Por favor, gostaria que analisassem meu log, estou com uma leve suspeita de infecção.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:15:45, on 11/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Arquivos de programas\Windows Defender\MSASCui.exe
D:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\system32\wuauclt.exe
D:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFAB.EXE
D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
D:\Documents and Settings\Fábio Melo\Meus documentos\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] "D:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SMSERIAL] D:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] D:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON T24 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFAB.EXE /FU "D:\DOCUME~1\FBIOME~1\CONFIG~1\Temp\E_S23.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UberIcon.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Arquivos de programas\WinPcap\rpcapd.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 7437 bytes
Versão Completa Suspeita de Infecção
Seja bem-vindo(a) à Linha Defensiva
Meu nome é José Humberto e "nickname" JoseMelo
Para que possamos ter sucesso ao final dos procedimentos, sugiro que siga estritamente o que lhe for proposto e não use qualquer ferramenta ou programa, que não seja os aqui recomendados;
Não desinstale nenhuma ferramenta que esteja sendo usada, até a finalização dos procedimentos;
Caso tenha um tópico em andamento em outro fórum, recomendo que o abandone para que os procedimentos não sejam conflitantes;
Se preferir receber por e-mail um aviso toda vez que houver resposta no seu tópico, clique em
no alto da página e em Assinar este tópico.
Se tiver mais de um programa, com proteção residente instalado (antivírus, antispyware, firewall), mantenha somente um para evitar conflitos e lentidão ao sistema.
- Faça o download do Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam-download.php
Meu nome é José Humberto e "nickname" JoseMelo
Para que possamos ter sucesso ao final dos procedimentos, sugiro que siga estritamente o que lhe for proposto e não use qualquer ferramenta ou programa, que não seja os aqui recomendados;
Não desinstale nenhuma ferramenta que esteja sendo usada, até a finalização dos procedimentos;
Caso tenha um tópico em andamento em outro fórum, recomendo que o abandone para que os procedimentos não sejam conflitantes;
Se preferir receber por e-mail um aviso toda vez que houver resposta no seu tópico, clique em
Se tiver mais de um programa, com proteção residente instalado (antivírus, antispyware, firewall), mantenha somente um para evitar conflitos e lentidão ao sistema.
- Faça o download do Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam-download.php
- Desative o antivírus;
- Faça a instalação dando um duplo clique em "mbam-setup.exe";
- Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
- Marque "Verificação Completa" e depois clique em Verificar;
- Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
- Se algo for detectado, veja se tudo está marcado e clique em "Remover";
- O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
- Copie e cole o conteúdo desse log na sua próxima resposta.
Conforme sua orientação JoseMelo seguem abaixo os dois logs:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Versão da Base de Dados: 4207
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
16/6/2010 21:50:06
mbam-log-2010-06-16 (21-50-06).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objetos escaneados: 337030
Tempo decorrido: 1 hora(s), 33 minuto(s), 48 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 27
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
D:\Documents and Settings\Fábio Melo\Configurações locais\Temporary Internet Files\Content.IE5\89ABCRAX\iexplorebj[1].txt (Trojan.Banker) -> Quarantined and deleted successfully.
D:\Documents and Settings\Fábio Melo\Configurações locais\Temporary Internet Files\Content.IE5\IXGL4NO7\businessitamar[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\Fábio Melo\Configurações locais\Temporary Internet Files\Content.IE5\YZIF2LM5\iexplorei[1].txt (Trojan.Banker) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\55DBKS0I\businessreal[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\55DBKS0I\play[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\8QN646S4\iexplorebj[1].txt (Trojan.Banker) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\H971MEM4\iexplorei[1].txt (Trojan.Banker) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\YU458HE1\businessitamar[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\YU458HE1\star[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\RECYCLER\S-1-5-21-789336058-2111687655-1417001333-1003\Dd329\Keygen.exe (Worm.Autorun.
-> Quarantined and deleted successfully.
D:\RECYCLER\S-1-5-21-789336058-2111687655-1417001333-1003\Dd335\Keygen.exe (Worm.Autorun. -> Quarantined and deleted successfully.
D:\WINDOWS\play.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
D:\WINDOWS\BusinessITAMAR.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\BusinessReal.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\star.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\businessitamar.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\businessreal.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\iexplorebj.exe (Trojan.Banker) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\iexplorei.exe (Trojan.Banker) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\play.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\star.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
K:\Portátil\Adobe Photoshop CS3\Msvcrt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
K:\Portátil\Adobe Photoshop CS3\Shfolder.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\USB_Disk_Eject.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\iexplorebj.exe (Trojan.Banker) -> Quarantined and deleted successfully.
D:\WINDOWS\IEXPLOREi.exe (Worm.Sohanad) -> Quarantined and deleted successfully.
D:\WINDOWS\Inf123.aas (Malware.Trace) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:59:05, on 17/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Windows Defender\MSASCui.exe
D:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFAB.EXE
D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
D:\Arquivos de programas\Java\jre6\bin\javaw.exe
D:\Arquivos de programas\uTorrent\uTorrent.exe
D:\Arquivos de programas\Microsoft Private Folder 1.0\ShellHelper.exe
D:\Documents and Settings\Fábio Melo\Meus documentos\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] "D:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SMSERIAL] D:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] D:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON T24 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFAB.EXE /FU "D:\DOCUME~1\FBIOME~1\CONFIG~1\Temp\E_S23.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UberIcon.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Arquivos de programas\WinPcap\rpcapd.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 7573 bytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Versão da Base de Dados: 4207
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
16/6/2010 21:50:06
mbam-log-2010-06-16 (21-50-06).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objetos escaneados: 337030
Tempo decorrido: 1 hora(s), 33 minuto(s), 48 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 27
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
D:\Documents and Settings\Fábio Melo\Configurações locais\Temporary Internet Files\Content.IE5\89ABCRAX\iexplorebj[1].txt (Trojan.Banker) -> Quarantined and deleted successfully.
D:\Documents and Settings\Fábio Melo\Configurações locais\Temporary Internet Files\Content.IE5\IXGL4NO7\businessitamar[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\Fábio Melo\Configurações locais\Temporary Internet Files\Content.IE5\YZIF2LM5\iexplorei[1].txt (Trojan.Banker) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\55DBKS0I\businessreal[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\55DBKS0I\play[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\8QN646S4\iexplorebj[1].txt (Trojan.Banker) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\H971MEM4\iexplorei[1].txt (Trojan.Banker) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\YU458HE1\businessitamar[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Documents and Settings\Remo\Configurações locais\Temporary Internet Files\Content.IE5\YU458HE1\star[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\RECYCLER\S-1-5-21-789336058-2111687655-1417001333-1003\Dd329\Keygen.exe (Worm.Autorun.
-> Quarantined and deleted successfully.D:\RECYCLER\S-1-5-21-789336058-2111687655-1417001333-1003\Dd335\Keygen.exe (Worm.Autorun.
-> Quarantined and deleted successfully.D:\WINDOWS\play.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
D:\WINDOWS\BusinessITAMAR.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\BusinessReal.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\star.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\businessitamar.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\businessreal.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\iexplorebj.exe (Trojan.Banker) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\iexplorei.exe (Trojan.Banker) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\play.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\WINDOWS\Config\star.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
K:\Portátil\Adobe Photoshop CS3\Msvcrt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
K:\Portátil\Adobe Photoshop CS3\Shfolder.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\USB_Disk_Eject.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\iexplorebj.exe (Trojan.Banker) -> Quarantined and deleted successfully.
D:\WINDOWS\IEXPLOREi.exe (Worm.Sohanad) -> Quarantined and deleted successfully.
D:\WINDOWS\Inf123.aas (Malware.Trace) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:59:05, on 17/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Windows Defender\MSASCui.exe
D:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFAB.EXE
D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
D:\Arquivos de programas\Java\jre6\bin\javaw.exe
D:\Arquivos de programas\uTorrent\uTorrent.exe
D:\Arquivos de programas\Microsoft Private Folder 1.0\ShellHelper.exe
D:\Documents and Settings\Fábio Melo\Meus documentos\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] "D:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SMSERIAL] D:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] D:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON T24 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFAB.EXE /FU "D:\DOCUME~1\FBIOME~1\CONFIG~1\Temp\E_S23.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UberIcon.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Arquivos de programas\WinPcap\rpcapd.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 7573 bytes
- Faça o download do ComboFix de sUBs e salve-o no desktop;
OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)
OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)
- Desative, temporariamente, o antivírus;
- Feche todas as janelas abertas;
- Dê um duplo clique no ComboFix;
- Na próxima janela clique em Executar, aceite o contrato e aguarde até que o relatório seja gerado;
OBS: Caso não queira que seja instalado o console de recuperação do Windows, clique em "Não" e depois concorde que a verificação prossiga.
Ao ser instalado o console, na inicialização do sistema será apresentada a tela para seleção dos sistemas operacionais.
Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br - Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento;
- O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
- Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
- Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
- Para parar ou sair do ComboFix, tecle "N".
- Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";
- Anexe o ComboFix.txt à sua resposta conforme as instruções abaixo
http://www.linhadefensiva.org/forum/index.php?showtopic=595
Conforme a sua orientação segue em anexo o log, Jose.
- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;
| CODE |
| File:: d:\windows\wget.exe d:\windows\BusinessFisico.exe d:\windows\Tasks\UpdateWIN1.job |
- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:
Se solicitado pressione "Enter" para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.
Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
Seguem abeixo os dois logs:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:33, on 19/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Windows Defender\MSASCui.exe
D:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\system32\igfxpers.exe
D:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
D:\Documents and Settings\Fábio Melo\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] "D:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSERIAL] D:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] D:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UberIcon.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Arquivos de programas\WinPcap\rpcapd.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 6870 bytes
ComboFix 10-06-17.03 - Fábio Melo 19/06/2010 10:20:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.582 [GMT -3:00]
Executando de: d:\documents and settings\Fábio Melo\Desktop\ComboFix.exe
Comandos utilizados :: d:\documents and settings\Fábio Melo\Desktop\CFScript.txt
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATENÇAO - ESTA MAQUINA não TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
FILE ::
"d:\windows\BusinessFisico.exe"
"d:\windows\Tasks\UpdateWIN1.job"
"d:\windows\wget.exe"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\BusinessFisico.exe
d:\windows\Tasks\UpdateWIN1.job
d:\windows\wget.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-19 to 2010-06-19 ))))))))))))))))))))))))))))
.
2010-06-16 21:32 . 2010-04-29 18:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-06-16 21:32 . 2010-04-29 18:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-06-16 17:47 . 2010-01-12 16:35 100896 ----a-w- d:\windows\system32\RTNUninst32.dll
2010-06-10 22:54 . 2010-01-28 21:57 163280 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-06-10 22:54 . 2010-01-28 21:54 19024 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-06-10 22:54 . 2010-01-28 21:59 270928 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2010-06-10 22:54 . 2010-01-28 21:59 103120 ----a-w- d:\windows\system32\drivers\aswFW.sys
2010-06-10 22:53 . 2010-01-28 21:58 194640 ----a-w- d:\windows\system32\drivers\aswNdis2.sys
2010-06-10 22:53 . 2010-01-28 21:54 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-06-10 22:53 . 2010-01-28 21:57 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-06-10 22:53 . 2010-01-28 21:54 100432 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-06-10 22:53 . 2010-01-28 21:54 94800 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-06-10 22:53 . 2010-01-28 21:53 28240 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-06-10 22:53 . 2010-01-09 21:22 12112 ----a-w- d:\windows\system32\drivers\aswNdis.sys
2010-06-10 22:53 . 2010-01-28 22:09 38848 ----a-w- d:\windows\system32\avastSS.scr
2010-06-10 22:53 . 2010-01-28 22:09 152672 ----a-w- d:\windows\system32\aswBoot.exe
2010-06-10 22:52 . 2010-06-10 22:53 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Alwil Software
2010-06-10 20:04 . 2010-06-10 20:04 64872 ----a-w- d:\windows\UNI.EXE
2010-06-10 00:31 . 2010-06-10 00:31 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\MessengerDiscovery 2
2010-06-03 14:15 . 2010-06-03 14:15 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Java
2010-06-03 14:15 . 2010-04-12 20:29 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-05-31 13:14 . 2010-06-19 02:36 -------- d-----w- d:\arquivos de programas\sXe Injected
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 16:20 . 2008-04-14 12:00 82930 ----a-w- d:\windows\system32\perfc016.dat
2010-06-12 16:20 . 2008-04-14 12:00 476790 ----a-w- d:\windows\system32\perfh016.dat
2010-06-11 05:23 . 2010-04-05 22:27 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\SuperMP3Download
2010-06-10 23:25 . 2009-03-28 21:36 -------- d-----w- d:\arquivos de programas\Alwil Software
2010-06-06 15:04 . 2008-08-15 16:16 -------- d-----w- d:\arquivos de programas\uTorrent
2010-06-05 13:09 . 2008-08-29 20:25 -------- d-----w- d:\arquivos de programas\Microsoft Silverlight
2010-06-03 14:14 . 2008-08-29 18:41 -------- d-----w- d:\arquivos de programas\Java
2010-05-12 14:21 . 2009-10-02 21:20 221568 ------w- d:\windows\system32\MpSigStub.exe
2010-05-08 23:57 . 2008-10-14 21:49 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Adobe
2010-05-07 01:30 . 2010-05-07 01:30 -------- d-----w- d:\arquivos de programas\Arquivos comuns\SWF Studio
2010-05-03 17:49 . 2008-06-14 23:10 225232 ----a-w- d:\windows\system32\drivers\Rtenicxp.sys
2010-05-02 08:08 . 2008-04-14 12:00 1851392 ----a-w- d:\windows\system32\win32k.sys
2010-04-20 05:31 . 2008-04-14 12:00 285696 ----a-w- d:\windows\system32\atmfd.dll
2010-04-16 16:07 . 2008-04-14 12:00 669184 ----a-w- d:\windows\system32\wininet.dll
2010-04-16 16:07 . 2009-06-10 00:50 81920 ----a-w- d:\windows\system32\ieencode.dll
2004-07-22 13:51 . 2004-07-22 13:51 3432656 -c--a-w- d:\arquivos de programas\ManagedDX.CAB
2004-07-20 01:58 . 2004-07-20 01:58 1156363 -c--a-w- d:\arquivos de programas\BDANT.cab
2004-07-20 01:53 . 2004-07-20 01:53 976020 -c--a-w- d:\arquivos de programas\BDAXP.cab
2004-07-09 17:17 . 2004-07-09 17:17 13265040 -c--a-w- d:\arquivos de programas\dxnt.cab
2004-07-09 12:13 . 2004-07-09 12:13 15493481 -c--a-w- d:\arquivos de programas\DirectX.cab
2004-07-09 12:13 . 2004-07-09 12:13 703080 -c--a-w- d:\arquivos de programas\BDA.cab
2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- d:\arquivos de programas\dxsetup.exe
2004-07-09 07:08 . 2004-07-09 07:08 2242560 -c--a-w- d:\arquivos de programas\dsetup32.dll
2004-07-09 06:03 . 2004-07-09 06:03 62976 -c--a-w- d:\arquivos de programas\DSETUP.dll
.
------- Sigcheck -------
[-] 2008-09-19 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . d:\windows\system32\drivers\TCPIP.SYS
[-] 2008-09-19 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . d:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-04-14 . 732946EEAA1D8EE2A4FC24370827617B . 977920 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[-] 2008-04-14 . 732946EEAA1D8EE2A4FC24370827617B . 977920 . . [6.00.2900.5512] . . d:\windows\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-01-28 21:56 135168 ----a-w- d:\arquivos de programas\Alwil Software\Avast5\snxPlugins.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-21 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="d:\arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SMSERIAL"="d:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2009-03-14 1466368]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="d:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"avast5"="d:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="d:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
d:\documents and settings\F bio Melo\Menu Iniciar\Programas\Inicializar\
UberIcon.lnk - d:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\WINDOWS\\system32\\dxdiag.exe"=
"d:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"d:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=
"d:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"d:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"d:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MessengerDiscovery 2\\MessengerDiscovery 2.exe"=
"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Arquivos de programas\\Songr\\Songr.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\VDOWNLOADER\\VDownloader.exe"=
"c:\\Arquivos de programas\\MC2\\Sniper Elite\\SniperElite.exe"=
"d:\\Documents and Settings\\Fábio Melo\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52645:TCP"= 52645:TCP:TCP 52645
"52645:UDP"= 52645:UDP:UDP 52645
"22408:TCP"= 22408:TCP:ARESTCP
"22408:UDP"= 22408:UDP:ARESUDP
R0 aswNdis;avast! Firewall NDIS Filter Service;d:\windows\system32\drivers\aswNdis.sys [10/6/2010 19:53 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;d:\windows\system32\drivers\aswNdis2.sys [10/6/2010 19:53 194640]
R1 aswFW;avast! TDI Firewall driver;d:\windows\system32\drivers\aswFW.sys [10/6/2010 19:54 103120]
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [10/6/2010 19:54 270928]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [10/6/2010 19:54 163280]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [10/6/2010 19:54 19024]
R2 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [20/10/2009 15:19 50704]
R2 Prvflder;Prvflder;d:\windows\system32\drivers\prvflder.sys [21/4/2006 08:22 70912]
R2 WinDefend;Windows Defender;d:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;d:\windows\system32\drivers\cmiucr.SYS [5/1/2007 17:21 93056]
R3 LVHybrid;LVHybrid service;d:\windows\system32\drivers\LVHybrid.sys [31/8/2009 22:32 795776]
S2 avast! Firewall;avast! Firewall;d:\arquivos de programas\Alwil Software\Avast5\afwServ.exe [10/6/2010 19:53 119200]
S3 3xHybrid;3xHybrid service;d:\windows\system32\drivers\3xHybrid.sys [30/8/2008 17:41 670592]
S3 DCamUSBIntel;USB Video Camera;d:\windows\system32\Drivers\TP6800.sys --> d:\windows\system32\Drivers\TP6800.sys [?]
S3 se_filter;System Explorer Filter Driver;d:\windows\system32\drivers\SE_Filter.sys [30/8/2008 19:37 9216]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-06-19 d:\windows\Tasks\MP Scheduled Scan.job
- d:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
2010-06-19 d:\windows\Tasks\WGASetup.job
- d:\windows\system32\KB905474\wgasetup.exe [2009-03-31 01:18]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.localstrike.com.ar/
mStart Page = hxxp://search.localstrike.com.ar/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Fábio Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\1k35rw9r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com.br/
FF - prefs.js: keyword.URL - hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: d:\documents and settings\Fábio Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\1k35rw9r.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-19 10:37
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2010-06-19 10:39:38
ComboFix-quarantined-files.txt 2010-06-19 13:39
ComboFix2.txt 2010-06-18 22:37
Pré-execução: 8 pasta(s) 11.807.248.384 bytes disponíveis
Pós execução: 9 pasta(s) 11.793.031.168 bytes disponíveis
- - End Of File - - F6FB87DAF69E98C99B7DA0447031FBE0
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:33, on 19/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\Arquivos de programas\Windows Defender\MSASCui.exe
D:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\system32\igfxpers.exe
D:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
D:\Documents and Settings\Fábio Melo\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] "D:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSERIAL] D:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] D:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UberIcon.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - D:\Arquivos de programas\WinPcap\rpcapd.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 6870 bytes
ComboFix 10-06-17.03 - Fábio Melo 19/06/2010 10:20:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.582 [GMT -3:00]
Executando de: d:\documents and settings\Fábio Melo\Desktop\ComboFix.exe
Comandos utilizados :: d:\documents and settings\Fábio Melo\Desktop\CFScript.txt
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATENÇAO - ESTA MAQUINA não TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
FILE ::
"d:\windows\BusinessFisico.exe"
"d:\windows\Tasks\UpdateWIN1.job"
"d:\windows\wget.exe"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\BusinessFisico.exe
d:\windows\Tasks\UpdateWIN1.job
d:\windows\wget.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-19 to 2010-06-19 ))))))))))))))))))))))))))))
.
2010-06-16 21:32 . 2010-04-29 18:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-06-16 21:32 . 2010-04-29 18:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-06-16 17:47 . 2010-01-12 16:35 100896 ----a-w- d:\windows\system32\RTNUninst32.dll
2010-06-10 22:54 . 2010-01-28 21:57 163280 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-06-10 22:54 . 2010-01-28 21:54 19024 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-06-10 22:54 . 2010-01-28 21:59 270928 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2010-06-10 22:54 . 2010-01-28 21:59 103120 ----a-w- d:\windows\system32\drivers\aswFW.sys
2010-06-10 22:53 . 2010-01-28 21:58 194640 ----a-w- d:\windows\system32\drivers\aswNdis2.sys
2010-06-10 22:53 . 2010-01-28 21:54 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-06-10 22:53 . 2010-01-28 21:57 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-06-10 22:53 . 2010-01-28 21:54 100432 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-06-10 22:53 . 2010-01-28 21:54 94800 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-06-10 22:53 . 2010-01-28 21:53 28240 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-06-10 22:53 . 2010-01-09 21:22 12112 ----a-w- d:\windows\system32\drivers\aswNdis.sys
2010-06-10 22:53 . 2010-01-28 22:09 38848 ----a-w- d:\windows\system32\avastSS.scr
2010-06-10 22:53 . 2010-01-28 22:09 152672 ----a-w- d:\windows\system32\aswBoot.exe
2010-06-10 22:52 . 2010-06-10 22:53 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Alwil Software
2010-06-10 20:04 . 2010-06-10 20:04 64872 ----a-w- d:\windows\UNI.EXE
2010-06-10 00:31 . 2010-06-10 00:31 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\MessengerDiscovery 2
2010-06-03 14:15 . 2010-06-03 14:15 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Java
2010-06-03 14:15 . 2010-04-12 20:29 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-05-31 13:14 . 2010-06-19 02:36 -------- d-----w- d:\arquivos de programas\sXe Injected
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 16:20 . 2008-04-14 12:00 82930 ----a-w- d:\windows\system32\perfc016.dat
2010-06-12 16:20 . 2008-04-14 12:00 476790 ----a-w- d:\windows\system32\perfh016.dat
2010-06-11 05:23 . 2010-04-05 22:27 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\SuperMP3Download
2010-06-10 23:25 . 2009-03-28 21:36 -------- d-----w- d:\arquivos de programas\Alwil Software
2010-06-06 15:04 . 2008-08-15 16:16 -------- d-----w- d:\arquivos de programas\uTorrent
2010-06-05 13:09 . 2008-08-29 20:25 -------- d-----w- d:\arquivos de programas\Microsoft Silverlight
2010-06-03 14:14 . 2008-08-29 18:41 -------- d-----w- d:\arquivos de programas\Java
2010-05-12 14:21 . 2009-10-02 21:20 221568 ------w- d:\windows\system32\MpSigStub.exe
2010-05-08 23:57 . 2008-10-14 21:49 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Adobe
2010-05-07 01:30 . 2010-05-07 01:30 -------- d-----w- d:\arquivos de programas\Arquivos comuns\SWF Studio
2010-05-03 17:49 . 2008-06-14 23:10 225232 ----a-w- d:\windows\system32\drivers\Rtenicxp.sys
2010-05-02 08:08 . 2008-04-14 12:00 1851392 ----a-w- d:\windows\system32\win32k.sys
2010-04-20 05:31 . 2008-04-14 12:00 285696 ----a-w- d:\windows\system32\atmfd.dll
2010-04-16 16:07 . 2008-04-14 12:00 669184 ----a-w- d:\windows\system32\wininet.dll
2010-04-16 16:07 . 2009-06-10 00:50 81920 ----a-w- d:\windows\system32\ieencode.dll
2004-07-22 13:51 . 2004-07-22 13:51 3432656 -c--a-w- d:\arquivos de programas\ManagedDX.CAB
2004-07-20 01:58 . 2004-07-20 01:58 1156363 -c--a-w- d:\arquivos de programas\BDANT.cab
2004-07-20 01:53 . 2004-07-20 01:53 976020 -c--a-w- d:\arquivos de programas\BDAXP.cab
2004-07-09 17:17 . 2004-07-09 17:17 13265040 -c--a-w- d:\arquivos de programas\dxnt.cab
2004-07-09 12:13 . 2004-07-09 12:13 15493481 -c--a-w- d:\arquivos de programas\DirectX.cab
2004-07-09 12:13 . 2004-07-09 12:13 703080 -c--a-w- d:\arquivos de programas\BDA.cab
2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- d:\arquivos de programas\dxsetup.exe
2004-07-09 07:08 . 2004-07-09 07:08 2242560 -c--a-w- d:\arquivos de programas\dsetup32.dll
2004-07-09 06:03 . 2004-07-09 06:03 62976 -c--a-w- d:\arquivos de programas\DSETUP.dll
.
------- Sigcheck -------
[-] 2008-09-19 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . d:\windows\system32\drivers\TCPIP.SYS
[-] 2008-09-19 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . d:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-04-14 . 732946EEAA1D8EE2A4FC24370827617B . 977920 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[-] 2008-04-14 . 732946EEAA1D8EE2A4FC24370827617B . 977920 . . [6.00.2900.5512] . . d:\windows\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-01-28 21:56 135168 ----a-w- d:\arquivos de programas\Alwil Software\Avast5\snxPlugins.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Fábio Melo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-21 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="d:\arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SMSERIAL"="d:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2009-03-14 1466368]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="d:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"avast5"="d:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="d:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
d:\documents and settings\F bio Melo\Menu Iniciar\Programas\Inicializar\
UberIcon.lnk - d:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\WINDOWS\\system32\\dxdiag.exe"=
"d:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"d:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=
"d:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"d:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"d:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MessengerDiscovery 2\\MessengerDiscovery 2.exe"=
"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Arquivos de programas\\Songr\\Songr.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\VDOWNLOADER\\VDownloader.exe"=
"c:\\Arquivos de programas\\MC2\\Sniper Elite\\SniperElite.exe"=
"d:\\Documents and Settings\\Fábio Melo\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52645:TCP"= 52645:TCP:TCP 52645
"52645:UDP"= 52645:UDP:UDP 52645
"22408:TCP"= 22408:TCP:ARESTCP
"22408:UDP"= 22408:UDP:ARESUDP
R0 aswNdis;avast! Firewall NDIS Filter Service;d:\windows\system32\drivers\aswNdis.sys [10/6/2010 19:53 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;d:\windows\system32\drivers\aswNdis2.sys [10/6/2010 19:53 194640]
R1 aswFW;avast! TDI Firewall driver;d:\windows\system32\drivers\aswFW.sys [10/6/2010 19:54 103120]
R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [10/6/2010 19:54 270928]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [10/6/2010 19:54 163280]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [10/6/2010 19:54 19024]
R2 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [20/10/2009 15:19 50704]
R2 Prvflder;Prvflder;d:\windows\system32\drivers\prvflder.sys [21/4/2006 08:22 70912]
R2 WinDefend;Windows Defender;d:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;d:\windows\system32\drivers\cmiucr.SYS [5/1/2007 17:21 93056]
R3 LVHybrid;LVHybrid service;d:\windows\system32\drivers\LVHybrid.sys [31/8/2009 22:32 795776]
S2 avast! Firewall;avast! Firewall;d:\arquivos de programas\Alwil Software\Avast5\afwServ.exe [10/6/2010 19:53 119200]
S3 3xHybrid;3xHybrid service;d:\windows\system32\drivers\3xHybrid.sys [30/8/2008 17:41 670592]
S3 DCamUSBIntel;USB Video Camera;d:\windows\system32\Drivers\TP6800.sys --> d:\windows\system32\Drivers\TP6800.sys [?]
S3 se_filter;System Explorer Filter Driver;d:\windows\system32\drivers\SE_Filter.sys [30/8/2008 19:37 9216]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-06-19 d:\windows\Tasks\MP Scheduled Scan.job
- d:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
2010-06-19 d:\windows\Tasks\WGASetup.job
- d:\windows\system32\KB905474\wgasetup.exe [2009-03-31 01:18]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.localstrike.com.ar/
mStart Page = hxxp://search.localstrike.com.ar/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Fábio Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\1k35rw9r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com.br/
FF - prefs.js: keyword.URL - hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: d:\documents and settings\Fábio Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\1k35rw9r.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-19 10:37
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2010-06-19 10:39:38
ComboFix-quarantined-files.txt 2010-06-19 13:39
ComboFix2.txt 2010-06-18 22:37
Pré-execução: 8 pasta(s) 11.807.248.384 bytes disponíveis
Pós execução: 9 pasta(s) 11.793.031.168 bytes disponíveis
- - End Of File - - F6FB87DAF69E98C99B7DA0447031FBE0
- Ok, o log está limpo 
- Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da ferramenta;
- Atualize o Internet Explorer:
http://www.microsoft.com/brasil/windows/in...er/default.aspx
- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:
- Leitura recomendada:
http://www.linhadefensiva.org/forum/index....showtopic=75646
- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;
- Se não tiver mais problema, clique no botão
e diga que o seu caso foi resolvido.
- Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da ferramenta;
- Atualize o Internet Explorer:
http://www.microsoft.com/brasil/windows/in...er/default.aspx
- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:
- Clique em Salvar e quando terminado o download, faça a instalação;
- Abra o programa e clique em Executar Limpeza;
- Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados
- Leitura recomendada:
http://www.linhadefensiva.org/forum/index....showtopic=75646
- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;
- Se não tiver mais problema, clique no botão
Problema Resolvido!
Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.
Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.
Esta é uma versão "lo-fi" do conteúdo. Para acessar a versão completa com mais informações, formatação e imagens, por favor clique aqui .