Combofix

ComboFix 12-10-02.02 - wsousa 02/10/2012   9:37.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.2047.549 [GMT -3:00]
Executando de: c:\documents and settings\wsousa\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\TSearch
c:\documents and settings\cameras\WINDOWS
c:\windows\IsUn0416.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c3850f2054c10928.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\ijl11.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2012-09-02 to 2012-10-02  ))))))))))))))))))))))))))))
.
.
2012-10-01 20:42 . 2012-10-01 20:42    --------    d-----w-    c:\windows\system32\config\systemprofile\Dados de aplicativos\Softland
2012-10-01 15:03 . 2012-10-01 15:03    --------    d-----w-    c:\documents and settings\wsousa\Dados de aplicativos\YCanPDF
2012-10-01 15:03 . 2012-10-01 15:05    --------    d-----w-    C:\output
2012-10-01 15:03 . 2012-10-01 15:03    --------    d-----w-    C:\PDFToExcelConverter
2012-10-01 15:00 . 2012-10-01 15:00    --------    d-----w-    c:\documents and settings\wsousa\Dados de aplicativos\Softland
2012-10-01 15:00 . 2012-10-01 15:00    --------    d-----w-    c:\documents and settings\LocalService\Dados de aplicativos\Softland
2012-10-01 15:00 . 2012-05-17 11:45    23432    ----a-w-    c:\windows\system32\dopdfmn7.dll
2012-10-01 15:00 . 2012-05-17 11:45    20872    ----a-w-    c:\windows\system32\dopdfmi7.dll
2012-10-01 15:00 . 2012-10-01 15:00    --------    d-----w-    c:\arquivos de programas\Softland
2012-09-27 15:22 . 2012-09-27 15:22    --------    d-----w-    c:\documents and settings\wsousa\Configurações locais\Dados de aplicativos\Innovative Solutions
2012-09-27 15:22 . 2012-09-27 15:22    --------    d-----w-    c:\arquivos de programas\Innovative Solutions
2012-09-26 17:36 . 2012-09-26 17:36    --------    d-----w-    c:\documents and settings\wsousa\Configurações locais\Dados de aplicativos\Microsoft Help
2012-09-26 17:27 . 2012-09-27 11:45    --------    d-----w-    c:\documents and settings\wsousa\Dados de aplicativos\Applian FLV and Media Player
2012-09-26 17:22 . 2012-09-26 17:22    --------    d-----w-    c:\documents and settings\wsousa\Dados de aplicativos\vlc
2012-09-25 17:27 . 2012-09-25 17:27    --------    d-----w-    C:\HPR06
2012-09-25 17:24 . 2006-10-10 11:33    10288    ----a-w-    c:\windows\system32\drivers\ASUSHWIO.SYS
2012-09-25 14:01 . 2012-09-25 14:01    --------    d-----w-    c:\arquivos de programas\NirSoft
2012-09-24 14:55 . 2012-09-24 14:58    --------    d-----w-    c:\arquivos de programas\Advanced Fix 2012
2012-09-21 14:21 . 2012-09-21 14:21    --------    d-----w-    c:\documents and settings\wsousa\Configurações locais\Dados de aplicativos\LogMeIn
2012-09-21 14:21 . 2012-07-05 21:09    52128    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-09-21 14:21 . 2012-07-05 21:09    30624    ----a-w-    c:\windows\system32\LMIport.dll
2012-09-21 14:21 . 2012-07-05 21:10    83392    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2012-09-21 14:21 . 2012-06-08 15:06    47640    ----a-w-    c:\windows\system32\drivers\LMIRfsDriver.sys
2012-09-21 14:21 . 2012-09-21 14:21    --------    d-----w-    c:\windows\LastGood.Tmp
2012-09-21 14:21 . 2012-07-05 21:09    87456    ----a-w-    c:\windows\system32\LMIinit.dll
2012-09-21 14:21 . 2012-10-02 12:30    --------    d-----w-    c:\documents and settings\All Users\Dados de aplicativos\LogMeIn
2012-09-21 14:21 . 2012-09-21 15:33    --------    d-----w-    c:\arquivos de programas\LogMeIn
2012-09-18 17:58 . 2012-09-18 17:58    --------    d-----w-    c:\documents and settings\wsousa\Dados de aplicativos\Claro LTD
2012-09-18 12:06 . 2012-09-18 12:36    --------    d-----w-    c:\documents and settings\rui.nunes
2012-09-14 15:16 . 2012-09-14 15:19    --------    d-----w-    c:\arquivos de programas\smartdl
2012-09-14 14:32 . 2012-09-14 14:32    --------    d-----w-    c:\arquivos de programas\Kroll Ontrack
2012-09-14 13:37 . 2012-09-14 13:37    --------    d-----w-    c:\arquivos de programas\Claro LTD
2012-09-14 13:37 . 2012-09-14 13:37    --------    d-----w-    c:\documents and settings\wsousa\Dados de aplicativos\Babylon
2012-09-14 13:37 . 2012-09-14 13:37    --------    d-----w-    c:\documents and settings\All Users\Dados de aplicativos\Babylon
2012-09-14 13:37 . 2012-09-14 13:39    --------    d-----w-    c:\documents and settings\wsousa\Configurações locais\Dados de aplicativos\MediaGet2
2012-09-14 12:43 . 2012-09-14 12:49    --------    d-----w-    c:\arquivos de programas\Ontrack
2012-09-04 15:19 . 2012-09-15 11:35    --------    d-----w-    c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2012-09-04 15:19 . 2012-09-04 15:22    --------    d-----w-    c:\arquivos de programas\Spybot - Search & Destroy
2012-09-03 20:04 . 2012-09-03 20:04    --------    d-----w-    c:\documents and settings\wsousa\flexdock
2012-09-03 19:47 . 2011-07-28 22:06    1763584    ----a-w-    c:\windows\system32\drivers\athuw.sys
2012-09-03 19:47 . 2011-07-28 22:06    1763584    ----a-w-    c:\windows\system32\athuw.sys
2012-09-03 19:46 . 2012-09-03 19:46    --------    d-----w-    c:\documents and settings\All Users\Dados de aplicativos\TP-LINK
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 20:22 . 2012-08-22 20:22    209269    ----a-w-    C:\torrent.exe
2012-08-21 22:12 . 2012-08-22 19:18    64048    ----a-r-    c:\windows\system32\drivers\360SpOEM.sys
2012-08-15 19:18 . 2012-03-30 12:09    426184    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-08-15 19:18 . 2012-03-28 18:11    70344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 13:15 . 2012-09-07 13:15    266720    ----a-w-    c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-29 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"DriverMax"="c:\arquivos de programas\Innovative Solutions\DriverMax\drivermax.exe" [2012-09-03 11325376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
"StartCCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMyGames"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoAutoUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-07-05 21:09    87456    ----a-w-    c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^cameras^Menu Iniciar^Programas^Inicializar^Direct Web.lnk]
backup=c:\windows\pss\Direct Web.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 01:16    39792    ----a-w-    c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B612Backup]
2007-09-08 15:51    225280    ----a-w-    c:\arquivos de programas\DVR SYSTEM\Backup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 17:02    254696    ----a-w-    c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Arquivos de programas\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9/6/2010 16:43 11352]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe [5/7/2012 18:09 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [8/6/2012 12:06 12856]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/6/2010 14:07 35088]
R3 DEV_STREAM;DVR ACapture Driver;c:\windows\system32\drivers\DEV_STRM.sys [5/8/2011 16:08 20564]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [7/5/2010 11:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/11/2009 19:27 19472]
S2 gupdate;Serviço do Google Update (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/4/2012 09:48 116648]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [3/9/2012 16:47 1763584]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/4/2012 09:48 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [7/5/2012 09:04 114144]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/3/2012 09:09 250056]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:18]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-04-19 12:47]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-04-19 12:47]
.
.
------- Scan Suplementar -------
.
mStart Page = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCzyyCyC0BtAtA0DzyyCtCyByD0EtN0D0Tzu0StBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=219974288
IE: Adicionar ao Antibanner - c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
Trusted Zone: 9090
Trusted Zone: sytes.net\empresakairos
TCP: Interfaces\{35731FB2-6E96-42D3-B49C-742B08340395}: NameServer = 10.0.0.2,10.0.0.254
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://10.0.0.30:9090/webrec.cab
FF - ProfilePath - c:\documents and settings\wsousa\Dados de aplicativos\Mozilla\Firefox\Profiles\3o3scep0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - fc1b175e000000000000001966b33d96
FF - user.js: extensions.claro.instlDay - 15597
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.110:37
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - iclaro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - ORFÃOS REMOVIDOS - - - -
.
BHO-{000F18F2-09EB-4A59-82B2-5AE4184C39C3} - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
MSConfigStartUp-ApnUpdater - c:\arquivos de programas\Ask.com\Updater\Updater.exe
MSConfigStartUp-Google Update - c:\documents and settings\cameras\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
MSConfigStartUp-KL - c:\arquivos de programas\GPS Sistemas\AgenteX9\SysConf.exe
MSConfigStartUp-KLIng - c:\program files\GPS Sistemas\AgenteX9\SysConf.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-vProt - c:\arquivos de programas\AVG Secure Search\vprot.exe
AddRemove-Look@LAN_1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-02 09:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2892)
c:\windows\system32\WININET.dll
c:\arquiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\arquivos de programas\WinRAR\rarext.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\LogMeIn\x86\RaMaint.exe
c:\arquivos de programas\LogMeIn\x86\LogMeIn.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-10-02  09:48:50 - Máquina reiniciou
ComboFix-quarantined-files.txt  2012-10-02 12:48
.
Pré-execução: 16 pasta(s) 43.457.355.776 bytes disponíveis
Pós execução: 22 pasta(s) 43.655.417.856 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B1AA98106F56EB1730538F7DCCA63FD5

ALGUEM PODE ME AJUDAR A SOBRE ESTE LOG E SE TEM ALGUM VIRUS OU NAO... OBRIGADO...