Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:00:32, on 14/11/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Barra de aplicativos da ALOT Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: Barra de aplicativos da ALOT - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Arquivos de programas\alotappbar\bin\ALOTHelper.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [upgrade.exe] C:\win7xe\upgrade.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

--

End of file - 6724 bytes

-----\\-------

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.11.14.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f003407 :: FUN0085 [administrador]

14/11/2012 11:02:26

mbam-log-2012-11-14 (11-02-26).txt

Tipo de Verificação: Verificação Completa (C:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 324785

Tempo decorrido: 1 hora(s), 52 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 2

C:\Documents and Settings\f003407\Meus documentos\Downloads\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

C:\RECYCLER\S-1-5-21-2586132527-314635491-3328972525-21374\Dc497.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

=======\\==========

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.11.14.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f003407 :: FUN0085 [administrador]

14/11/2012 09:51:01

mbam-log-2012-11-14 (09-51-01).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 270913

Tempo decorrido: 9 minuto(s), 27 segundo(s)

Processos de Memória Detectados: 2

C:\win7xe\win7.exe (Trojan.Banker) -> 2440 -> Será deletado na próxima inicialização.

C:\win7xe\win32.exe (Trojan.Banker) -> 2408 -> Será deletado na próxima inicialização.

Módulos de Memória Detectados: 2

C:\win7xe\icudt.dll (Trojan.Banker) -> Será deletado na próxima inicialização.

C:\win7xe\libcef.dll (Trojan.Banker) -> Será deletado na próxima inicialização.

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|win7.exe (Trojan.Banker) -> Data: C:\win7xe\win7.exe -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|win32.exe (Trojan.Banker) -> Data: C:\win7xe\win32.exe -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 2

HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 13

C:\Documents and Settings\f003407\Desktop\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.

C:\Documents and Settings\f003407\Meus documentos\Downloads\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.

C:\Documents and Settings\f003407\Meus documentos\Downloads\Nota_Fiscal.PDF.Cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

c:\documents and settings\f003407\meus documentos\downloads\nota_fiscal_eletronica.pdf (1).cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

c:\documents and settings\f003407\meus documentos\downloads\nota_fiscal_eletronica.pdf.cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f003407\My Documents\Downloads\84xd (Backdoor.Bot) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f003407\My Documents\Downloads\84xd(1) (Backdoor.Bot) -> Enviado para a Quarentena e deletado com sucesso.

C:\win7xe\icudt.dll (Trojan.Banker) -> Será deletado na próxima inicialização.

C:\win7xe\libcef.dll (Trojan.Banker) -> Será deletado na próxima inicialização.

C:\win7xe\id.sys (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

C:\win7xe\up.exe (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

C:\win7xe\win7.exe (Trojan.Banker) -> Será deletado na próxima inicialização.

C:\win7xe\win32.exe (Trojan.Banker) -> Será deletado na próxima inicialização.

(fim)

=========\\\=============

AdwCleaner v2.007 - Logfile created 11/14/2012 at 10:16:10

Updated 06/11/2012 by Xplode

Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

User : f003407 - FUN0085

Boot Mode : Normal

Running from : C:\Documents and Settings\f003407\Desktop\adwcleaner.exe

Option [Delete]

*** [services] ***

*** [Files / Folders] ***

Folder Deleted : C:\Arquivos de programas\DealPly

*** [Registry] ***

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\Software\DealPly

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

*** [internet Browsers] ***

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[s2].txt - [1352 octets] - [14/11/2012 10:16:10]

########## EOF - C:\AdwCleaner[s2].txt - [1412 octets] ##########

ComboFix 12-11-14.01 - f003407 14/11/2012 14:24:42.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1014.551 [GMT -2:00]

Executando de: c:\documents and settings\f003407\Desktop\Ferramentas para Diagn¾stico\ComboFix.exe

AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\arquivos de programas\alotappbar

c:\arquivos de programas\alotappbar\alotUninst.exe

c:\arquivos de programas\alotappbar\bin\alotappbar.dll

c:\arquivos de programas\alotappbar\bin\alothelper.dll

c:\arquivos de programas\alotappbar\bin\alotwidgets.exe

c:\arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll

c:\windows\system\chron32.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))

.

.

2012-11-14 15:59 . 2012-11-14 15:59 388608 ----a-w- C:\HiJackThis.exe

2012-11-14 11:48 . 2012-09-29 21:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-01 11:42 . 2012-11-01 11:42 -------- d-----w- c:\arquivos de programas\Mozilla Maintenance Service

2012-11-01 09:57 . 2012-11-01 09:57 -------- d-----w- c:\documents and settings\f003407\Configurações locais\Dados de aplicativos\Deployment

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-30 22:51 . 2011-09-06 11:34 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2011-09-06 11:10 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2011-09-06 11:10 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-30 22:51 . 2011-09-06 11:10 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2011-09-06 11:10 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-30 22:51 . 2011-09-06 11:10 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-30 22:51 . 2011-09-06 11:10 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2011-09-06 11:10 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-30 22:51 . 2011-09-06 11:34 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2011-09-06 11:10 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-10 18:35 . 2012-03-30 10:47 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-10 18:35 . 2011-09-12 12:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-28 15:18 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:18 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:18 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2006-03-02 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 06:27 . 2006-03-02 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27 . 2004-08-04 00:40 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-11-05 07:32 . 2011-11-18 12:07 134104 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 18:57 948672 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 11:58 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2012-02-02 15:55 3209216 ----a-w- c:\arquivos de programas\Ares\Ares.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]

2008-12-11 16:45 114688 ----a-w- c:\arquivos de programas\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2009-10-28 15:07 33685504 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-11-12 13:04 173592 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-11-12 13:05 141336 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 19:30 249856 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-11 19:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-11-12 13:05 141336 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 17:02	254696	----a-w-	c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-09-06 13:16 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/09/2011 09:34 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/09/2011 09:10 361032]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2011 09:10 21256]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05/09/2011 18:42 1425280]

.

--- =Outros Serviços/Drivers Na Memória ---

.

NewlyCreated - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job

• c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:35]

.

2012-11-14 c:\windows\Tasks\avast! Emergency Update.job

• c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-11-14 22:50]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-09-06 13:15]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-09-06 13:15]

.

2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{21063433-55B2-4AD2-B1C5-5B4ADC85930D}.job

• c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{521C2DBE-7C63-4EC0-8328-91EDAE8FDF5A}.job

• c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{DD86A12D-8F58-4DE1-92CF-DA89FC798347}.job

• c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.4.65.16

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\f003407\Dados de aplicativos\Mozilla\Firefox\Profiles\4ttxy0nj.default\

FF - prefs.js: network.proxy.type - 2

user_pref('extensions.dealply.partner', 'vn');

user_pref('extensions.dealply.channel', 'dpknlg4');

user_pref('extensions.dealply.installId', 'v23600221916417293635812012040911205417');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '7');

FF - user.js: extensions.autoDisableScopes - 14//iBryte

.

• - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll

Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\arquivos de programas\alotappbar\bin\ALOTHelper.dll

MSConfigStartUp-upgrade - c:\win7xe\upgrade.exe

AddRemove-alotAppbar - c:\arquivos de programas\alotappbar\alotUninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-14 14:34

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0BCD4392EE8F0E114A5A8BCAF6798BE8\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\68AB67CA7DA76401B7448A0100000030\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="READER8;[1]"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

• - - - - - - > 'explorer.exe'(3424)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-11-14 14:39:30 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-11-14 16:39

.

Pré-execução: 8 pasta(s) 115.728.916.480 bytes disponíveis

Pós execução: 10 pasta(s) 116.620.980.224 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

• - End Of File - - DA240A636119F6C5D2654388214CA369