[Resolvido] &nbspMensagem para reiniciar o sistema a cada 15 minutos

[astronautalouco 0]

Boa noite moderadores,

 

Além do problema relacionado no título do tópico, existe também um problema na navegação que fica lenta quando se abre o navegador, sendo o explorer ou o mozilla.

 

Segue log hijackthis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:45:39, on 13/2/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

c:\firebird\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\SYSTEM\HpServ.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\sistray.exe

c:\firebird\bin\fbserver.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.160

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [OSD] C:\Arquivos de programas\C&E\OSD\osd.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Arquivos de programas\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [RealPlayer0] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - c:\firebird\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - c:\firebird\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: HP S&P Authorization Service (srvcHP2) - SQUADRA Tecnologia - C:\WINDOWS\SYSTEM\HpServ.exe

 

--

End of file - 8585 bytes

[wings 22]

Olá astronautalouco

 

 

A mensagem informa algo além de solicitar a inicialização?

 

 

*Faça um scan online com o NOD32

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

[astronautalouco 0]

beleza... wings

 

 

quanto a sua pergunta

 

Não, aparece uma mensagem apenas para reiniciar, quando reinicio, pede de novo.

após o scan parou de pedir para reiniciar!

 

 

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=e64bc4dbf0ed3e45b574656102954d5a

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-02-20 03:33:08

# local_time=2011-02-20 12:33:08 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=770 16774141 100 100 11247994 74002910 0 0

# compatibility_mode=1024 16777215 100 0 13509306 13509306 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=86817

# found=2

# cleaned=2

# scan_time=4953

C:\Documents and Settings\Jones\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\23\4b3c5ed7-123b70f7 Java/Agent.AA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\autorun.in Win32/Tifaut.C worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

[wings 22]

1.

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

 

2.

*Baixe o ERUNT e salve-o no desktop

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

3.

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Aceite a instalação do Console de Recuperação do Microsoft Windows, caso não esteja instalado

*Aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas!!

*Cole o relatório apresentado

[astronautalouco 0]

Segue relatório do combofix.

 

ComboFix 11-02-21.01 - Jones 21/02/2011 23:26:57.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1917.1377 [GMT -3:00]

Executando de: c:\documents and settings\Jones\Meus documentos\Transferências\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Fonts\barras2.ttf

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-22 to 2011-02-22 ))))))))))))))))))))))))))))

.

 

2011-02-22 02:04 . 2011-02-22 02:04 -------- d-----w- C:\erunt

2011-02-20 13:45 . 2011-02-20 13:45 -------- d-----w- c:\arquivos de programas\ESET

2011-02-13 02:38 . 2011-02-13 02:38 388608 ----a-w- C:\HiJackThis.exe

2011-02-12 00:41 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-02-12 00:41 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-02-12 00:41 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-02-12 00:41 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-02-12 00:41 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-02-12 00:41 . 2010-05-06 10:34 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-02-12 00:41 . 2010-05-06 10:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-02-09 13:22 . 2011-02-09 13:31 -------- d-----w- C:\GENESIS

2011-02-09 13:01 . 2011-02-09 13:19 -------- d-----w- C:\JESUS

2011-01-29 11:59 . 2011-02-13 00:03 -------- d-----w- c:\windows\ie8updates

2011-01-29 02:29 . 2011-01-29 02:29 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2011-01-29 02:29 . 2011-01-29 02:29 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2011-01-29 02:29 . 2011-01-29 02:29 59888 ------w- c:\windows\system32\pxwma.dll

2011-01-29 01:20 . 2011-01-29 01:20 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

2011-01-29 01:20 . 2011-01-29 01:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2011-01-29 01:20 . 2011-01-29 01:20 150712 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

2011-01-29 01:20 . 2011-01-29 01:20 100864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-12 02:21 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2011-01-29 02:29 . 2005-10-26 20:12 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys

2010-11-29 19:38 . 2010-11-29 19:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 19:38 . 2010-11-29 19:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-06-25 53248]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-02 630784]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"CloneDVDElbyDelay"="c:\arquivos de programas\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-01-29 273544]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-16 262144]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Ahead\\Nero ShowTime\\ShowTime.exe"=

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/10/2010 15:44 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/10/2010 15:44 17744]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?]

R2 hpinst;hpinst;c:\windows\system32\drivers\hpinst.sys [14/8/2009 14:44 7296]

R2 srvcHP2;HP S&P Authorization Service;c:\windows\system\HpServ.exe [21/7/2004 04:02 691200]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?]

S0 lxdyskdz;lxdyskdz;c:\windows\system32\drivers\lxdyskdz.sys --> c:\windows\system32\drivers\lxdyskdz.sys [?]

S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [14/7/2010 20:57 81920]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/9/2010 17:42 136176]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16/7/2009 09:51 264576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2011-02-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

 

2011-02-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

 

2011-02-22 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-09-17 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.10.160

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Jones\Dados de aplicativos\Mozilla\Firefox\Profiles\sb2s2u71.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-21 23:29

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

Tempo para conclusão: 2011-02-21 23:31:13

ComboFix-quarantined-files.txt 2011-02-22 02:31

ComboFix2.txt 2011-02-22 02:14

ComboFix3.txt 2010-09-23 02:24

 

Pré-execução: 36 pasta(s) 13.405.224.960 bytes disponíveis

Pós execução: 37 pasta(s) 13.385.449.472 bytes disponíveis

 

- - End Of File - - 10CCA497D8CFB9629F53006EE07045CC

[wings 22]

*Baixe o SystemLook e salve-o no desktop

*Execute-o e cole o código no espaço em branco:

:file

c:\windows\system32\drivers\lxdyskdz.sys

*Clique [Look]

*Cole o relatório apresentado

[astronautalouco 0]

Executei o prog. e apareceu assim:

 

c:/documentsandsettings/jones/Desktop/systemlook.exe não é um aplicativo win32 válido.

 

Ou se escolho outro usuário com senha própria não identifica a senha nem o usuário.

[wings 22]

Delete-o e baixe novamente. É possível que esteja corrompido. Caso a mensagem apareça novamente...

 

 

*Abra o bloco de notas e cole nele o código abaixo:

FileLook::

c:\windows\system32\drivers\lxdyskdz.sys

*Salve o arquivo no desktop como CFScript.txt

*Arraste-o para o Combofix conforme ilustração abaixo:

 

 

*Enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

 

*Cole o relatório apresentado

[astronautalouco 0]

Relatório do SystemLook:

 

SystemLook 04.09.10 by jpshortstuff

Log created at 22:43 on 24/02/2011 by Jones

Administrator - Elevation successful

 

========== file ==========

 

c:\windows\system32\drivers\lxdyskdz.sys - Unable to find/read file.

 

-= EOF =-

 

Relatório do Combofix:

 

ComboFix 11-02-21.01 - Jones 24/02/2011 22:59:39.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1917.1406 [GMT -3:00]

Executando de: c:\documents and settings\Jones\Meus documentos\Transferências\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Jones\Desktop\CFScript.txt.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Criado um novo ponto de restauração

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-25 to 2011-02-25 ))))))))))))))))))))))))))))

.

 

2011-02-22 02:04 . 2011-02-22 02:04 -------- d-----w- C:\erunt

2011-02-13 02:38 . 2011-02-13 02:38 388608 ----a-w- C:\HiJackThis.exe

2011-02-12 00:41 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-02-12 00:41 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-02-12 00:41 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-02-12 00:41 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-02-12 00:41 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-02-12 00:41 . 2010-05-06 10:34 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-02-12 00:41 . 2010-05-06 10:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-02-09 13:22 . 2011-02-09 13:31 -------- d-----w- C:\GENESIS

2011-02-09 13:01 . 2011-02-09 13:19 -------- d-----w- C:\JESUS

2011-01-29 11:59 . 2011-02-13 00:03 -------- d-----w- c:\windows\ie8updates

2011-01-29 02:29 . 2011-01-29 02:29 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2011-01-29 02:29 . 2011-01-29 02:29 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2011-01-29 02:29 . 2011-01-29 02:29 59888 ------w- c:\windows\system32\pxwma.dll

2011-01-29 01:20 . 2011-01-29 01:20 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

2011-01-29 01:20 . 2011-01-29 01:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2011-01-29 01:20 . 2011-01-29 01:20 150712 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

2011-01-29 01:20 . 2011-01-29 01:20 100864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-12 02:21 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2011-01-29 02:29 . 2005-10-26 20:12 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys

2010-11-29 19:38 . 2010-11-29 19:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 19:38 . 2010-11-29 19:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

 

((((((((((((((((((((((((((((( SnapShot@2011-02-22_02.12.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-25 01:29 . 2011-02-25 01:29 16384 c:\windows\temp\Perflib_Perfdata_77c.dat

- 2011-02-22 01:43 . 2011-02-22 01:43 16384 c:\windows\temp\Perflib_Perfdata_77c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-06-25 53248]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-02 630784]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"CloneDVDElbyDelay"="c:\arquivos de programas\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-01-29 273544]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-16 262144]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Ahead\\Nero ShowTime\\ShowTime.exe"=

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/10/2010 15:44 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/10/2010 15:44 17744]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?]

R2 hpinst;hpinst;c:\windows\system32\drivers\hpinst.sys [14/8/2009 14:44 7296]

R2 srvcHP2;HP S&P Authorization Service;c:\windows\system\HpServ.exe [21/7/2004 04:02 691200]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?]

S0 lxdyskdz;lxdyskdz;c:\windows\system32\drivers\lxdyskdz.sys --> c:\windows\system32\drivers\lxdyskdz.sys [?]

S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [14/7/2010 20:57 81920]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/9/2010 17:42 136176]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16/7/2009 09:51 264576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2011-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

 

2011-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

 

2011-02-25 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-09-17 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.10.160

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Jones\Dados de aplicativos\Mozilla\Firefox\Profiles\sb2s2u71.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-24 23:04

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1292)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

Tempo para conclusão: 2011-02-24 23:05:43

ComboFix-quarantined-files.txt 2011-02-25 02:05

ComboFix2.txt 2011-02-22 02:31

ComboFix3.txt 2011-02-22 02:14

ComboFix4.txt 2010-09-23 02:24

 

Pré-execução: 36 pasta(s) 13.420.019.712 bytes disponíveis

Pós execução: 37 pasta(s) 13.408.141.312 bytes disponíveis

 

- - End Of File - - 2F44217AA76218D970F16D5E8363998E

[wings 22]

1.

*Delete o SystemLook e seu relatório

 

2.

*Abra o bloco de notas e cole nele o código abaixo:

File::

c:\windows\system32\drivers\lxdyskdz.sys

Driver::

lxdyskdz

*Salve o arquivo no desktop como CFScript.txt

*Arraste-o para o Combofix conforme ilustração abaixo:

 

 

*Enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

 

*Cole o relatório apresentado

[astronautalouco 0]

Então...

 

Quando o combofix reiniciou a maquina, o spybot notificou uma mudança, algo sobre alterando o value...ou sei lá o quê não deu para ver direito logo a mensagem sumiu. Quando executei o combofix a primeira vez também deu esta notificação e mais três. Não sei se isso é normal, mas achei que era pertinente informar.

 

Segue log combofix:

 

ComboFix 11-02-21.01 - Jones 24/02/2011 23:53:03.7.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1917.1365 [GMT -3:00]

Executando de: c:\documents and settings\Jones\Meus documentos\Transferências\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Jones\Desktop\CFScript.txt.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

FILE ::

"c:\windows\system32\drivers\lxdyskdz.sys"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_lxdyskdz

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-25 to 2011-02-25 ))))))))))))))))))))))))))))

.

 

2011-02-22 02:04 . 2011-02-22 02:04 -------- d-----w- C:\erunt

2011-02-13 02:38 . 2011-02-13 02:38 388608 ----a-w- C:\HiJackThis.exe

2011-02-12 00:41 . 2010-05-06 10:34 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-02-12 00:41 . 2010-05-06 10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-02-12 00:41 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-02-12 00:41 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-02-12 00:41 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-02-12 00:41 . 2010-05-06 10:34 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-02-12 00:41 . 2010-05-06 10:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-02-09 13:22 . 2011-02-09 13:31 -------- d-----w- C:\GENESIS

2011-02-09 13:01 . 2011-02-09 13:19 -------- d-----w- C:\JESUS

2011-01-29 11:59 . 2011-02-13 00:03 -------- d-----w- c:\windows\ie8updates

2011-01-29 02:29 . 2011-01-29 02:29 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2011-01-29 02:29 . 2011-01-29 02:29 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2011-01-29 02:29 . 2011-01-29 02:29 59888 ------w- c:\windows\system32\pxwma.dll

2011-01-29 01:20 . 2011-01-29 01:20 11776 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

2011-01-29 01:20 . 2011-01-29 01:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2011-01-29 01:20 . 2011-01-29 01:20 150712 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

2011-01-29 01:20 . 2011-01-29 01:20 100864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-12 02:21 . 2009-09-09 12:44 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2011-01-29 02:29 . 2005-10-26 20:12 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys

2010-11-29 19:38 . 2010-11-29 19:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 19:38 . 2010-11-29 19:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

 

((((((((((((((((((((((((((((( SnapShot@2011-02-22_02.12.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-25 02:56 . 2011-02-25 02:56 16384 c:\windows\temp\Perflib_Perfdata_794.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [bU]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"RealPlayer0"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-01-29 273544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-06-25 53248]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-02 630784]

"Picasa Media Detector"="c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"CloneDVDElbyDelay"="c:\arquivos de programas\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]

"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-01-29 273544]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-16 262144]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Ahead\\Nero ShowTime\\ShowTime.exe"=

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/10/2010 15:44 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/10/2010 15:44 17744]

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [14/7/2010 20:57 81920]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?]

R2 hpinst;hpinst;c:\windows\system32\drivers\hpinst.sys [14/8/2009 14:44 7296]

R2 srvcHP2;HP S&P Authorization Service;c:\windows\system\HpServ.exe [21/7/2004 04:02 691200]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/9/2010 17:42 136176]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16/7/2009 09:51 264576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-04 20:42]

 

2011-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

 

2011-02-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1060284298-725345543-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-01-24 16:25]

 

2011-02-25 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-09-17 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.10.160

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Jones\Dados de aplicativos\Mozilla\Firefox\Profiles\sb2s2u71.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-24 23:57

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(960)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

c:\firebird\bin\fbguard.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

c:\windows\system32\wdfmgr.exe

c:\firebird\bin\fbserver.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Tempo para conclusão: 2011-02-25 00:00:13 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-02-25 03:00

ComboFix2.txt 2011-02-25 02:05

ComboFix3.txt 2011-02-22 02:31

ComboFix4.txt 2011-02-22 02:14

ComboFix5.txt 2011-02-25 02:52

 

Pré-execução: 36 pasta(s) 13.431.414.784 bytes disponíveis

Pós execução: 37 pasta(s) 13.353.226.240 bytes disponíveis

 

- - End Of File - - ED4EA3DAC028498473006CE1161D7E72

[wings 22]

OK...log limpo.

 

 

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

 

*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

 

 

Um abraço.

[astronautalouco 0]

Valeu Wings

 

Muito obrigado,

 

um grande abç.

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.