[Resolvido] &nbspNotebook - Vírus

karoline ferreira · Maio 11, 2011

Olá por favor tem alguem que possa verificar esse Logfile..Obrigada

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:15 , on 11/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe

C:\Arquivos de programas\NetRatingsNetSight\NetSight\NielsenUpdate.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\C&E\OSD\osd.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Nero\Nero 9\InCD\InCD.exe

C:\Arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\NetRatingsNetSight\NetSight\NielsenOnline.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.21.30.116:3127

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [OSD] C:\Arquivos de programas\C&E\OSD\osd.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 9\InCD\InCD.exe

O4 - HKLM\..\Run: [NBHGui] C:\Arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NielsenOnline] C:\Arquivos de programas\NetRatingsNetSight\NetSight\NielsenOnline.exe

O4 - HKLM\..\Run: [updateReminder] C:\Arquivos de programas\Eset\UpdateReminder.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: ClipSrv - Unknown owner - C:\WINDOWS\system32\clipsrv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe

O23 - Service: Nielsen Update (NielsenUpdate) - The Nielsen Company - C:\Arquivos de programas\NetRatingsNetSight\NetSight\NielsenUpdate.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--

End of file - 7454 bytes

Renato Utsch · Maio 11, 2011

Olá! Seja bem vinda à seção de Remoção de Malwares do IMasters Fórums!

Por favor, siga as instruções abaixo:

Faça o Download do DDS e salve no Desktop (Área de trabalho).

Temporariamente desative os seus programas de proteção.
Duplo clique em dds.scr.
Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
Salve o resultado e cole-o no seu tópico.

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

Abraços :D

karoline ferreira · Maio 11, 2011

Olá! Seja bem vinda à seção de Remoção de Malwares do IMasters Fórums!

Por favor, siga as instruções abaixo:

Faça o Download do DDS e salve no Desktop (Área de trabalho).

Temporariamente desative os seus programas de proteção.

Duplo clique em dds.scr.

Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!

Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.

Salve o resultado e cole-o no seu tópico.

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

Abraços :D

Olá os Resultados do DDS

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Administrador at 16:40:51,29 on qua 11/05/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.893.501 [GMT -3:00]

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

svchost.exe

C:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe

C:\Arquivos de programas\NetRatingsNetSight\NetSight\NielsenUpdate.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\C&E\OSD\osd.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Nero\Nero 9\InCD\InCD.exe

C:\Arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\NetRatingsNetSight\NetSight\NielsenOnline.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Administrador\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.br/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = 129.21.30.116:3127

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [nod32kui] "c:\arquivos de programas\eset\nod32kui.exe" /WAITSERVICE

mRun: [skyTel] SkyTel.EXE

mRun: [OSD] c:\arquivos de programas\c&e\osd\osd.exe

mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [synTPEnh] c:\arquivos de programas\synaptics\syntp\SynTPEnh.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [inCD] c:\arquivos de programas\nero\nero 9\incd\InCD.exe

mRun: [NBHGui] c:\arquivos de programas\nero\nero 9\incd\NBHGui.exe

mRun: [EPSON Stylus C45 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

mRun: [ink Monitor] c:\arquivos de programas\epson\ink monitor\InkMonitor.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRun: [NielsenOnline] c:\arquivos de programas\netratingsnetsight\netsight\NielsenOnline.exe

mRun: [updateReminder] c:\arquivos de programas\eset\UpdateReminder.exe

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - c:\windows\system32\sistray.exe

uPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: HideRunAsVerb = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\windows\system32\imon.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll

STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\f4v8fqe4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2836015&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=

FF - plugin: c:\arquivos de programas\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\documents and settings\administrador\configuraã§ãµes locais\dados de aplicativos\unity\webplayer\loader\npUnity3D32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2010-9-20 15360]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2010-7-28 15424]

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\arquivos de programas\nero\nero 9\incd\NBHRegInCDSrv.exe [2008-9-19 108568]

R2 NielsenUpdate;Nielsen Update;c:\arquivos de programas\netratingsnetsight\netsight\NielsenUpdate.exe [2011-4-14 303936]

R2 NOD32krn;NOD32 Kernel Service;c:\arquivos de programas\eset\nod32krn.exe [2010-7-28 552064]

R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2010-9-20 10368]

S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-9-19 136176]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-9-19 136176]

S3 NDISKIO;NDISKIO;\??\c:\docume~1\admini~1\config~1\temp\000003fd.nmc\nse\bin\ndiskio.sys --> c:\docume~1\admini~1\config~1\temp\000003fd.nmc\nse\bin\ndiskio.sys [?]

S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

.

=============== Created Last 30 ================

.

2011-05-11 15:35:04 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-05-11 15:35:04 -------- d-----w- c:\windows\system32\wbem\Repository

2011-05-11 09:10:05 -------- d-----w- c:\windows\system32\NtmsData

2011-05-06 13:18:15 781272 ----a-w- c:\arquivos de programas\mozilla firefox\mozsqlite3.dll

2011-05-06 13:18:14 89048 ----a-w- c:\arquivos de programas\mozilla firefox\libEGL.dll

2011-05-06 13:18:14 465880 ----a-w- c:\arquivos de programas\mozilla firefox\libGLESv2.dll

2011-05-06 13:18:14 1874904 ----a-w- c:\arquivos de programas\mozilla firefox\mozjs.dll

2011-05-06 13:18:14 15832 ----a-w- c:\arquivos de programas\mozilla firefox\mozalloc.dll

2011-05-06 13:18:13 1974616 ----a-w- c:\arquivos de programas\mozilla firefox\D3DCompiler_42.dll

2011-05-06 13:18:13 1892184 ----a-w- c:\arquivos de programas\mozilla firefox\d3dx9_42.dll

2011-05-06 13:18:13 142296 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

.

==================== Find3M ====================

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

1 ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\Harddisk0\DR0[0x84BCAAB8]

3 CLASSPNP[0xF7567FD7] -> ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\0000005d[0x84B489E8]

5 ACPI[0xF73FE620] -> ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\Ide\IdeDeviceP1T0L0-e[0x84B83D98]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

.

============= FINISH: 16:41:00,53 ===============

---------------------------------------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 28/7/2010 17:32:27

System Uptime: 11/5/2011 12:52:56 (4 hours ago)

.

Motherboard: OEM | | N/A

Processor: Processador Intel Pentium II | uPGA 479M | 2133/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 65,437 GiB free.

D: is Removable

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10190000&REV_1007\4&1EF75AB&1&0101

Manufacturer:

Name:

PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10190000&REV_1007\4&1EF75AB&1&0101

Service:

.

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: Nielsen USB GFX

Device ID: SW\{A44F6AD1-7F26-4D11-B300-3EFF57DAAA7F}\{9B365890-165F-11D0-A195-0020AFD156E4}

Manufacturer: Intelligraphics, Inc.

Name: Nielsen USB GFX

PNP Device ID: SW\{A44F6AD1-7F26-4D11-B300-3EFF57DAAA7F}\{9B365890-165F-11D0-A195-0020AFD156E4}

Service: NielGfx

.

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}

Description: Nielsen Patch Device

Device ID: ROOT\SYSTEM\0003

Manufacturer: (Standard system devices)

Name: Nielsen Patch Device

PNP Device ID: ROOT\SYSTEM\0003

Service: nielprt

.

==== System Restore Points ===================

.

RP182: 9/2/2011 00:39:42 - Operação de restauração

RP183: 9/2/2011 00:42:01 - Operação de restauração

RP184: 9/2/2011 00:44:24 - Operação de restauração

RP185: 11/2/2011 11:52:32 - Ponto de verificação do sistema

RP186: 12/2/2011 01:30:02 - Operação de restauração

RP187: 13/2/2011 15:04:05 - Ponto de verificação do sistema

RP188: 14/2/2011 16:41:49 - Ponto de verificação do sistema

RP189: 16/2/2011 09:01:10 - Ponto de verificação do sistema

RP190: 17/2/2011 09:30:16 - Ponto de verificação do sistema

RP191: 21/2/2011 14:55:54 - Ponto de verificação do sistema

RP192: 25/2/2011 07:46:17 - Removed Google Earth Plug-in.

RP193: 26/2/2011 14:04:45 - Ponto de verificação do sistema

RP194: 3/3/2011 13:16:24 - Ponto de verificação do sistema

RP195: 4/3/2011 17:40:12 - Instalado Java 6 Update 24

RP196: 7/3/2011 12:28:05 - Ponto de verificação do sistema

RP197: 10/3/2011 15:40:24 - Ponto de verificação do sistema

RP198: 14/3/2011 16:18:56 - Ponto de verificação do sistema

RP199: 15/3/2011 21:17:13 - Ponto de verificação do sistema

RP200: 18/3/2011 15:08:42 - Ponto de verificação do sistema

RP201: 20/3/2011 23:25:03 - Ponto de verificação do sistema

RP202: 25/3/2011 23:05:03 - Ponto de verificação do sistema

RP203: 27/3/2011 06:59:18 - Ponto de verificação do sistema

RP204: 29/3/2011 20:37:44 - Ponto de verificação do sistema

RP205: 30/3/2011 21:05:55 - Ponto de verificação do sistema

RP206: 2/4/2011 15:31:10 - Ponto de verificação do sistema

RP207: 3/4/2011 08:29:02 - Instalado Java 6 Update 24

RP208: 4/4/2011 09:21:41 - Ponto de verificação do sistema

RP209: 7/4/2011 07:28:51 - Ponto de verificação do sistema

RP210: 8/4/2011 16:52:19 - Ponto de verificação do sistema

RP211: 10/4/2011 14:25:49 - Ponto de verificação do sistema

RP212: 11/4/2011 18:31:24 - Ponto de verificação do sistema

RP213: 14/4/2011 10:48:17 - Ponto de verificação do sistema

RP214: 16/4/2011 08:44:43 - Ponto de verificação do sistema

RP215: 17/4/2011 10:12:18 - Ponto de verificação do sistema

RP216: 20/4/2011 10:18:09 - Ponto de verificação do sistema

RP217: 23/4/2011 13:56:18 - Ponto de verificação do sistema

RP218: 27/4/2011 11:17:25 - Removido iTunes

RP219: 30/4/2011 16:16:15 - Ponto de verificação do sistema

RP220: 3/5/2011 07:02:43 - Ponto de verificação do sistema

RP221: 7/5/2011 05:56:15 - Instalado Java 6 Update 24

RP222: 10/5/2011 18:01:01 - Ponto de verificação do sistema

RP223: 11/5/2011 12:27:28 - Operação de restauração

RP224: 11/5/2011 12:32:03 - Operação de restauração

RP225: 11/5/2011 12:33:19 - 08 de maio de 2011

RP226: 11/5/2011 12:33:51 - 07 de maio de 2011

RP227: 11/5/2011 12:34:44 - Operação de restauração

.

==== Installed Programs ======================

.

7-Zip 4.57

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Assistente de Conexão do Windows Live

µTorrent

Bonjour

CCleaner

DolbyFiles

EPSON PhotoQuicker3.5

Ferramenta de Carregamento do Windows Live

Foxit PDF Reader 2.3 Build 2825

GIMP 2.6.10

Google Update Helper

HP Image Zone Express

ImagXpress

InCD

Ink Monitor

Java Auto Updater

Java 6 Update 22

K-Lite Mega Codec Pack 5.4.4

Malwarebytes' Anti-Malware

Menu Templates - Starter Kit

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft XML Parser

Movie Templates - Starter Kit

Mozilla Firefox 4.0.1 (x86 pt-BR)

MSVCRT

Nero 8

Nero 9

Nero BurningROM

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DriveSpeed

Nero Express

Nero InfoTool

Nero Installer

Nero Live

Nero Live Help

Nero PhotoSnap

Nero Recode

Nero Rescue Agent

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero WaveEditor

NeroBurningROM

NeroExpress

neroxml

Nielsen

NOD32 FiX v2.1

NOD32 sistema antivírus

OSDInstall

QuickTime

Realtek High Definition Audio Driver

REALTEK RTL8187B Wireless LAN Driver

Realtek USB 2.0 Card Reader

Segoe UI

SiS VGA Utilities

SiSAGP driver

Software para Impressoras EPSON

SoundTrax

Synaptics Pointing Device Driver

The KMPlayer (remove only)

Unity Web Player

VCRedistSetup

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

.

==== End Of File ===========================

Prontinho....Abraços...Obrigada pela ajuda.... :clap:

Renato Utsch · Maio 14, 2011

Olá!

Por favor, siga as instruções abaixo:

Por favor, siga o tutorial no link abaixo:

#### Como usar o ComboFix ####

Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta.

Siga o tutorial e execute o ComboFix.
Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.

De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N".

Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.

Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

karoline ferreira · Maio 16, 2011

Olá tudo bom,agora meu notebook está apareceu outro problemas,toda vez agora que vou iniciar ele está demorando muito pra carregar e não estava assim,ele sempre carregou rapido,será que você também mim ajudar com esse problema,ou esse problema só em outro Tópico..

ComboFix 11-05-15.04 - Administrador 16/05/2011 7:16.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.893.511 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-04-16 to 2011-05-16 ))))))))))))))))))))))))))))

.

2011-05-11 15:35 . 2011-05-11 15:35 -------- d-----w- c:\windows\system32\wbem\Repository

2011-05-11 09:10 . 2011-05-11 09:12 -------- d-----w- c:\windows\system32\NtmsData

2011-05-06 13:18 . 2011-05-06 13:18 781272 ----a-w- c:\arquivos de programas\Mozilla Firefox\mozsqlite3.dll

2011-05-06 13:18 . 2011-05-06 13:18 1874904 ----a-w- c:\arquivos de programas\Mozilla Firefox\mozjs.dll

2011-05-06 13:18 . 2011-05-06 13:18 89048 ----a-w- c:\arquivos de programas\Mozilla Firefox\libEGL.dll

2011-05-06 13:18 . 2011-05-06 13:18 465880 ----a-w- c:\arquivos de programas\Mozilla Firefox\libGLESv2.dll

2011-05-06 13:18 . 2011-05-06 13:18 15832 ----a-w- c:\arquivos de programas\Mozilla Firefox\mozalloc.dll

2011-05-06 13:18 . 2011-05-06 13:18 1892184 ----a-w- c:\arquivos de programas\Mozilla Firefox\d3dx9_42.dll

2011-05-06 13:18 . 2011-05-06 13:18 1974616 ----a-w- c:\arquivos de programas\Mozilla Firefox\D3DCompiler_42.dll

2011-05-06 13:18 . 2011-05-06 13:18 142296 ----a-w- c:\arquivos de programas\Mozilla Firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-06 13:18 . 2011-05-06 13:18 142296 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

.

------- Sigcheck -------

.

[-] 2008-05-05 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

.

[-] 2008-05-05 . 4A242109B08C4355E72860807F151BF4 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

c:\windows\System32\drivers\beep.sys ... está faltando !!

c:\windows\System32\wscntfy.exe ... está faltando !!

c:\windows\System32\regsvc.dll ... está faltando !!

.

((((((((((((((((((((((((((((( SnapShot@2011-01-13_20.50.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-02 20:04 . 2005-05-10 22:48 67072 c:\windows\system32\spool\prtprocs\w32x86\hpzpp3xu.dll

+ 2011-02-02 20:04 . 2005-05-10 22:48 72192 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpzpr3xu.dll

+ 2011-02-02 20:04 . 2005-02-04 21:09 16384 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpfrs3xu.dll

+ 2011-02-02 20:04 . 2005-05-10 22:48 72192 c:\windows\system32\spool\drivers\w32x86\3\hpzpr3xu.dll

+ 2011-02-02 20:04 . 2005-02-04 21:09 16384 c:\windows\system32\spool\drivers\w32x86\3\hpfrs3xu.dll

- 2008-04-14 12:00 . 2010-12-09 11:13 43176 c:\windows\system32\perfc016.dat

+ 2008-04-14 12:00 . 2011-03-29 23:10 43176 c:\windows\system32\perfc016.dat

+ 2008-04-14 12:00 . 2011-03-29 23:10 35166 c:\windows\system32\perfc009.dat

- 2008-04-14 12:00 . 2010-12-09 11:13 35166 c:\windows\system32\perfc009.dat

+ 2011-04-05 20:13 . 2011-04-05 20:13 37876 c:\windows\system32\mlfcache.dat

+ 2010-10-07 15:23 . 2010-10-07 15:23 75040 c:\windows\system32\jdns_sd.dll

+ 2011-02-02 20:03 . 2004-09-29 14:09 57344 c:\windows\system32\HPZisn12.dll

+ 2011-02-02 20:03 . 2004-09-29 14:09 94208 c:\windows\system32\HPZipt12.dll

+ 2011-02-02 20:03 . 2004-09-29 14:14 69632 c:\windows\system32\HPZipm12.exe

+ 2011-02-02 20:03 . 2004-09-29 14:08 61440 c:\windows\system32\HPZinw12.exe

+ 2005-04-27 18:37 . 2005-04-27 18:37 77824 c:\windows\system32\hpzids01.dll

+ 2011-02-02 20:04 . 2005-05-10 22:49 37376 c:\windows\system32\hpz3l3xu.dll

+ 2011-04-05 19:51 . 2011-02-18 19:36 41984 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaapl.sys

+ 2011-04-05 19:51 . 2010-04-19 22:29 18432 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\netaapl.sys

+ 2011-04-05 19:55 . 2009-05-18 16:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys

+ 2005-03-08 11:52 . 2005-03-08 11:52 21744 c:\windows\system32\drivers\HPZius12.sys

+ 2005-03-08 11:52 . 2005-03-08 11:52 16496 c:\windows\system32\drivers\HPZipr12.sys

+ 2005-03-08 11:52 . 2005-03-08 11:52 51120 c:\windows\system32\drivers\HPZid412.sys

+ 2011-04-05 19:55 . 2009-05-18 16:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys

+ 2010-10-07 15:23 . 2010-10-07 15:23 91424 c:\windows\system32\dnssd.dll

+ 2011-04-25 08:45 . 2011-04-25 08:45 21504 c:\windows\Installer\dc160.msi

+ 2011-04-05 19:51 . 2011-04-05 19:51 27136 c:\windows\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe

+ 2010-07-28 22:49 . 2011-02-06 16:32 5632 c:\windows\system32\pndx5032.dll

- 2010-07-28 22:49 . 2009-11-09 18:00 5632 c:\windows\system32\pndx5032.dll

+ 2010-07-28 22:49 . 2011-02-06 16:32 6656 c:\windows\system32\pndx5016.dll

- 2010-07-28 22:49 . 2009-11-09 18:00 6656 c:\windows\system32\pndx5016.dll

+ 2011-02-02 20:07 . 2011-02-02 20:07 4286 c:\windows\Installer\{EA103B64-C0E4-4C0E-A506-751590E1653D}\Shortcut_start.9FAB98ED_2143_4534_9750_7CD4ECEB9596.exe

+ 2009-07-12 04:12 . 2009-07-12 04:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

+ 2009-07-12 04:09 . 2009-07-12 04:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll

+ 2009-07-12 04:08 . 2009-07-12 04:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll

+ 2011-02-02 20:04 . 2004-08-04 14:25 620544 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\UNIRES.DLL

+ 2011-02-02 20:04 . 2004-08-04 14:26 199168 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\UNIDRVUI.DLL

+ 2011-02-02 20:04 . 2004-08-04 14:26 264704 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\UNIDRV.DLL

+ 2011-02-02 20:04 . 2005-05-10 22:20 557056 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpzss3xu.dll

+ 2011-02-02 20:04 . 2005-05-10 22:48 515584 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpzev3xu.dll

+ 2011-02-02 20:04 . 2005-02-21 19:58 177152 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpfie3xu.dll

+ 2011-02-02 20:04 . 2004-06-29 17:06 659456 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpcdmc32.dll

+ 2011-02-02 18:24 . 2007-05-15 07:08 761344 c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL

+ 2011-02-02 18:24 . 2008-04-14 01:20 744448 c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL

+ 2011-02-02 18:24 . 2008-04-14 01:20 373248 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL

+ 2011-02-02 20:04 . 2005-05-10 22:20 557056 c:\windows\system32\spool\drivers\w32x86\3\hpzss3xu.dll

+ 2011-02-02 20:04 . 2005-05-10 22:48 515584 c:\windows\system32\spool\drivers\w32x86\3\hpzev3xu.dll

+ 2011-02-02 20:04 . 2005-02-21 19:58 177152 c:\windows\system32\spool\drivers\w32x86\3\hpfie3xu.dll

+ 2011-02-02 18:25 . 2001-09-06 05:48 132608 c:\windows\system32\spool\drivers\w32x86\3\HPDJRES.DLL

+ 2011-02-02 20:04 . 2004-06-29 17:06 659456 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll

- 2008-04-14 12:00 . 2010-12-09 11:13 329398 c:\windows\system32\perfh016.dat

+ 2008-04-14 12:00 . 2011-03-29 23:10 329398 c:\windows\system32\perfh016.dat

- 2008-04-14 12:00 . 2010-12-09 11:13 296646 c:\windows\system32\perfh009.dat

+ 2008-04-14 12:00 . 2011-03-29 23:10 296646 c:\windows\system32\perfh009.dat

- 2010-07-28 22:49 . 2004-01-11 22:00 348160 c:\windows\system32\msvcr71.dll

+ 2010-07-28 22:49 . 2011-02-06 16:32 348160 c:\windows\system32\msvcr71.dll

+ 2010-07-28 22:49 . 2011-02-06 16:32 499712 c:\windows\system32\msvcp71.dll

- 2010-07-28 22:49 . 2003-03-19 03:14 499712 c:\windows\system32\msvcp71.dll

+ 2011-04-20 00:57 . 2011-04-20 00:57 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe

+ 2010-09-15 06:50 . 2010-09-15 06:50 153376 c:\windows\system32\javaws.exe

- 2011-01-04 10:04 . 2010-09-15 06:50 153376 c:\windows\system32\javaws.exe

+ 2010-09-15 06:50 . 2010-09-15 06:50 145184 c:\windows\system32\javaw.exe

- 2011-01-04 10:04 . 2010-09-15 06:50 145184 c:\windows\system32\javaw.exe

- 2011-01-04 10:04 . 2010-09-15 06:50 145184 c:\windows\system32\java.exe

+ 2010-09-15 06:50 . 2010-09-15 06:50 145184 c:\windows\system32\java.exe

+ 2011-02-02 20:03 . 2004-09-29 14:15 204800 c:\windows\system32\HPZipr12.dll

+ 2011-02-02 20:03 . 2004-09-29 14:12 278584 c:\windows\system32\HPZidr12.dll

+ 2005-04-27 18:38 . 2005-04-27 18:38 372736 c:\windows\system32\hpzidi01.dll

+ 2004-09-30 08:49 . 2004-09-30 08:49 274432 c:\windows\system32\HPZc3212.dll

+ 2004-06-11 15:27 . 2004-06-11 15:27 118784 c:\windows\system32\HPODXPAT.DLL

+ 2011-04-05 19:55 . 2008-04-17 15:12 107368 c:\windows\system32\GEARAspi.dll

+ 2011-04-05 19:55 . 2008-04-17 15:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll

+ 2010-10-07 15:23 . 2010-10-07 15:23 197920 c:\windows\system32\dnssdX.dll

+ 2010-10-07 15:23 . 2010-10-07 15:23 107808 c:\windows\system32\dns-sd.exe

+ 2011-02-02 20:03 . 1998-10-29 18:45 306688 c:\windows\IsUninst.exe

+ 2011-02-02 20:08 . 2011-02-02 20:08 985600 c:\windows\Installer\79a7f0.msi

+ 2011-04-05 19:50 . 2011-04-05 19:50 811520 c:\windows\Installer\11254f5.msi

+ 2011-02-02 20:04 . 2005-05-10 22:48 1963008 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpzui3xu.dll

+ 2011-02-02 20:04 . 2005-05-10 21:22 2954752 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpzst3xu.dll

+ 2011-02-02 20:04 . 2005-05-10 22:49 1055232 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpz3r3xu.dll

+ 2011-02-02 20:04 . 2005-05-10 22:48 1264640 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpz3a3xu.dll

+ 2011-02-02 20:04 . 2005-02-21 19:58 7718400 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpfig3xu.dll

+ 2011-02-02 20:04 . 2005-03-22 17:31 1323008 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_5400_seriea2a2\hpbcfgre.dll

+ 2011-02-02 20:04 . 2005-05-10 22:48 1963008 c:\windows\system32\spool\drivers\w32x86\3\hpzui3xu.dll

+ 2011-02-02 20:04 . 2005-05-10 21:22 2954752 c:\windows\system32\spool\drivers\w32x86\3\hpzst3xu.dll

+ 2011-02-02 20:04 . 2005-05-10 22:49 1055232 c:\windows\system32\spool\drivers\w32x86\3\hpz3r3xu.dll

+ 2011-02-02 20:04 . 2005-05-10 22:48 1264640 c:\windows\system32\spool\drivers\w32x86\3\hpz3a3xu.dll

+ 2011-02-02 20:04 . 2005-02-21 19:58 7718400 c:\windows\system32\spool\drivers\w32x86\3\hpfig3xu.dll

+ 2011-02-02 20:04 . 2005-03-22 17:31 1323008 c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll

+ 2010-07-29 01:27 . 2011-04-20 00:57 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2011-04-05 19:51 . 2011-02-18 19:36 4184352 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaaplrc.dll

+ 2011-04-05 19:51 . 2010-04-19 22:29 1461992 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\wdfcoinstaller01009.dll

+ 2011-04-05 19:52 . 2011-04-05 19:52 9472000 c:\windows\Installer\112550a.msi

+ 2011-04-05 19:51 . 2011-04-05 19:51 1554944 c:\windows\Installer\1125505.msi

+ 2011-04-05 19:51 . 2011-04-05 19:51 3085312 c:\windows\Installer\1125500.msi

+ 2011-04-05 19:50 . 2011-04-05 19:50 1984000 c:\windows\Installer\11254fb.msi

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-09-19 19:53 98328 ----a-w- c:\arquivos de programas\Nero\Nero 9\InCD\NBHshx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2010-07-28 949376]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"OSD"="c:\arquivos de programas\C&E\OSD\osd.exe" [2007-08-28 671801]

"SiSPower"="SiSPower.dll" [2010-01-06 53248]

"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"InCD"="c:\arquivos de programas\Nero\Nero 9\InCD\InCD.exe" [2008-09-19 1111064]

"NBHGui"="c:\arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe" [2008-09-19 2079256]

"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"Ink Monitor"="c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-03-31 258114]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"NielsenOnline"="c:\arquivos de programas\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-10-30 47456]

"UpdateReminder"="c:\arquivos de programas\Eset\UpdateReminder.exe" [2010-11-03 413696]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-11-29 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2010-7-28 262144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideRunAsVerb"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\wowd.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

.

R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [20/9/2010 17:12 15360]

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [28/7/2010 17:30 15424]

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [19/9/2008 16:53 108568]

R2 NielsenUpdate;Nielsen Update;c:\arquivos de programas\NetRatingsNetSight\NetSight\NielsenUpdate.exe [14/4/2011 09:38 303936]

R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [20/9/2010 17:12 10368]

S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/9/2010 10:39 136176]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/9/2010 10:39 136176]

S3 NDISKIO;NDISKIO;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\000003fd.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\000003fd.nmc\nse\bin\ndiskio.sys [?]

S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

.

NETSVCS PRECISA DE REPAROS - Entradas atuais mostradas

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

Remoteaccess

Schedule

SENS

Sharedaccess

SRService

Tapisrv

Themes

WZCSVC

Wmi

WmdmPmSp

winmgmt

xmlprov

napagent

hkmsvc

BITS

wuauserv

ShellHWDetection

WmdmPmSN

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2009-10-22 14:50]

.

2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-19 13:38]

.

2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-19 13:38]

.

2011-05-16 c:\windows\Tasks\User_Feed_Synchronization-{3D56E767-D2BC-4909-9EEF-B5610F3EAA59}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = 129.21.30.116:3127

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\f4v8fqe4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2836015&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-16 07:18

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-299502267-688789844-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,33,64,f5,0f,4d,53,43,b4,e6,ae,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,33,64,f5,0f,4d,53,43,b4,e6,ae,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,33,64,f5,0f,4d,53,43,b4,e6,ae,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'lsass.exe'(488)

c:\windows\system32\imon.dll

c:\arquivos de programas\Eset\pr_imon.dll

.

- - - - - - - > 'explorer.exe'(1632)

c:\arquivos de programas\Nero\Nero 9\InCD\NBHshx.dll

c:\arquivos de programas\Nero\Nero 9\InCD\NBHStr.dll

c:\arquivos de programas\Arquivos comuns\Nero\AdvrCntr4\AdvrCntr4.dll

c:\windows\system32\ieframe.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2011-05-16 07:20:10

ComboFix-quarantined-files.txt 2011-05-16 10:20

.

Pré-execução: 7 pasta(s) 70.270.877.696 bytes disponíveis

Pós execução: 8 pasta(s) 70.263.504.896 bytes disponíveis

.

- - End Of File - - 9B1F8E6C8BDE1482EEBD6F90576ECD05

Abraços uma ótima Semana... :clap:

Renato Utsch · Maio 16, 2011

Olá!

Você ou algum conhecido seu tem o CD do Windows XP?

Abraços :D

karoline ferreira · Maio 17, 2011

Olá!

Você ou algum conhecido seu tem o CD do Windows XP?

Abraços :D

Olá Boa Noite, não tenho CD do Windows e nem um conhecido.

Abraços

Renato Utsch · Maio 17, 2011

Olá!

por favor, siga então as instruções abaixo:

<< [/b]1[/b] >>

Baixe o SystemLook e salve no seu desktop (área de trabalho.

Execute o SystemLook.
Cole o código abaixo no espaço em branco:
:filefind
*beep.sys*
*wscntfy.exe*
*regsvc.dll*
Clique em [Look].
Cole o relatório SystemLook.txt localizado no desktop.

Abraços :D

karoline ferreira · Maio 18, 2011

Olá!

por favor, siga então as instruções abaixo:

<< [/b]1[/b] >>

Baixe o SystemLook e salve no seu desktop (área de trabalho.

Execute o SystemLook.

Cole o código abaixo no espaço em branco:
:filefind
*beep.sys*
*wscntfy.exe*
*regsvc.dll*

Clique em [Look].

Cole o relatório SystemLook.txt localizado no desktop.

Abraços :D

Olá!!!

SystemLook 04.09.10 by jpshortstuff

Log created at 10:01 on 18/05/2011 by Administrador

Administrator - Elevation successful

========== filefind ==========

Searching for "*beep.sys*"

No files found.

Searching for "*wscntfy.exe*"

No files found.

Searching for "*regsvc.dll*"

No files found.

-= EOF =-

:D

Renato Utsch · Maio 18, 2011

Olá!

Por favor, siga as instruções abaixo:

<< 1 >>

Faça o download dos arquivos abaixo e salve-os dentro das seguintes pastas:

- regsvc.dll

C:\Windows\system32
C:\Windows\system32\dllcache

- beep.sys

C:\Windows\system32\drivers
C:\Windows\system32\dllcache

* wscntfy.exe

C:\Windows\system32
C:\Windows\system32\dllcache

<< 2 >>

Delete o ComboFix.exe do desktop, baixe outro e execute novamente a ferramenta, seguindo as instruções que já lhe passei.

Poste o log gerado.

Abraços :D

karoline ferreira · Maio 19, 2011

Olá!

Por favor, siga as instruções abaixo:

<< 1 >>

Faça o download dos arquivos abaixo e salve-os dentro das seguintes pastas:

- regsvc.dll

C:\Windows\system32

C:\Windows\system32\dllcache

- beep.sys

C:\Windows\system32\drivers

C:\Windows\system32\dllcache

* wscntfy.exe

C:\Windows\system32

C:\Windows\system32\dllcache

<< 2 >>

Delete o ComboFix.exe do desktop, baixe outro e execute novamente a ferramenta, seguindo as instruções que já lhe passei.

Poste o log gerado.

Abraços :D

Olá Boa Noite, log gerado.

ComboFix 11-05-18.04 - Administrador 19/05/2011 20:27:38.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.893.603 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauração

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\ReadMe.txt

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-04-19 to 2011-05-19 ))))))))))))))))))))))))))))

.

2011-05-19 11:30 . 2011-05-19 11:29 13824 ----a-w- c:\windows\system32\wscntfy.exe

2011-05-19 11:30 . 2011-05-19 11:29 13824 -c--a-w- c:\windows\system32\dllcache\wscntfy.exe

2011-05-19 11:29 . 2008-04-14 23:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2011-05-19 11:27 . 2008-04-14 23:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2011-05-19 11:25 . 2001-09-05 23:00 51712 -c--a-w- c:\windows\system32\dllcache\regsvc.dll

2011-05-19 11:21 . 2001-09-05 23:00 51712 ----a-w- c:\windows\system32\regsvc.dll

2011-05-18 11:46 . 2011-05-18 11:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-17 19:55 . 2011-05-17 19:55 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Apple