55:01

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\pxtdapoc.sys

 

 

---- User code sections - GMER 1.0.15 ----

 

.text D:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetCursor 7E37A91B 5 Bytes JMP 10001080 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\WINDOWS\Explorer.EXE[1460] USER32.dll!DrawIconEx 7E37CB84 5 Bytes JMP 10001120 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\WINDOWS\Explorer.EXE[1460] USER32.dll!GetIconInfo 7E37D427 5 Bytes JMP 10001030 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1592] USER32.dll!GetCursor 7E37A91B 5 Bytes JMP 03A11080 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1592] USER32.dll!DrawIconEx 7E37CB84 5 Bytes JMP 03A11120 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1592] USER32.dll!GetIconInfo 7E37D427 5 Bytes JMP 03A11030 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Mozilla Firefox\firefox.exe[1716] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 D:\Arquivos de programas\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text D:\Arquivos de programas\Mozilla Firefox\firefox.exe[1716] USER32.dll!GetCursor 7E37A91B 5 Bytes JMP 04341080 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Mozilla Firefox\firefox.exe[1716] USER32.dll!DrawIconEx 7E37CB84 5 Bytes JMP 04341120 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Mozilla Firefox\firefox.exe[1716] USER32.dll!GetIconInfo 7E37D427 5 Bytes JMP 04341030 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 2 para gmer.zip\gmer.exe[1880] USER32.dll!GetCursor 7E37A91B 5 Bytes JMP 10001080 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 2 para gmer.zip\gmer.exe[1880] USER32.dll!DrawIconEx 7E37CB84 5 Bytes JMP 10001120 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\DOCUME~1\EDSOML~1\CONFIG~1\Temp\Diretório temporário 2 para gmer.zip\gmer.exe[1880] USER32.dll!GetIconInfo 7E37D427 5 Bytes JMP 10001030 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\WINDOWS\system32\osk.exe[2700] USER32.dll!GetCursor 7E37A91B 5 Bytes JMP 10001080 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\WINDOWS\system32\osk.exe[2700] USER32.dll!DrawIconEx 7E37CB84 5 Bytes JMP 10001120 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\WINDOWS\system32\osk.exe[2700] USER32.dll!GetIconInfo 7E37D427 5 Bytes JMP 10001030 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe[3416] USER32.dll!GetCursor 7E37A91B 5 Bytes JMP 01631080 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe[3416] USER32.dll!DrawIconEx 7E37CB84 5 Bytes JMP 01631120 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe[3416] USER32.dll!GetIconInfo 7E37D427 5 Bytes JMP 01631030 D:\Arquivos de programas\CursorXP\CurXP0.dll (CursorXP control panel/ )

.text D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe[3416] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1044721D D:\Arquivos de programas\Mozilla Firefox\xul.dll (Mozilla Foundation)

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SOFTWARE\Classes\Microsoft.MSN.MCC.USNJSVC.1\CLSID@ {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Reg HKLM\SOFTWARE\Classes\MSN.V2SDeviceHandler\CLSID@ {D74C0C0E-14F3-402C-9379-3E2BD0BF5D06}

Reg HKLM\SOFTWARE\Classes\MSN.V2SDeviceHandler\CurVer@ MSN.V2SDeviceHandler.1

Reg HKLM\SOFTWARE\Classes\MSN.V2SDeviceHandler.1\CLSID@ {D74C0C0E-14F3-402C-9379-3E2BD0BF5D06}

Reg HKLM\SOFTWARE\Classes\pcsexe.Dialer\CLSID@ {6E2200B4-7C9E-44C6-96A3-F904A7AB8880}

Reg HKLM\SOFTWARE\Classes\pcsexe.Dialer\CurVer@ pcsexe.Dialer.1

Reg HKLM\SOFTWARE\Classes\pcsexe.Dialer.1\CLSID@ {6E2200B4-7C9E-44C6-96A3-F904A7AB8880}

Reg HKLM\SOFTWARE\Classes\pcsexe.MessengerDialer\CLSID@ {81C63250-607F-4e79-9FCB-F756C16C5AB9}

Reg HKLM\SOFTWARE\Classes\pcsexe.MessengerDialer\CurVer@ pcsexe.Dialer.1

Reg HKLM\SOFTWARE\Classes\pcsexe.MessengerDialer.1\CLSID@ {81C63250-607F-4e79-9FCB-F756C16C5AB9}

Reg HKLM\SOFTWARE\Classes\pcsexe.PstnOut\CLSID@ {630ED07B-04A5-4AB9-A73B-FD94F34D5F09}

Reg HKLM\SOFTWARE\Classes\pcsexe.PstnOut\CurVer@ pcsexe.PstnOut.1

Reg HKLM\SOFTWARE\Classes\pcsexe.PstnOut.1\CLSID@ {630ED07B-04A5-4AB9-A73B-FD94F34D5F09}

Reg HKLM\SOFTWARE\Classes\Softphone.Dialer\CLSID@ {72770783-9801-43c4-9E1F-9084BAE210CF}

Reg HKLM\SOFTWARE\Classes\Softphone.Dialer\CurVer@ Softphone.Dialer.1

Reg HKLM\SOFTWARE\Classes\Softphone.Dialer.1\CLSID@ {72770783-9801-43c4-9E1F-9084BAE210CF}

Reg HKLM\SOFTWARE\Classes\Softphone.DialerWindow\CLSID@ {37E192CB-B5C5-4487-9D66-2550B6F57B7A}

Reg HKLM\SOFTWARE\Classes\Softphone.DialerWindow\CurVer@ Softphone.DialerWindow.1

Reg HKLM\SOFTWARE\Classes\Softphone.DialerWindow.1\CLSID@ {37E192CB-B5C5-4487-9D66-2550B6F57B7A}

Reg HKLM\SOFTWARE\Classes\Softphone.Error\CLSID@ {C2F86E32-3AD2-42f1-94F2-D7E0414F2C10}

Reg HKLM\SOFTWARE\Classes\Softphone.Error\CurVer@ Softphone.Error.1

Reg HKLM\SOFTWARE\Classes\Softphone.Error.1\CLSID@ {C2F86E32-3AD2-42f1-94F2-D7E0414F2C10}

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneContact\CLSID@ {52C92B9C-B117-4AC5-AD94-A6D8604608BB}

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneContact\CurVer@ Softphone.PhoneContact.1

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneContact.1\CLSID@ {52C92B9C-B117-4AC5-AD94-A6D8604608BB}

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneNumber\CLSID@ {B0C5F2DF-5D4B-4DBC-888E-D96E971B57F4}

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneNumber\CurVer@ Softphone.PhoneNumber.1

Reg HKLM\SOFTWARE\Classes\Softphone.PhoneNumber.1\CLSID@ {B0C5F2DF-5D4B-4DBC-888E-D96E971B57F4}

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupJob\CLSID@ {9B38B1AC-C774-46AB-AD99-0C19871F0714}

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupJob\CurVer@ WindowsLive.SetupJob.1

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupJob.1\CLSID@ {9B38B1AC-C774-46AB-AD99-0C19871F0714}

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupService\CLSID@ {585D47D2-CF74-4869-BF4E-DF5662504F11}

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupService\CurVer@ WindowsLive.SetupService.1

Reg HKLM\SOFTWARE\Classes\WindowsLive.SetupService.1\CLSID@ {585D47D2-CF74-4869-BF4E-DF5662504F11}

Reg HKLM\SOFTWARE\Classes\XceedSoftware.XceedCompression.1\CLSID@ {4C836512-BB70-11D2-A5A7-00105A9C91C6}

Reg HKLM\SOFTWARE\Classes\XceedSoftware.XceedZip.4\CLSID@ {DB797690-40E0-11D2-9BD5-0060082AE372}

 

---- EOF - GMER 1.0.15 ----

 

 

Obrigado e abraços

[Renato Utsch 24]

Se não havia nenhuma linha vermelha, não haviam rootkits.

 

Seu sistema está limpo. Deve ser uma questão de otimização e limpeza geral. Já testou programas como o Advanced System Care 3 e o MVReg Clean?

 

Abraços :D

[EDSSX 0]

Bom dia !

 

 

Sim sempre rodo estes programas aqui em meu pc; inclusive anteriormente vossa pessoa me instruiu à executar o do Marcos Velasco neste tópico .

 

Sendo assim; tando limpo; pode encerrar o tópico .

 

Obrigado mais uma vez pela tua atenção e abraços

[Renato Utsch 24]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.