[Resolvido!] Infecção pen-drive e microcomputador

Annluciap · Fevereiro 10, 2010

Olá,

alguém poderia dar uma olhada no log do hijack, por favor?

Muito Obrigada pela ajuda.

___________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:46:29, on 10/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

c:\arquivos de programas\lenovo\system update\suservice.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Aperte enter\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AwaySch] C:\Arquivos de programas\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [LPManager] C:\ARQUIV~1\THINKV~1\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [AMSG] C:\Arquivos de programas\ThinkVantage\AMSG\Amsg.exe /startup

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [cssauth] "C:\Arquivos de programas\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\msupdater\msupdaterservice.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\msupdater\msupdaterservice.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\msupdater\msupdaterservice.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\msupdater\msupdaterservice.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\arquivos de programas\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

--

End of file - 8980 bytes

MGuitar · Fevereiro 10, 2010

- Faça o download do '>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

Annluciap · Fevereiro 11, 2010

Olá,

seguem os logs.

Obrigada de novo.

P.S.: O antivirus do micro foi trocado. Agora está com o FSecure.

ComboFix 10-02-10.05 - Aperte enter 11/02/2010 13:29:23.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2005.1542 [GMT -2:00]

Executando de: c:\documents and settings\Aperte enter\Meus documentos\Downloads\ComboFix.exe

AV: F-Secure Client Security 8.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Client Security 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\resdll.dll

c:\windows\system32\Thumbs.db

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-11 to 2010-02-11 ))))))))))))))))))))))))))))

.

2010-02-10 16:48 . 2010-02-10 16:48 655360 ----a-w- C:\alertlog.dat

2010-02-10 16:46 . 2010-02-10 16:46 -------- d-----w- c:\documents and settings\Aperte enter\Dados de aplicativos\F-Secure

2010-02-10 16:44 . 2010-02-10 17:07 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-02-10 16:44 . 2009-03-02 10:53 79936 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2010-02-10 16:42 . 2010-02-10 16:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\fssg

2010-02-10 16:42 . 2010-02-10 16:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\F-Secure

2010-02-10 16:42 . 2010-02-11 13:41 -------- d-----w- c:\arquivos de programas\F-Secure

2010-02-10 15:24 . 2010-02-10 15:24 -------- d-----w- c:\arquivos de programas\ESET

2010-02-10 13:59 . 2010-02-10 13:59 -------- d-----w- c:\documents and settings\Aperte enter\Dados de aplicativos\Malwarebytes

2010-02-10 13:58 . 2010-01-07 18:07 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-10 13:58 . 2010-02-10 13:59 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-10 13:58 . 2010-02-10 13:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-10 13:58 . 2010-01-07 18:07 19160 ------w- c:\windows\system32\drivers\mbam.sys

2010-01-19 14:25 . 2010-01-19 14:25 1924200 ------w- c:\documents and settings\All Users\Dados de aplicativos\NOS\Adobe_Downloads\install_flash_player.exe

2010-01-19 14:25 . 2010-01-19 14:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS

2010-01-19 13:30 . 2010-01-19 13:30 -------- d-----w- c:\arquivos de programas\Typhoon Software

2010-01-13 16:20 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-10 16:44 . 2006-02-16 12:08 87190 ----a-w- c:\windows\system32\perfc016.dat

2010-02-10 16:44 . 2006-02-16 12:08 487272 ----a-w- c:\windows\system32\perfh016.dat

2010-01-19 13:49 . 2008-02-23 22:22 -------- d-----w- c:\arquivos de programas\PCDR5

2010-01-05 09:56 . 2006-02-16 12:08 832512 ------w- c:\windows\system32\wininet.dll

2010-01-05 09:56 . 2006-02-16 12:08 78336 ------w- c:\windows\system32\ieencode.dll

2010-01-05 09:56 . 2006-02-16 12:08 17408 ------w- c:\windows\system32\corpol.dll

2010-01-04 16:32 . 2010-01-04 16:32 -------- d-----w- c:\arquivos de programas\CCleaner

2009-12-31 16:50 . 2006-02-16 12:07 353792 ------w- c:\windows\system32\drivers\srv.sys

2009-12-17 07:41 . 2006-02-16 08:22 345600 ------w- c:\windows\system32\mspaint.exe

2009-12-14 14:44 . 2009-12-14 14:44 -------- d-----w- c:\documents and settings\Aperte enter\Dados de aplicativos\Houaiss3

2009-12-14 14:44 . 2009-12-14 14:44 -------- d-----w- c:\arquivos de programas\Houaiss3

2009-12-14 07:09 . 2006-02-16 12:08 33280 ------w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2006-02-16 12:07 2149376 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:09 . 2004-08-04 00:40 2028032 ------w- c:\windows\system32\ntkrnlpa.exe

2009-12-04 18:22 . 2006-02-16 12:08 455424 ------w- c:\windows\system32\drivers\mrxsmb.sys

2009-11-27 17:13 . 2006-02-16 12:08 1296384 ------w- c:\windows\system32\quartz.dll

2009-11-27 17:13 . 2004-08-04 00:45 17920 ------w- c:\windows\system32\msyuv.dll

2009-11-27 16:08 . 2001-09-05 23:50 8704 ------w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:08 . 2006-02-16 12:08 28672 ------w- c:\windows\system32\msvidc32.dll

2009-11-27 16:08 . 2006-02-16 12:08 11264 ------w- c:\windows\system32\msrle32.dll

2009-11-27 16:08 . 2006-02-16 12:07 85504 ------w- c:\windows\system32\avifil32.dll

2009-11-27 16:08 . 2004-08-04 00:45 48128 ------w- c:\windows\system32\iyuv_32.dll

2009-11-21 15:58 . 2006-02-16 12:07 471552 ------w- c:\windows\AppPatch\aclayers.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]

"TVT Scheduler Proxy"="c:\arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"AwaySch"="c:\arquivos de programas\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"LPManager"="c:\arquiv~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]

"AMSG"="c:\arquivos de programas\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]

"DiskeeperSystray"="c:\arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

"cssauth"="c:\arquivos de programas\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]

"F-Secure Manager"="c:\arquivos de programas\F-Secure\Common\FSM32.EXE" [2009-03-02 182936]

"F-Secure TNB"="c:\arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" [2009-03-02 1182304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Aleph 500.14.2 Version Check.lnk - c:\al500\ALEPHCOM\BIN\VERSION.EXE [2008-9-29 761856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [10/2/2010 14:44 33920]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [10/2/2010 14:44 79936]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe [11/7/2007 20:38 569344]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\arquivos de programas\F-Secure\Anti-Virus\minifilter\fsgk.sys [10/2/2010 14:44 107104]

R3 FSORSPClient;F-Secure ORSP Client;c:\arquivos de programas\F-Secure\ORSP Client\fsorsp.exe [10/2/2010 14:44 55904]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/5/2007 15:59 30336]

S4 F-Secure Filter;F-Secure File System Filter;c:\arquivos de programas\F-Secure\Anti-Virus\win2k\fsfilter.sys [10/2/2010 14:44 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\arquivos de programas\F-Secure\Anti-Virus\win2k\fsrec.sys [10/2/2010 14:44 25184]

.

------- Scan Suplementar -------

.

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\wchsfi3g.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.ufrgs.br/

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava11.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava12.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava13.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava14.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJava32.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPOJI610.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos:

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(960)

c:\windows\system32\igfxdev.dll

.

Tempo para conclusão: 2010-02-11 13:31:49

ComboFix-quarantined-files.txt 2010-02-11 15:31

Pré-execução: 26 pasta(s) 127.878.950.912 bytes disponíveis

Pós execução: 29 pasta(s) 127.915.380.736 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2BA086078DAA8D63B79218BD3C134460

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:43:35, on 11/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ICO.EXE

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\Pelmiced.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\ARQUIV~1\THINKV~1\PrdCtr\LPMGR.exe

C:\Arquivos de programas\ThinkVantage\AMSG\Amsg.exe

C:\Arquivos de programas\Lenovo\Client Security Solution\cssauth.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

c:\arquivos de programas\lenovo\system update\suservice.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jucheck.exe

C:\Arquivos de programas\F-Secure\Common\FSMB32.EXE

C:\Arquivos de programas\F-Secure\Common\FCH32.EXE

C:\Arquivos de programas\F-Secure\Common\FAMEH32.EXE

C:\Arquivos de programas\F-Secure\Anti-Virus\fsqh.exe

C:\Arquivos de programas\F-Secure\FSAUA\program\fsaua.exe

C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

C:\Arquivos de programas\F-Secure\Common\FIH32.EXE

C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

C:\Documents and Settings\Aperte enter\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =