[Resolvido] &nbsp[Reaberto] &nbspNet caindo

EDSSX · Outubro 22, 2010

Boa tarde !

Aqui a internet está caindo; reinicio o pc e volta ao normal e lenta, porém cai a conexão novamente. Isto está aconteçendo desde que injetei um pen drive na porta dianteira da máquina e constando o erro :

Uploaded with ImageShack.us

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:09:59, on 22/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

D:\WINDOWS\system32\msiexec.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

D:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [DWQueuedReporting] "D:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

--

End of file - 4250 bytes

Obrigado desde já .

Renato Utsch · Outubro 23, 2010

Olá!

Seja bem vindo (novamente) à seção de Remoção de Malwares do IMasters.

Por favor siga as instruções abaixo:

Faça o Download do DDS e salve no Desktop (Área de trabalho).

Temporariamente desative os seus programas de proteção.
Duplo clique em dds.scr.
Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
Salve o resultado e cole-o no seu tópico.

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

Abraços :D

EDSSX · Outubro 23, 2010

Boa noite ! Lord Evil

Segue os logs :

DDS (Ver_10-10-21.02) - FAT32x86

Run by edsom luis at 21:04:12,14 on sáb 23/10/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.141 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

D:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

D:\Arquivos de programas\CursorXP\CursorXP.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Documents and Settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\explorer.exe

D:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

D:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

mWindow Title =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CursorXP] d:\arquivos de programas\cursorxp\CursorXP.exe

uRun: [msnmsgr] "d:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [Google Update] "d:\documents and settings\edsom luis\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

mRun: [sunJavaUpdateSched] "d:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRunOnce: [CleanSetup] cmd /C rmdir /S /Q "d:\documents and settings\edsom luis\configurações locais\temp\nro.tmp\"

IE: E&xportar para o Microsoft Excel

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\arquivos de programas\messenger\msmsgs.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\izozpjim.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR

FF - component: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: d:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\documents and settings\edsom luis\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - d:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - d:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2010-10-20 11608]

R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 142864]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41744]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]

R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2010-10-2 56816]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 100368]

R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2010-5-18 111248]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]

S2 AntiVirService;Avira AntiVir Guard;d:\arquivos de programas\avira\antivir desktop\AVGUARD.EXE [2010-10-20 185089]

S4 AntiVirSchedulerService;Avira AntiVir Programador;d:\arquivos de programas\avira\antivir desktop\sched.exe [2010-10-20 108289]

=============== Created Last 30 ================

2010-10-23 18:10:43 -------- d-----w- d:\docume~1\edsoml~1\dadosd~1\Ashampoo

2010-10-23 18:10:19 -------- d-----w- d:\docume~1\edsoml~1\config~1\dadosd~1\ashampoo

2010-10-23 18:10:19 -------- d-----w- d:\docume~1\alluse~1\dadosd~1\ashampoo

2010-10-23 18:09:36 -------- d-----w- d:\arquivos de programas\Ashampoo

2010-10-23 17:32:01 -------- d-----w- d:\docume~1\edsoml~1\config~1\dadosd~1\OpenCandy

2010-10-23 17:31:57 -------- d-----w- d:\docume~1\edsoml~1\dadosd~1\OpenCandy

2010-10-20 20:06:34 -------- d-sh--w- D:\Recycled

2010-10-20 06:20:42 -------- d-----w- d:\windows\system32\wbem\repository\FS

2010-10-20 06:20:42 -------- d-----w- d:\windows\system32\wbem\Repository

2010-10-04 15:38:56 537842 ----a-w- D:\HaxFix.exe

2010-10-02 23:59:59 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2010-10-02 23:59:54 -------- d-----w- d:\docume~1\alluse~1\dadosd~1\Avira

2010-10-02 23:59:54 -------- d-----w- d:\arquivos de programas\Avira

2010-10-02 23:28:11 -------- d-----w- d:\arquivos de programas\CCleaner

2010-10-02 00:56:21 -------- d-----w- D:\5b31f40140d3ae08527336f0

2010-10-02 00:32:34 -------- d-----w- D:\Recycled(3)

==================== Find3M ====================

2010-09-18 14:23:20 974848 ----a-w- d:\windows\system32\mfc42u.dll

2010-09-18 05:53:20 974848 ------w- d:\windows\system32\mfc42.dll

2010-09-18 05:53:20 954368 ----a-w- d:\windows\system32\mfc40.dll

2010-09-18 05:53:20 953856 ------w- d:\windows\system32\mfc40u.dll

2010-09-16 15:02:10 219648 ----a-w- d:\windows\system32\uxtheme.dll

2010-09-15 06:50:38 472808 ----a-w- d:\windows\system32\deployJava1.dll

2010-09-15 04:29:50 73728 ----a-w- d:\windows\system32\javacpl.cpl

2010-09-10 04:51:14 916480 ----a-w- d:\windows\system32\wininet.dll

2010-09-10 04:51:10 43520 ----a-w- d:\windows\system32\licmgr10.dll

2010-09-10 04:51:10 1469440 ----a-w- d:\windows\system32\InetCpl.cpl

2010-09-01 10:52:24 285824 ----a-w- d:\windows\system32\atmfd.dll

2010-09-01 06:57:20 1852928 ----a-w- d:\windows\system32\win32k.sys

2010-08-27 07:03:08 119808 ----a-w- d:\windows\system32\t2embed.dll

2010-08-27 04:53:36 99840 ----a-w- d:\windows\system32\srvsvc.dll

2010-08-27 00:43:50 5120 ----a-w- d:\windows\system32\xpsp4res.dll

2010-08-23 15:12:00 617472 ----a-w- d:\windows\system32\comctl32.dll

2010-08-17 12:17:06 58880 ----a-w- d:\windows\system32\spoolsv.exe

2010-08-16 07:45:00 590848 ----a-w- d:\windows\system32\rpcrt4.dll

2009-11-20 21:01:18 832296 ------w- d:\arquivos de programas\arquivos comuns\opera.exe

2009-11-20 21:01:16 4450088 ------w- d:\arquivos de programas\arquivos comuns\opera.dll

2009-11-20 21:00:42 20480 ------w- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll

2009-11-20 21:00:24 653419 ------w- d:\arquivos de programas\arquivos comuns\encoding.bin

2009-06-17 16:41:58 3870 ----a-w- d:\arquivos de programas\arquivos comuns\lngcode.txt.vir

2009-03-08 16:09:26 510816 --sha-w- d:\windows\niwradsoft shell pack\backup\iexplore.exe

============= FINISH: 21:05:24,65 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Professional

Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x453ff2a00+1

Install Date: 19/9/2007 10:51:37

System Uptime: 23/10/2010 09:02:44 (10 hours ago)

Motherboard: ECS | | M825G

Processor: AMD Sempron 2400+ | Socket-A | 1668/166mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (FAT32) - 17 GiB total, 10,428 GiB free.

D: is FIXED (FAT32) - 59 GiB total, 27,336 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: RADEON 9200 PRO Family (Microsoft Corporation)

Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

Manufacturer: ATI Technologies Inc.

Name: RADEON 9200 PRO Family (Microsoft Corporation)

PNP Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008

Service: ati2mtag

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: RADEON 9200 PRO SEC Family (Microsoft Corporation)

Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

Manufacturer: ATI Technologies Inc.

Name: RADEON 9200 PRO SEC Family (Microsoft Corporation)

PNP Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108

Service: ati2mtag

Class GUID:

Description:

Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Manufacturer:

Name:

PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0

Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Manufacturer:

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E

Service:

==== System Restore Points ===================

RP202: 23/10/2010 13:05:39 - LCCD LM

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2 - Português

Apple Application Support

Apple Software Update

Ashampoo Burning Studio 10.0.4

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB2378111)

Atualização de Segurança para o Windows Media Player (KB975558)

Atualização de Segurança para o Windows Media Player (KB978695)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 8 (KB2183461)

Atualização de Segurança para Windows Internet Explorer 8 (KB2360131)

Atualização de Segurança para Windows Internet Explorer 8 (KB969897)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB974455)

Atualização de Segurança para Windows Internet Explorer 8 (KB976325)

Atualização de Segurança para Windows Internet Explorer 8 (KB978207)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows Internet Explorer 8 (KB982381)

Atualização de Segurança para Windows XP (KB2079403)

Atualização de Segurança para Windows XP (KB2115168)

Atualização de Segurança para Windows XP (KB2121546)

Atualização de Segurança para Windows XP (KB2160329)

Atualização de Segurança para Windows XP (KB2229593)

Atualização de Segurança para Windows XP (KB2259922)

Atualização de Segurança para Windows XP (KB2279986)

Atualização de Segurança para Windows XP (KB2286198)

Atualização de Segurança para Windows XP (KB2296011)

Atualização de Segurança para Windows XP (KB2347290)

Atualização de Segurança para Windows XP (KB2360937)

Atualização de Segurança para Windows XP (KB2387149)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB975562)

Atualização de Segurança para Windows XP (KB978542)

Atualização de Segurança para Windows XP (KB979482)

Atualização de Segurança para Windows XP (KB979559)

Atualização de Segurança para Windows XP (KB979687)

Atualização de Segurança para Windows XP (KB980195)

Atualização de Segurança para Windows XP (KB980218)

Atualização de Segurança para Windows XP (KB980436)

Atualização de Segurança para Windows XP (KB981322)

Atualização de Segurança para Windows XP (KB981852)

Atualização de Segurança para Windows XP (KB981957)

Atualização de Segurança para Windows XP (KB981997)

Atualização de Segurança para Windows XP (KB982132)

Atualização de Segurança para Windows XP (KB982214)

Atualização de Segurança para Windows XP (KB982665)

Atualização de Segurança para Windows XP (KB982802)

Atualização para Windows Internet Explorer 8 (KB973874)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows Internet Explorer 8 (KB976749)

Atualização para Windows Internet Explorer 8 (KB980182)

Atualização para Windows XP (KB2141007)

Atualização para Windows XP (KB2345886)

Avira AntiVir Personal - Free Antivirus

BrOffice.org 3.1

C-Media WDM Audio Driver

CCleaner

CursorXP

EVEREST Home Edition v2.20

Ferramenta de Carregamento do Windows Live

Gadwin PrintScreen

Google Chrome

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix para Windows XP (KB2158563)

Hotfix para Windows XP (KB981793)

Java Auto Updater

Java 6 Update 22

K-Meleon 1.5.4 en-US (remove only)

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Speech Recognition Engine 4.0 (English)

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6.10)

MSVCRT

MSXML 4.0 SP2 (KB973688)

Opera 10.63

Revo Uninstaller 1.90

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Segoe UI

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

você 9.0 Runtime

VIA Rhine-Family Fast-Ethernet Adapter

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format 11 runtime

XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

Abraços

Renato Utsch · Outubro 25, 2010

Olá!

Por favor, delete o ComboFix.exe do seu desktop, baixe um novo clicando aqui, e execute novamente o mesmo, seguindo as instruções do tópico abaixo:

#### Como usar o ComboFix ####

Abraços :D

EDSSX · Outubro 25, 2010

Boa noite

Segue :

ComboFix 10-10-24.06 - edsom luis 25/10/2010 20:43.65.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.281 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-26 to 2010-10-26 ))))))))))))))))))))))))))))

.

2010-10-26 03:44 . 2009-11-07 03:07 297808 ----a-w- d:\windows\system32\TBD26E.tmp

2010-10-23 18:10 . 2010-10-23 18:10 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Ashampoo

2010-10-23 18:10 . 2010-10-23 18:10 -------- d-----w- d:\documents and settings\edsom luis\Configurações locais\Dados de aplicativos\ashampoo

2010-10-23 18:10 . 2010-10-23 18:10 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\ashampoo

2010-10-23 18:09 . 2010-10-23 18:09 -------- d-----w- d:\arquivos de programas\Ashampoo

2010-10-23 17:32 . 2010-10-23 17:32 -------- d-----w- d:\documents and settings\edsom luis\Configurações locais\Dados de aplicativos\OpenCandy

2010-10-23 17:31 . 2010-10-23 17:31 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\OpenCandy

2010-10-20 06:20 . 2010-10-20 06:20 -------- d-----w- d:\windows\system32\wbem\Repository

2010-10-04 15:38 . 2010-04-04 15:04 537842 ----a-w- D:\HaxFix.exe

2010-10-02 23:59 . 2009-11-25 14:19 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys

2010-10-02 23:59 . 2009-03-30 12:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys

2010-10-02 23:59 . 2009-02-13 14:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys

2010-10-02 23:59 . 2009-02-13 14:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys

2010-10-02 23:59 . 2010-10-02 23:59 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira

2010-10-02 23:59 . 2010-10-02 23:59 -------- d-----w- d:\arquivos de programas\Avira

2010-10-02 23:28 . 2010-10-02 23:28 -------- d-----w- d:\arquivos de programas\CCleaner

2010-10-02 00:56 . 2010-10-02 00:56 -------- d-----w- D:\5b31f40140d3ae08527336f0

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 14:23 . 2004-08-04 09:45 974848 ----a-w- d:\windows\system32\mfc42u.dll

2010-09-18 05:53 . 2004-08-04 09:45 974848 ------w- d:\windows\system32\mfc42.dll

2010-09-18 05:53 . 2001-10-28 20:06 954368 ----a-w- d:\windows\system32\mfc40.dll

2010-09-18 05:53 . 2001-10-28 20:06 953856 ------w- d:\windows\system32\mfc40u.dll

2010-09-16 15:02 . 2004-08-04 09:45 219648 ----a-w- d:\windows\system32\uxtheme.dll

2010-09-15 06:50 . 2010-04-17 23:33 472808 ----a-w- d:\windows\system32\deployJava1.dll

2010-09-15 04:29 . 2010-08-28 19:03 73728 ----a-w- d:\windows\system32\javacpl.cpl

2010-09-10 04:51 . 2004-08-04 09:45 916480 ----a-w- d:\windows\system32\wininet.dll

2010-09-10 04:51 . 2004-08-04 09:45 1469440 ----a-w- d:\windows\system32\InetCpl.cpl

2010-09-10 04:51 . 2004-08-04 09:45 43520 ----a-w- d:\windows\system32\licmgr10.dll

2010-09-01 10:52 . 2004-08-04 09:44 285824 ----a-w- d:\windows\system32\atmfd.dll

2010-09-01 06:57 . 2004-08-04 09:38 1852928 ----a-w- d:\windows\system32\win32k.sys

2010-08-27 07:03 . 2004-08-04 09:45 119808 ----a-w- d:\windows\system32\t2embed.dll

2010-08-27 04:53 . 2004-08-04 09:45 99840 ----a-w- d:\windows\system32\srvsvc.dll

2010-08-27 00:43 . 2009-04-17 11:45 5120 ----a-w- d:\windows\system32\xpsp4res.dll

2010-08-26 12:39 . 2004-08-04 08:14 357248 ----a-w- d:\windows\system32\drivers\srv.sys

2010-08-23 15:12 . 2004-08-04 09:45 617472 ----a-w- d:\windows\system32\comctl32.dll

2010-08-17 12:17 . 2004-08-04 09:45 58880 ----a-w- d:\windows\system32\spoolsv.exe

2010-08-16 07:45 . 2004-08-04 09:45 590848 ----a-w- d:\windows\system32\rpcrt4.dll

2009-11-20 21:01 . 2009-11-20 21:01 832296 ------w- d:\arquivos de programas\Arquivos comuns\opera.exe

2009-11-20 21:01 . 2009-11-20 21:01 4450088 ------w- d:\arquivos de programas\Arquivos comuns\opera.dll

2009-11-20 21:00 . 2009-11-20 21:00 20480 ------w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll

2009-11-20 21:00 . 2009-11-20 21:00 653419 ------w- d:\arquivos de programas\Arquivos comuns\encoding.bin

2009-06-17 16:41 . 2009-06-17 16:41 3870 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt.vir

2009-03-08 16:09 510816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

.

------- Sigcheck -------

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe

[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\WINLOGON.EXE

[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2010-04-28 . 17266497E25E5864AAE5A6779F67046B . 2354304 . . [5.1.2600.5973] . . d:\windows\system32\ntoskrnl.exe

[7] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . d:\windows\ERDNT\cache\ntoskrnl.exe

[7] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

[-] 2010-04-28 . 17266497E25E5864AAE5A6779F67046B . 2354304 . . [5.1.2600.5973] . . d:\windows\ServicePackFiles\i386\ntoskrnl.exe

[7] 2010-04-28 . 2B14801C5D196E8BEC3EA573B3B2DA44 . 2194304 . . [5.1.2600.5973] . . d:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe

[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\$NtUninstallKB981852$\ntoskrnl.exe

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\USER32.DLL

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\explorer.exe

[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . d:\windows\ERDNT\cache\explorer.exe

[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\explorer.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe

[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\ctfmon.exe

[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2010-04-29 . AA06D29D46C992CF620C6FE8037123E9 . 2231296 . . [5.1.2600.5973] . . d:\windows\system32\ntkrnlpa.exe

[7] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . d:\windows\ERDNT\cache\ntkrnlpa.exe

[7] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

[-] 2010-04-29 . AA06D29D46C992CF620C6FE8037123E9 . 2231296 . . [5.1.2600.5973] . . d:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[7] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . d:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe

[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\$NtUninstallKB981852$\ntkrnlpa.exe

[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe

[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . d:\windows\ServicePackFiles\i386\iexplore.exe

[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . d:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe

[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . d:\windows\ie8\iexplore.exe

[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . d:\windows\ie7updates\KB961260-IE7\iexplore.exe

[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . d:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe

[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . d:\windows\ie7updates\KB958215-IE7\iexplore.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CursorXP"="d:\arquivos de programas\CursorXP\CursorXP.exe" [2005-01-19 128000]

"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Google Update"="d:\documents and settings\edsom luis\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-10-19 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"DWQueuedReporting"="d:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^K-Meleon Loader.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_15.01.2010_15-37.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_18.02.2010_16-03.lnk]

[HKLM\~\startupfolder\^.mjsync_pt_BR]

path=\.mjsync_pt_BR

[HKLM\~\startupfolder\^catchme.exe]

path=\catchme.exe

[HKLM\~\startupfolder\^Desktop.rar]

path=\Desktop.rar

[HKLM\~\startupfolder\^dumphive.exe]

path=\dumphive.exe

[HKLM\~\startupfolder\^Favoritos.rar]

path=\Favoritos.rar

[HKLM\~\startupfolder\^haxoth2.txt]

path=\haxoth2.txt

[HKLM\~\startupfolder\^ipconfig]

path=\ipconfig

[HKLM\~\startupfolder\^Items.xml]

path=\Items.xml

[HKLM\~\startupfolder\^md5file.exe]

path=\md5file.exe

[HKLM\~\startupfolder\^moveex.exe]

path=\moveex.exe

[HKLM\~\startupfolder\^NTUSER.DAT]

path=\ntuser.dat

[HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt]

path=\NTUSER.DAT.bak_jv16pt

[HKLM\~\startupfolder\^ntuser.dat.LOG]

path=\ntuser.dat.LOG

[HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG]

path=\NTUSER.DAT.tmp.LOG

[HKLM\~\startupfolder\^ntuser.ini]

path=\ntuser.ini

[HKLM\~\startupfolder\^ntuser.pol]

path=\ntuser.pol

[HKLM\~\startupfolder\^PrivacIE.rar]

path=\PrivacIE.rar

[HKLM\~\startupfolder\^process.exe]

path=\process.exe

[HKLM\~\startupfolder\^rebuilt.Menu Iniciar.rar]

path=\rebuilt.Menu Iniciar.rar

[HKLM\~\startupfolder\^rebuilt.UserData.rar]

path=\rebuilt.UserData.rar

[HKLM\~\startupfolder\^run2.hax]

path=\run2.hax

[HKLM\~\startupfolder\^settings.dat]

path=\settings.dat

[HKLM\~\startupfolder\^swsc.exe]

path=\swsc.exe

[HKLM\~\startupfolder\^tool_en.log]

path=\tool_en.log

[HKLM\~\startupfolder\^UserData.rar]

path=\UserData.rar

[HKLM\~\startupfolder\^vfind.exe]

path=\vfind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 06:47 35760 ----a-w- d:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2009-03-02 15:08 209153 ----a-w- d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 02:20 40448 ----a-w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]

2005-01-19 18:34 128000 ----a-w- d:\arquivos de programas\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

2008-11-04 03:44 435096 ------w- d:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 00:12 3872080 ----a-w- d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 13:44 248552 ----a-w- d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"GoogleDesktopManager-060409-093314"=3 (0x3)

"ZeppelinService"=2 (0x2)

"idsvc"=3 (0x3)

"AntiVirSchedulerService"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Arquivos de programas\\Arquivos comuns\\opera.exe"=

"d:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\Opera\\opera.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/9/2009 13:11 142864]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/9/2009 13:10 41744]

R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/3/2005 12:00 277504]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/9/2009 13:11 100368]

R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [18/5/2010 20:28 111248]

R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/3/2007 02:00 30032]

S3 TMPassthruMP;TMPassthruMP;d:\windows\system32\DRIVERS\TMPassthru.sys --> d:\windows\system32\DRIVERS\TMPassthru.sys [?]

S4 AntiVirSchedulerService;Avira AntiVir Programador;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [20/10/2010 02:12 108289]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-10-25 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job

- d:\windows\system32\msfeedssync.exe [2007-08-13 06:31]

.

------- Scan Suplementar -------

.

mWindow Title =

IE: E&xportar para o Microsoft Excel

FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR

FF - component: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: d:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-25 20:58

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\.Default\Software\Stardock\WindowBlinds\WB5.ini\Installed]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Microsoft.MSN.MCC.USNJSVC.1\CLSID]

@DACL=(02 0000)

@="{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}"

[HKEY_LOCAL_MACHINE\software\Classes\MSN.V2SDeviceHandler\CLSID]

@DACL=(02 0000)

@="{D74C0C0E-14F3-402C-9379-3E2BD0BF5D06}"

[HKEY_LOCAL_MACHINE\software\Classes\MSN.V2SDeviceHandler\CurVer]

@DACL=(02 0000)

@="MSN.V2SDeviceHandler.1"

[HKEY_LOCAL_MACHINE\software\Classes\MSN.V2SDeviceHandler.1\CLSID]

@DACL=(02 0000)

@="{D74C0C0E-14F3-402C-9379-3E2BD0BF5D06}"

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.Dialer\CLSID]

@DACL=(02 0000)

@="{6E2200B4-7C9E-44C6-96A3-F904A7AB8880}"

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.Dialer\CurVer]

@DACL=(02 0000)

@="pcsexe.Dialer.1"

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.Dialer.1\CLSID]

@DACL=(02 0000)

@="{6E2200B4-7C9E-44C6-96A3-F904A7AB8880}"

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.MessengerDialer\CLSID]

@DACL=(02 0000)

@="{81C63250-607F-4e79-9FCB-F756C16C5AB9}"

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.MessengerDialer\CurVer]

@DACL=(02 0000)

@="pcsexe.Dialer.1"

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.MessengerDialer.1\CLSID]

@DACL=(02 0000)

@="{81C63250-607F-4e79-9FCB-F756C16C5AB9}"

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.PstnOut\CLSID]

@DACL=(02 0000)

@="{630ED07B-04A5-4AB9-A73B-FD94F34D5F09}"

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.PstnOut\CurVer]

@DACL=(02 0000)

@="pcsexe.PstnOut.1"

[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.PstnOut.1\CLSID]

@DACL=(02 0000)

@="{630ED07B-04A5-4AB9-A73B-FD94F34D5F09}"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Dialer\CLSID]

@DACL=(02 0000)

@="{72770783-9801-43c4-9E1F-9084BAE210CF}"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Dialer\CurVer]

@DACL=(02 0000)

@="Softphone.Dialer.1"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Dialer.1\CLSID]

@DACL=(02 0000)

@="{72770783-9801-43c4-9E1F-9084BAE210CF}"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.DialerWindow\CLSID]

@DACL=(02 0000)

@="{37E192CB-B5C5-4487-9D66-2550B6F57B7A}"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.DialerWindow\CurVer]

@DACL=(02 0000)

@="Softphone.DialerWindow.1"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.DialerWindow.1\CLSID]

@DACL=(02 0000)

@="{37E192CB-B5C5-4487-9D66-2550B6F57B7A}"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Error\CLSID]

@DACL=(02 0000)

@="{C2F86E32-3AD2-42f1-94F2-D7E0414F2C10}"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Error\CurVer]

@DACL=(02 0000)

@="Softphone.Error.1"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Error.1\CLSID]

@DACL=(02 0000)

@="{C2F86E32-3AD2-42f1-94F2-D7E0414F2C10}"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneContact\CLSID]

@DACL=(02 0000)

@="{52C92B9C-B117-4AC5-AD94-A6D8604608BB}"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneContact\CurVer]

@DACL=(02 0000)

@="Softphone.PhoneContact.1"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneContact.1\CLSID]

@DACL=(02 0000)

@="{52C92B9C-B117-4AC5-AD94-A6D8604608BB}"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneNumber\CLSID]

@DACL=(02 0000)

@="{B0C5F2DF-5D4B-4DBC-888E-D96E971B57F4}"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneNumber\CurVer]

@DACL=(02 0000)

@="Softphone.PhoneNumber.1"

[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneNumber.1\CLSID]

@DACL=(02 0000)

@="{B0C5F2DF-5D4B-4DBC-888E-D96E971B57F4}"

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupJob\CLSID]

@DACL=(02 0000)

@="{9B38B1AC-C774-46AB-AD99-0C19871F0714}"

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupJob\CurVer]

@DACL=(02 0000)

@="WindowsLive.SetupJob.1"

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupJob.1\CLSID]

@DACL=(02 0000)

@="{9B38B1AC-C774-46AB-AD99-0C19871F0714}"

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupService\CLSID]

@DACL=(02 0000)

@="{585D47D2-CF74-4869-BF4E-DF5662504F11}"

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupService\CurVer]

@DACL=(02 0000)

@="WindowsLive.SetupService.1"

[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupService.1\CLSID]

@DACL=(02 0000)

@="{585D47D2-CF74-4869-BF4E-DF5662504F11}"

[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedCompression.1\CLSID]

@DACL=(02 0000)

@="{4C836512-BB70-11D2-A5A7-00105A9C91C6}"

[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedCompression.1\Insertable]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedZip.4\CLSID]

@DACL=(02 0000)

@="{DB797690-40E0-11D2-9BD5-0060082AE372}"

[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedZip.4\Insertable]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1060)

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\sfc_os.dll

d:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1120)

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(1824)

d:\windows\system32\WININET.dll

d:\windows\system32\COMRes.dll

d:\windows\System32\cscui.dll

d:\windows\system32\LINKINFO.dll

d:\windows\system32\ntshrui.dll

d:\windows\system32\msi.dll

d:\arquivos de programas\CursorXP\CurXP0.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

d:\windows\system32\NETSHELL.dll

d:\windows\system32\credui.dll

.

Tempo para conclusão: 2010-10-25 04:51:00

ComboFix-quarantined-files.txt 2010-10-25 06:50

ComboFix2.txt 2010-10-20 20:05

ComboFix3.txt 2010-10-02 22:55

Pré-execução: 17 pasta(s) 30.334.484.480 bytes disponíveis

Pós execução: 20 pasta(s) 30.377.771.008 bytes disponíveis

- - End Of File - - EBF2F8E36FCFBE848B91DAE2A278D613

Renato Utsch · Outubro 26, 2010

Olá!

Conecte todas suas mídias removíveis e re-execute o ComboFix.

Abraços :D

EDSSX · Outubro 26, 2010

Boa tarde !

Segue o log :

ComboFix 10-10-19.04 - edsom luis 26/10/2010 13:16:52.63.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.304 [GMT -3:00]

Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-27 to 2010-10-27 ))))))))))))))))))))))))))))

.

2010-10-26 06:20 . 2010-10-26 06:20 -------- d-----w- d:\windows\system32\wbem\Repository

2010-10-12 23:57 . 2010-09-18 05:53 954368 ------w- d:\windows\system32\dllcache\mfc40.dll

2010-10-12 23:57 . 2010-09-18 05:53 974848 ------w- d:\windows\system32\dllcache\mfc42.dll

2010-10-12 23:57 . 2010-09-18 05:53 953856 ------w- d:\windows\system32\dllcache\mfc40u.dll

2010-10-12 23:56 . 2010-08-23 15:12 617472 ------w- d:\windows\system32\dllcache\comctl32.dll