TR/Agent 198656

ComboFix 10-06-27.04 - Lovatel 28/06/2010 9:47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.730 [GMT -3:00]
Executando de: E:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\MessengerPlus
c:\messengerplus\atiamiriele@hotmail.com1.log
c:\messengerplus\carolzynh@hotmail.com1.log
c:\messengerplus\cleoaboa30@hotmail.com1.log
c:\messengerplus\daianamarcolin@hotmail.com1.log
c:\messengerplus\dijubanski@hotmail.com1.log
c:\messengerplus\dy_gevieski@hotmail.com1.log
c:\messengerplus\enviado.flg
c:\messengerplus\hiltonmotos@hotmail.com1.log
c:\messengerplus\joycesuperagro@hotmail.com1.log
c:\messengerplus\juupdate18.log
c:\messengerplus\k.k.1103@hotmail.com1.log
c:\messengerplus\ka.michel@hotmail.com1.log
c:\messengerplus\luciane.wagner@hotmail.com1.log
c:\messengerplus\marciasalai@hotmail.com1.log
c:\messengerplus\margaretealegri@hotmail.com1.log
c:\messengerplus\milenabasilio10@hotmail.com1.log
c:\messengerplus\niel.ribeiro.1@hotmail.com1.log
c:\messengerplus\novopequeno4.log
c:\messengerplus\selmacc@hotmail.com1.log
c:\messengerplus\vendashiltonmotos@hotmail.com1.log
c:\messengerplus\vendashm@hotmail.com1.log
c:\messengerplus\vivianlachman@hotmail.com1.log
c:\windows\jestertb.dll
c:\windows\system\1.exe
c:\windows\system\2.exe
c:\windows\system32\configex.dll
c:\windows\system32\sshnas21.dll
c:\windows\system32\svc
c:\windows\system32\vbzlib1.dll
c:\windows\system32\zip32.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\winx.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS

ComboFix 10-06-27.04 - Lovatel 28/06/2010 10:36:58.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.677 [GMT -3:00]
Executando de: E:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-28 to 2010-06-28 ))))))))))))))))))))))))))))
.

2010-06-24 14:30 . 2010-06-24 14:30 -------- d-----w- c:\documents and settings\Lovatel\Dados de aplicativos\Malwarebytes
2010-06-24 14:30 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-24 14:30 . 2010-06-24 14:30 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-06-24 14:30 . 2010-06-24 14:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-06-24 14:30 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 12:11 . 2008-06-25 17:02 -------- d-----w- c:\documents and settings\Lovatel\Dados de aplicativos\Image Zone Express
2010-06-28 10:42 . 2009-11-26 11:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-06-05 14:58 . 2010-04-22 17:11 -------- d-----w- c:\documents and settings\Lovatel\Dados de aplicativos\vlc
2010-05-27 16:57 . 2010-04-08 16:51 5092165 ----a-w- C:\HOME_UE089885_Temp.zip
2010-05-08 18:37 . 2010-05-08 18:31 -------- d-----w- c:\documents and settings\Lovatel\Dados de aplicativos\dvdcss
2010-04-22 18:41 . 2008-06-23 17:16 249856 ------w- c:\windows\Setup1.exe
2010-04-22 18:41 . 2008-06-23 17:16 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-31 13:28 . 2008-06-23 17:18 5063304 ----a-w- C:\HOME_Temp.zip
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\arquivos de programas\CCleaner\ccleaner.exe" [2010-02-24 1771320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 22:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 17:35 202024 ----a-w- c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 20:46 63048 ----a-w- c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 11:51 1836328 ----a-w- c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 17:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [5/10/2009 14:00 108289]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [24/7/2008 17:46 12856]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S0 11-04CF903B;MBIT-04CF903B;\SystemRoot\system\04CF903B\04CF903B --> \SystemRoot\system\04CF903B\04CF903B [?]
S1 1-04CF903B;MBITE-04CF903B;\??\c:\windows\system\04CF903B\04CF903B --> c:\windows\system\04CF903B\04CF903B [?]
S2 xkgvuusd;USB to IEEE-1284.4 Translation HPZius12Monitor;c:\windows\System32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]
S3 block_reader;MPR DRV;\??\c:\documents and settings\Lovatel\Desktop\block_reader.sys --> c:\documents and settings\Lovatel\Desktop\block_reader.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24/6/2010 11:30 38224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xkgvuusd
.
Conteúdo da pasta 'Tarefas Agendadas'

2008-08-21 c:\windows\Tasks\WebReg Photosmart C3100 series.job
- c:\arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe [2006-02-19 08:09]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lovatel\Dados de aplicativos\Mozilla\Firefox\Profiles\3omk6d0r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-28 10:40
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1-04CF903B]
"ImagePath"="\??\c:\windows\system\04CF903B\04CF903B"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\11-04CF903B]
"ImagePath"="system\04CF903B\04CF903B"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3176)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2010-06-28 10:41:34
ComboFix-quarantined-files.txt 2010-06-28 13:41
ComboFix2.txt 2010-06-28 12:58

Pré-execução: 31 pasta(s) 52.994.273.280 bytes disponíveis
Pós execução: 32 pasta(s) 52.984.815.616 bytes disponíveis

- - End Of File - - 523A4D7B4D23227DF400389C2B74BD8B