[Resolvido] &nbspPC lento - suspeita de malwares.

Olá keysha

1.

*Execute o hijack, clique em [Do a system scan only], selecione as entradas abaixo e clique em [Fix checked]

>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O18 - Filter hijack: text/html - {073d7f4f-5388-47fc-b479-4c930d3bb02b} - (no file)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

*Feche o hijack

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Selecione [Verificação completa] e clique [Verificar] > [Verificar]

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Versão da Base de Dados: 5310

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

14/12/2010 12:25:24

mbam-log-2010-12-14 (12-25-24).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 195407

Tempo decorrido: 1 hora(s), 0 minuto(s), 50 segundo(s)

Processos de Memória Infectados: 4

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 9

Processos de Memória Infectados:

c:\WINDOWS\system32\config\svchost.exe    (Heuristics.Reserved.Word.Exploit) -> 2608 -> Unloaded process successfully.

c:\WINDOWS\system32\config\svchost.exe    (Heuristics.Reserved.Word.Exploit) -> 476 -> Unloaded process successfully.

c:\WINDOWS\system32\config\svchost.exe    (Heuristics.Reserved.Word.Exploit) -> 484 -> Unloaded process successfully.

c:\WINDOWS\system32\config\svchost.exe    (Heuristics.Reserved.Word.Exploit) -> 496 -> Unloaded process successfully.

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soundmngr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Internet Explorer (Spyware.Banker) -> Value: Internet Explorer -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

c:\arquivos de programas\application\nerocheck.exe (Spyware.Banker) -> Delete on reboot.

c:\documents and settings\localservice\configurações locais\temporary internet files\Content.IE5\BC1NX7N6\moduloa[1].htm (Spyware.Banker) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\configurações locais\temporary internet files\Content.IE5\BC1NX7N6\moduloa[1].swf (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\configurações locais\temporary internet files\Content.IE5\SHUGNUPQ\moduloa[1].swf (Spyware.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\lod524.tmp (Spyware.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\lod566.tmp (Spyware.Banker) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\huntermails.jpg (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\loginitannez.cfg (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\config\svchost.exe    (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Execute o Combofix e aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique [sIM] para instalar e depois [sIM] para continuar.

/applications/core/interface/imageproxy/imageproxy.php?img=http://www.brimg.com/uploads/6/191d6c44ae.jpg&key=1fe1f989c4d6a127bc7bba5583f59007b61efbb1b3fec840a82c3992ab28468e" alt="191d6c44ae.jpg" />

/applications/core/interface/imageproxy/imageproxy.php?img=http://www.brimg.com/uploads/9/dd8ae98175.jpg&key=8e40b617fabc0596deefb9bf9ba6da7d1916a9dff8d1aa6ff9ebe8f837b9445b" alt="dd8ae98175.jpg" />

*Aguarde a conclusão de todas as etapas

/applications/core/interface/imageproxy/imageproxy.php?img=http://img375.imageshack.us/img375/6271/etapas.jpg&key=886faf50f6e4a02cfc852e77d70bb52b257bfe1b6dfadc5fb94284cceb208d2e" alt="etapas.jpg" />

*Não use o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER]

*Cole o relatório C:\combofix.txt

ComboFix 10-12-14.01 - DINIS 14/12/2010 22:52:17.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1007.599 [GMT -2:00]

Executando de: c:\documents and settings\DINIS\Desktop\ComboFix.exe

AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\Application\loga.dll

c:\arquivos de programas\Application\logaa.dll

c:\arquivos de programas\Application\logb.dll

c:\arquivos de programas\Application\logcc.dll

c:\arquivos de programas\driver

c:\windows\Media\logo.dll

c:\windows\Media\NewIcon.ico

c:\windows\system32\Drivers\sveyt.sys

c:\windows\system32\whv2.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_knrsavor

(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-15 to 2010-12-15 ))))))))))))))))))))))))))))

.

2010-12-14 12:03 . 2010-12-14 12:03 -------- d-----w- c:\documents and settings\DINIS\Dados de aplicativos\Malwarebytes

2010-12-14 12:03 . 2010-11-29 19:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-14 12:03 . 2010-12-14 12:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-12-14 12:03 . 2010-12-14 12:03 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-12-14 12:03 . 2010-11-29 19:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-13 14:07 . 2010-12-14 12:00 -------- d-----w- C:\HiJackThis

2010-12-10 19:49 . 2008-05-13 19:23 417792 ----a-w- c:\arquivos de programas\Windows Media Player\Plugins\wmp_scrobbler.dll

2010-12-10 19:49 . 2010-12-10 19:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm

2010-12-10 19:48 . 2010-12-10 19:48 -------- d-----w- c:\arquivos de programas\Last.fm

2010-12-09 19:51 . 2010-12-09 19:51 83765096 ----a-w- c:\arquivos de programas\Arquivos comuns\Windows Live\.cache\wlc58E.tmp

2010-12-09 15:41 . 2010-12-09 15:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2010-12-09 15:41 . 2010-12-09 15:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-12-09 15:40 . 2010-12-10 15:48 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\HPAppData

2010-12-06 16:12 . 2010-12-06 16:12 -------- d-----r- c:\documents and settings\LocalService\Meus documentos

2010-12-06 16:12 . 2010-12-06 16:12 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar

2010-12-06 16:11 . 2010-12-15 00:58 -------- d-sh--w- c:\arquivos de programas\Application

2010-12-06 12:23 . 2010-12-06 16:12 -------- d-----r- c:\documents and settings\LocalService\Favoritos

2010-11-28 20:45 . 2010-11-28 20:45 -------- d-----w- c:\arquivos de programas\MSBuild

2010-11-28 20:45 . 2010-11-28 20:47 -------- d-----w- c:\windows\system32\XPSViewer

2010-11-28 20:45 . 2010-11-28 20:45 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-11-28 20:44 . 2007-03-22 22:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-11-28 20:44 . 2006-06-29 15:07 14048 ------w- c:\windows\system32\spmsg2.dll

2010-11-28 20:39 . 2010-11-28 20:39 -------- d-----w- c:\arquivos de programas\MSXML 6.0

2010-11-28 19:58 . 2010-11-28 19:58 -------- d-----w- c:\arquivos de programas\WinPcap

2010-11-28 19:58 . 2010-01-26 12:11 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe

2010-11-28 19:58 . 2010-11-28 20:50 -------- d-----w- c:\arquivos de programas\VDownloader

2010-11-17 23:56 . 2010-11-17 23:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-11-17 13:41 . 2010-11-17 13:41 -------- d-sh--w- c:\documents and settings\DINIS\IECompatCache

2010-11-17 13:40 . 2010-11-17 13:40 -------- d-sh--w- c:\documents and settings\DINIS\PrivacIE

2010-11-17 13:38 . 2010-11-17 13:38 -------- d-sh--w- c:\documents and settings\DINIS\IETldCache

2010-11-17 13:36 . 2009-01-07 20:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-11-17 13:36 . 2010-11-28 20:47 -------- d-----w- c:\windows\system32\pt-BR

2010-11-17 13:36 . 2010-11-17 13:37 -------- dc-h--w- c:\windows\ie8

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-15 00:59 . 2010-03-20 12:32 1409 ----a-w- c:\windows\QTFont.for

2004-10-01 18:00 . 2010-03-19 12:24 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Google Update"="c:\documents and settings\DINIS\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-03-28 136176]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]

"PowerBar"="c:\arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-09-21 53248]

"VTTrayp"="VTtrayp.exe" [2007-02-06 176128]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"Ad-Watch"="c:\arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-19 524632]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 1397760]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-03-20 77824]

"CorelDRAW Graphics Suite 11b"="c:\arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 729088]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-20 113664]

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 22:54 3735552 ----a-w- c:\arquivos de programas\Google\Google Talk\googletalk.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Documents and Settings\\DINIS\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\DINIS\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4964:UDP"= 4964:UDP:Windows Media Format SDK (firefox.exe)

"4965:UDP"= 4965:UDP:Windows Media Format SDK (firefox.exe)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [19/3/2010 09:57 64160]

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [20/2/2010 10:21 16896]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [20/2/2010 10:21 52224]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/3/2010 09:48 165584]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [19/3/2010 09:40 13696]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/3/2010 09:48 17744]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [9/3/2009 17:06 1029456]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/1/2010 00:09 50704]

R3 GNCT511;Genius VideoCAM NB;c:\windows\system32\drivers\gnct511.sys [19/3/2010 10:06 229376]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [25/6/2010 22:03 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-12-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job

• c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:36]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

• c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-26 00:03]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-26 00:03]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\DINIS\Dados de aplicativos\Mozilla\Firefox\Profiles\9ziojlyj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.tratusgrafica.tk/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 51030

FF - prefs.js: network.proxy.type - 2

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}

FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia

FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}

FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de

FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de

FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}

FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-14 23:00

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

c:\windows\TEMP\_asw_aisI.tm~a02868\onefile.dld 1626 bytes

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'explorer.exe'(3556)

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\msi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\VTTimer.exe

c:\windows\system32\VTtrayp.exe

c:\windows\SOUNDMAN.EXE

c:\arquiv~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-12-14 23:08:28 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-12-15 01:08

Pré-execução: 7 pasta(s) 39.769.726.976 bytes disponíveis

Pós execução: 9 pasta(s) 39.897.001.984 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

• - End Of File - - 6540FA7EA9DFD09F6D10E6D96C6311DD

OK...o log está limpo

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

/applications/core/interface/imageproxy/imageproxy.php?img=http://www.brimg.com/uploads/2/9c7dcf5090.jpg&key=3eb615d202784973c9c79805e8200eec70b2d026fa804d0e9f092fa95cecdce5" alt="9c7dcf5090.jpg" />

*Clique [OK] > [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

Um abraço e Feliz Natal.

Obrigada!

Feliz Natal!!

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.