[Resolvido!] Lentidão notebook

[Jackson Dias 68]

Olá,

 

Bom, nesses ultimos tres dias meu notebook está numa lerdeza absurda, isso aconteuceu logo depois que apareceu um mensagem com csrss.exe apareceu a mensagem acusando que era virus (no avira) então mandei para quarentena. (continua aparecendo quando presssiono Ctrl + alt + del). hora ou outra aparece umas mensagens estranhas acusando vírus. Nao sei se realmente tem ou é o antivirus que está interpretando alguns programas como vírus.

 

 

Bom, se possivel darem uma analisada

:rolleyes:

 

 

Segue em anexo o log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:49:16, on 7/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe

C:\wamp\wampmanager.exe

c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijaThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Mirar - {3D562B2B-0E8E-4B0C-8D0A-79CBD506DDA5} - C:\WINDOWS\system32\a378.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Arquivos de programas\SGPSA\BHO.dll

O3 - Toolbar: Mirar - {3D562B2A-0E8E-4B0C-8D0A-79CBD506DDA5} - C:\WINDOWS\system32\a378.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [sGPUpdater] C:\Arquivos de programas\Search Guard PlusU\sgpUpdaters.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jackson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BlazingTools Perfect Keylogger.lnk = C:\Arquivos de programas\BPK\bpkvw.exe

O4 - Startup: TipCam.lnk = C:\Arquivos de programas\uTIPu\tipc.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: ANSAV Guard (ANSAVDaemon) - Unknown owner - G:\ANSAV\ansavd.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 6561 bytes

 

Agradeço qualquer resposta.

 

:thumbsup:

[DigRam 144]

Boa Tarde! LunG_ShiH

 

<@> Baixe: < > Malwarebytes

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[Jackson Dias 68]

Boa Tarde! Dig

 

Senti uma melhora razoavel depois do processo, (pode ser coincidencia) mas parece está um pouco melhor.

Bom, segue os logs:

 

:seta:

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3116

Windows 5.1.2600 Service Pack 3

 

7/11/2009 13:06:56

mbam-log-2009-11-07 (13-06-56).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 256152

Tempo decorrido: 50 minute(s), 32 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 1

Chaves do Registro infectadas: 9

Valores do Registro infectados: 3

Ítens do Registro infectados: 4

Pastas infectadas: 13

Arquivos infectados: 152

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

C:\WINDOWS\system32\a378.dll (Adware.Mirar) -> Delete on reboot.

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{3d562b2a-0e8e-4b0c-8d0a-79cbd506dda5} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3d562b2a-0e8e-4b0c-8d0a-79cbd506dda5} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3d562b2a-0e8e-4b0c-8d0a-79cbd506dda5} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3d562b2b-0e8e-4b0c-8d0a-79cbd506dda5} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3d562b2b-0e8e-4b0c-8d0a-79cbd506dda5} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d562b2b-0e8e-4b0c-8d0a-79cbd506dda5} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e1b2879-88ff-11d3-8d96-d7acac95951a} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3d562b2a-0e8e-4b0c-8d0a-79cbd506dda5} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3d562b2a-0e8e-4b0c-8d0a-79cbd506dda5} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

 

Pastas infectadas:

C:\Documents and Settings\Jackson\Dados de aplicativos\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\2 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\WINDOWS\system32\a378.dll (Adware.Mirar) -> Delete on reboot.

C:\Arquivos de programas\BPK\bpkhk.dll (Keylogger.PerfectKeylogger) -> Quarantined and deleted successfully.

C:\Arquivos de programas\BPK\bpki.dll (Keylogger.PerfectKeylogger) -> Quarantined and deleted successfully.

C:\Arquivos de programas\BPK\inst.bin (Keylogger.PerfectKeylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jackson\Localdir\setup.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jackson\Localdir\svchost.exe (Worm.P2P) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{B03E6688-FD7E-48A9-A635-00835C77FC47}\RP63\A0032569.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jackson\Dados de aplicativos\DealAssistant\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jackson\Dados de aplicativos\DealAssistant\DAUninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40080_6975166319 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40080_9448359722 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40083_6979729051 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40083_7154378241 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40083_8735649884 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40083_8737915856 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40083_8744516782 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40084_0068102546 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40084_0074103009 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40084_0090735301 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40084_0092019213 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40084_0135879630 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40084_0174390509 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40084_9656087153 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40084_9932535764 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40084_9964992014 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40086_4976582292 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40086_4988514468 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40086_8750234491 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_0144745833 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_0579247454 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_0588530208 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_0796350000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_0800943403 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_0879504282 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_0899807755 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_0915335069 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1136743519 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1174919792 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1186745255 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1539351273 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1544807407 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1590474306 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1611519213 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1752551157 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1756484491 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1816078356 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1981911343 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_1982075926 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_2077824190 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_2077862153 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_2080473611 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_4707504977 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_4742597917 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_4915154745 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_5330172106 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_6806788889 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_6821081018 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_6829958681 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_6832159606 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_7086154514 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40087_9654184722 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40088_5387301042 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40088_8505110648 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40088_8522223958 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40088_8533653356 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40088_8541366435 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40088_8604624190 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40088_8615169213 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\T40083_6515728009 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\2\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\2\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger\Get discount!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger\Order now!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger\REFOG Free Keylogger on the Web.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger\REFOG Free Keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger\Uninstall REFOG Free Keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\French.lng (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\German.lng (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Mpk.dll (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\MPK.exe (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Mpk64.dll (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\MPK64.exe (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\MPKView.exe (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Romanian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Spanish.lng (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\sqlite3.dll (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images\english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images\german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images\russian.gif (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\kdiue732.txt (Malware.Trace) -> Quarantined and deleted successfully.

 

 

:seta:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:11:07, on 7/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Search Guard PlusU\sgpUpdaters.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\uTIPu\tipc.exe

C:\HijaThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Arquivos de programas\SGPSA\BHO.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [sGPUpdater] C:\Arquivos de programas\Search Guard PlusU\sgpUpdaters.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jackson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BlazingTools Perfect Keylogger.lnk = C:\Arquivos de programas\BPK\bpkvw.exe

O4 - Startup: TipCam.lnk = C:\Arquivos de programas\uTIPu\tipc.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: ANSAV Guard (ANSAVDaemon) - Unknown owner - G:\ANSAV\ansavd.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 6029 bytes

 

 

Grato pela atenção!

Abraços

[DigRam 144]

Boa Tarde! LunG_ShiH

 

<!> Ainda temos infecções,onde a quarentena de Malwarebytes deverá ser limpa para que não seja detectada por ComboFix.

<><><><><><><><><><>

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<!> Link-4 --> < como usar o combofix >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Jackson Dias 68]

:seta:

 

ComboFix 09-11-07.02 - Jackson 07/11/2009 15:54.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.957.427 [GMT -3:00]

Executando de: c:\documents and settings\Jackson\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\BPK

c:\arquivos de programas\BPK\bpk.chm

c:\arquivos de programas\BPK\bpk.dat

c:\arquivos de programas\BPK\dt\2009-09-23_07-34-28-439796

c:\arquivos de programas\BPK\dt\2009-09-23_07-34-34-445781

c:\arquivos de programas\BPK\dt\2009-09-23_07-39-28-739812

c:\arquivos de programas\BPK\dt\2009-09-23_07-39-34-745796

c:\arquivos de programas\BPK\dt\2009-09-23_07-44-28-1039796

c:\arquivos de programas\BPK\dt\2009-09-23_07-44-34-1045781

c:\arquivos de programas\BPK\dt\2009-09-23_07-49-28-1339781

c:\arquivos de programas\BPK\dt\2009-09-23_07-49-34-1345781

c:\arquivos de programas\BPK\dt\2009-09-23_07-54-28-1639781

c:\arquivos de programas\BPK\dt\2009-09-23_07-54-34-1645796

c:\arquivos de programas\BPK\dt\2009-09-23_08-14-28-2839781

c:\arquivos de programas\BPK\dt\2009-09-23_08-14-34-2845843

c:\arquivos de programas\BPK\dt\2009-09-23_08-54-28-5240312

c:\arquivos de programas\BPK\dt\2009-09-23_08-59-28-5539906

c:\arquivos de programas\BPK\dt\2009-09-23_08-59-34-5546093

c:\arquivos de programas\BPK\dt\2009-09-23_09-04-28-5839781

c:\arquivos de programas\BPK\dt\2009-09-23_09-04-34-5845796

c:\arquivos de programas\BPK\dt\2009-09-23_09-09-28-6139796

c:\arquivos de programas\BPK\dt\2009-09-23_09-09-34-6145796

c:\arquivos de programas\BPK\dt\2009-09-23_09-14-28-6439812

c:\arquivos de programas\BPK\dt\2009-09-23_09-14-34-6445796

c:\arquivos de programas\BPK\dt\2009-09-23_09-19-28-6739796

c:\arquivos de programas\BPK\dt\2009-09-23_09-19-34-6745796

c:\arquivos de programas\BPK\dt\2009-09-23_09-24-28-7039781

c:\arquivos de programas\BPK\dt\2009-09-23_09-24-34-7045781

c:\arquivos de programas\BPK\dt\2009-09-23_11-25-15-444968

c:\arquivos de programas\BPK\dt\2009-09-23_11-25-19-448656

c:\arquivos de programas\BPK\dt\2009-09-23_11-30-15-744906

c:\arquivos de programas\BPK\dt\2009-09-23_11-30-19-748656

c:\arquivos de programas\BPK\dt\2009-09-23_11-35-15-1044890

c:\arquivos de programas\BPK\dt\2009-09-23_11-35-19-1048656

c:\arquivos de programas\BPK\dt\2009-09-23_11-40-15-1344890

c:\arquivos de programas\BPK\dt\2009-09-23_11-40-19-1348640

c:\arquivos de programas\BPK\dt\2009-09-23_11-45-15-1644906

c:\arquivos de programas\BPK\dt\2009-09-23_11-45-19-1648656

c:\arquivos de programas\BPK\dt\2009-09-23_11-50-15-1944906

c:\arquivos de programas\BPK\dt\2009-09-23_11-50-19-1948656

c:\arquivos de programas\BPK\dt\2009-09-23_12-05-17-2847125

c:\arquivos de programas\BPK\dt\2009-09-23_12-10-15-3145687

c:\arquivos de programas\BPK\dt\2009-09-23_12-10-19-3149453

c:\arquivos de programas\BPK\dt\2009-09-23_12-15-15-3444921

c:\arquivos de programas\BPK\dt\2009-09-23_12-15-19-3448671

c:\arquivos de programas\BPK\dt\2009-09-23_12-20-15-3744921

c:\arquivos de programas\BPK\dt\2009-09-23_12-20-19-3748671

c:\arquivos de programas\BPK\dt\2009-09-23_12-55-15-5844906

c:\arquivos de programas\BPK\dt\2009-09-23_12-55-19-5848640

c:\arquivos de programas\BPK\dt\2009-09-23_13-20-15-7344953

c:\arquivos de programas\BPK\dt\2009-09-23_13-20-19-7348671

c:\arquivos de programas\BPK\dt\2009-09-23_13-25-15-7644921

c:\arquivos de programas\BPK\dt\2009-09-23_13-25-19-7648656

c:\arquivos de programas\BPK\dt\2009-09-23_13-30-15-7944937

c:\arquivos de programas\BPK\dt\2009-09-23_13-30-19-7948656

c:\arquivos de programas\BPK\dt\2009-09-23_13-35-15-8245046

c:\arquivos de programas\BPK\dt\2009-09-23_13-35-19-8248750

c:\arquivos de programas\BPK\dt\2009-09-23_13-40-15-8544906

c:\arquivos de programas\BPK\dt\2009-09-23_13-40-19-8548828

c:\arquivos de programas\BPK\dt\2009-09-23_13-45-15-8844906

c:\arquivos de programas\BPK\dt\2009-09-23_13-45-19-8848687

c:\arquivos de programas\BPK\dt\2009-09-23_13-50-15-9144906

c:\arquivos de programas\BPK\dt\2009-09-23_13-50-19-9148656

c:\arquivos de programas\BPK\dt\2009-09-23_13-55-15-9444937

c:\arquivos de programas\BPK\dt\2009-09-23_13-55-19-9448640

c:\arquivos de programas\BPK\dt\2009-09-23_14-00-15-9744921

c:\arquivos de programas\BPK\dt\2009-09-23_14-00-19-9748640

c:\arquivos de programas\BPK\dt\2009-09-23_14-05-15-10044906

c:\arquivos de programas\BPK\dt\2009-09-23_14-05-19-10048656

c:\arquivos de programas\BPK\dt\2009-09-23_14-10-15-10344906

c:\arquivos de programas\BPK\dt\2009-09-23_14-10-19-10348640

c:\arquivos de programas\BPK\dt\2009-09-23_14-15-15-10644906

c:\arquivos de programas\BPK\dt\2009-09-23_14-15-19-10648640

c:\arquivos de programas\BPK\dt\2009-09-23_14-20-15-10944906

c:\arquivos de programas\BPK\dt\2009-09-23_14-20-19-10948656

c:\arquivos de programas\BPK\dt\2009-09-23_14-25-15-11244953

c:\arquivos de programas\BPK\dt\2009-09-23_14-25-19-11248656

c:\arquivos de programas\BPK\dt\2009-09-23_14-30-15-11544953

c:\arquivos de programas\BPK\dt\2009-09-23_14-30-19-11548656

c:\arquivos de programas\BPK\dt\2009-09-23_14-35-15-11845015

c:\arquivos de programas\BPK\dt\2009-09-23_14-35-19-11848656

c:\arquivos de programas\BPK\dt\2009-09-23_14-40-15-12144968

c:\arquivos de programas\BPK\dt\2009-09-23_14-40-19-12148656

c:\arquivos de programas\BPK\dt\2009-09-23_14-45-15-12444921

c:\arquivos de programas\BPK\dt\2009-09-23_14-45-19-12448656

c:\arquivos de programas\BPK\dt\2009-09-23_14-50-15-12744906

c:\arquivos de programas\BPK\dt\2009-09-23_14-50-19-12748671

c:\arquivos de programas\BPK\dt\2009-09-23_14-55-15-13045031

c:\arquivos de programas\BPK\dt\2009-09-23_14-55-19-13048656

c:\arquivos de programas\BPK\dt\2009-09-23_15-00-15-13344906

c:\arquivos de programas\BPK\dt\2009-09-23_15-00-19-13348656

c:\arquivos de programas\BPK\dt\2009-09-23_15-05-15-13644906

c:\arquivos de programas\BPK\dt\2009-09-23_15-05-19-13648656

c:\arquivos de programas\BPK\dt\2009-09-23_15-10-15-13944968

c:\arquivos de programas\BPK\dt\2009-09-23_15-10-19-13948765

c:\arquivos de programas\BPK\dt\2009-09-23_15-15-15-14244906

c:\arquivos de programas\BPK\dt\2009-09-23_15-15-19-14248656

c:\arquivos de programas\BPK\dt\2009-09-23_15-20-15-14544921

c:\arquivos de programas\BPK\dt\2009-09-23_15-20-19-14548687

c:\arquivos de programas\BPK\dt\2009-09-23_15-25-15-14844968

c:\arquivos de programas\BPK\dt\2009-09-23_15-25-19-14848671

c:\arquivos de programas\BPK\dt\2009-09-23_15-30-15-15144921

c:\arquivos de programas\BPK\dt\2009-09-23_15-30-19-15148671

c:\arquivos de programas\BPK\dt\2009-09-23_15-35-15-15444906

c:\arquivos de programas\BPK\dt\2009-09-23_15-35-19-15448656

c:\arquivos de programas\BPK\dt\2009-09-23_15-40-15-15744906

c:\arquivos de programas\BPK\dt\2009-09-23_15-40-19-15748656

c:\arquivos de programas\BPK\dt\2009-09-23_15-45-20-16050000

c:\arquivos de programas\BPK\dt\2009-09-23_15-45-20-16050109

c:\arquivos de programas\BPK\dt\2009-09-23_15-50-15-16344968

c:\arquivos de programas\BPK\dt\2009-09-23_15-50-19-16348656

c:\arquivos de programas\BPK\dt\2009-09-23_15-55-15-16644953

c:\arquivos de programas\BPK\dt\2009-09-23_15-55-19-16648656

c:\arquivos de programas\BPK\dt\2009-09-23_16-00-15-16944953

c:\arquivos de programas\BPK\dt\2009-09-23_16-00-19-16948656

c:\arquivos de programas\BPK\dt\2009-09-23_16-05-15-17244906

c:\arquivos de programas\BPK\dt\2009-09-23_16-05-19-17248671

c:\arquivos de programas\BPK\dt\2009-09-23_16-10-15-17544906

c:\arquivos de programas\BPK\dt\2009-09-23_16-10-19-17548765

c:\arquivos de programas\BPK\dt\2009-09-23_16-15-15-17844968

c:\arquivos de programas\BPK\dt\2009-09-23_16-15-20-17849843

c:\arquivos de programas\BPK\dt\2009-09-23_16-20-15-18144968

c:\arquivos de programas\BPK\dt\2009-09-23_16-20-20-18150359

c:\arquivos de programas\BPK\dt\2009-09-23_16-25-15-18444953

c:\arquivos de programas\BPK\dt\2009-09-23_16-25-19-18448656

c:\arquivos de programas\BPK\dt\2009-09-23_16-30-15-18744906

c:\arquivos de programas\BPK\dt\2009-09-23_16-30-19-18748656

c:\arquivos de programas\BPK\dt\2009-09-23_16-35-15-19045125

c:\arquivos de programas\BPK\dt\2009-09-23_16-35-19-19048671

c:\arquivos de programas\BPK\dt\2009-09-23_16-40-15-19344953

c:\arquivos de programas\BPK\dt\2009-09-23_16-40-19-19348656

c:\arquivos de programas\BPK\dt\2009-09-23_16-45-20-19654578

c:\arquivos de programas\BPK\dt\2009-09-23_16-50-15-19944937

c:\arquivos de programas\BPK\dt\2009-09-23_16-50-19-19948781

c:\arquivos de programas\BPK\dt\2009-09-23_16-55-15-20244968

c:\arquivos de programas\BPK\dt\2009-09-23_16-55-19-20248656

c:\arquivos de programas\BPK\dt\2009-09-23_17-00-15-20544984

c:\arquivos de programas\BPK\dt\2009-09-23_17-00-19-20548656

c:\arquivos de programas\BPK\dt\2009-09-23_17-05-15-20844984

c:\arquivos de programas\BPK\dt\2009-09-23_17-05-19-20848671

c:\arquivos de programas\BPK\dt\2009-09-23_17-10-15-21144921

c:\arquivos de programas\BPK\dt\2009-09-23_17-10-19-21148671

c:\arquivos de programas\BPK\dt\2009-09-23_17-15-16-21446484

c:\arquivos de programas\BPK\dt\2009-09-23_17-15-19-21448765

c:\arquivos de programas\BPK\dt\2009-09-23_17-20-15-21744906

c:\arquivos de programas\BPK\dt\2009-09-23_17-20-19-21748703

c:\arquivos de programas\BPK\dt\th_2009-09-23_07-34-28-439796

c:\arquivos de programas\BPK\dt\th_2009-09-23_07-34-34-445781

c:\arquivos de programas\BPK\dt\th_2009-09-23_07-39-28-739812

c:\arquivos de programas\BPK\dt\th_2009-09-23_07-39-34-745796

c:\arquivos de programas\BPK\dt\th_2009-09-23_07-44-28-1039796

c:\arquivos de programas\BPK\dt\th_2009-09-23_07-44-34-1045781

c:\arquivos de programas\BPK\dt\th_2009-09-23_07-49-28-1339781

c:\arquivos de programas\BPK\dt\th_2009-09-23_07-49-34-1345781

c:\arquivos de programas\BPK\dt\th_2009-09-23_07-54-28-1639781

c:\arquivos de programas\BPK\dt\th_2009-09-23_07-54-34-1645796

c:\arquivos de programas\BPK\dt\th_2009-09-23_08-14-28-2839781

c:\arquivos de programas\BPK\dt\th_2009-09-23_08-14-34-2845843

c:\arquivos de programas\BPK\dt\th_2009-09-23_08-54-28-5240312

c:\arquivos de programas\BPK\dt\th_2009-09-23_08-59-28-5539906

c:\arquivos de programas\BPK\dt\th_2009-09-23_08-59-34-5546093

c:\arquivos de programas\BPK\dt\th_2009-09-23_09-04-28-5839781

c:\arquivos de programas\BPK\dt\th_2009-09-23_09-04-34-5845796

c:\arquivos de programas\BPK\dt\th_2009-09-23_09-09-28-6139796

c:\arquivos de programas\BPK\dt\th_2009-09-23_09-09-34-6145796

c:\arquivos de programas\BPK\dt\th_2009-09-23_09-14-28-6439812

c:\arquivos de programas\BPK\dt\th_2009-09-23_09-14-34-6445796

c:\arquivos de programas\BPK\dt\th_2009-09-23_09-19-28-6739796

c:\arquivos de programas\BPK\dt\th_2009-09-23_09-19-34-6745796

c:\arquivos de programas\BPK\dt\th_2009-09-23_09-24-28-7039781

c:\arquivos de programas\BPK\dt\th_2009-09-23_09-24-34-7045781

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-25-15-444968

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-25-19-448656

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-30-15-744906

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-30-19-748656

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-35-15-1044890

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-35-19-1048656

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-40-15-1344890

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-40-19-1348640

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-45-15-1644906

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-45-19-1648656

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-50-15-1944906

c:\arquivos de programas\BPK\dt\th_2009-09-23_11-50-19-1948656

c:\arquivos de programas\BPK\dt\th_2009-09-23_12-05-17-2847125

c:\arquivos de programas\BPK\dt\th_2009-09-23_12-10-15-3145687

c:\arquivos de programas\BPK\dt\th_2009-09-23_12-10-19-3149453

c:\arquivos de programas\BPK\dt\th_2009-09-23_12-15-15-3444921

c:\arquivos de programas\BPK\dt\th_2009-09-23_12-15-19-3448671

c:\arquivos de programas\BPK\dt\th_2009-09-23_12-20-15-3744921

c:\arquivos de programas\BPK\dt\th_2009-09-23_12-20-19-3748671

c:\arquivos de programas\BPK\dt\th_2009-09-23_12-55-15-5844906

c:\arquivos de programas\BPK\dt\th_2009-09-23_12-55-19-5848640

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-20-15-7344953

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-20-19-7348671

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-25-15-7644921

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-25-19-7648656

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-30-15-7944937

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-30-19-7948656

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-35-15-8245046

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-35-19-8248750

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-40-15-8544906

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-40-19-8548828

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-45-15-8844906

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-45-19-8848687

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-50-15-9144906

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-50-19-9148656

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-55-15-9444937

c:\arquivos de programas\BPK\dt\th_2009-09-23_13-55-19-9448640

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-00-15-9744921

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-00-19-9748640

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-05-15-10044906

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-05-19-10048656

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-10-15-10344906

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-10-19-10348640

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-15-15-10644906

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-15-19-10648640

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-20-15-10944906

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-20-19-10948656

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-25-15-11244953

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-25-19-11248656

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-30-15-11544953

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-30-19-11548656

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-35-15-11845015

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-35-19-11848656

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-40-15-12144968

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-40-19-12148656

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-45-15-12444921

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-45-19-12448656

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-50-15-12744906

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-50-19-12748671

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-55-15-13045031

c:\arquivos de programas\BPK\dt\th_2009-09-23_14-55-19-13048656

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-00-15-13344906

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-00-19-13348656

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-05-15-13644906

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-05-19-13648656

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-10-15-13944968

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-10-19-13948765

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-15-15-14244906

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-15-19-14248656

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-20-15-14544921

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-20-19-14548687

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-25-15-14844968

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-25-19-14848671

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-30-15-15144921

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-30-19-15148671

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-35-15-15444906

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-35-19-15448656

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-40-15-15744906

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-40-19-15748656

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-45-20-16050000

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-50-15-16344968

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-50-19-16348656

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-55-15-16644953

c:\arquivos de programas\BPK\dt\th_2009-09-23_15-55-19-16648656

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-00-15-16944953

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-00-19-16948656

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-05-15-17244906

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-05-19-17248671

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-10-15-17544906

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-10-19-17548765

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-15-15-17844968

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-15-20-17849843

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-20-15-18144968

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-20-20-18150359

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-25-15-18444953

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-25-19-18448656

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-30-15-18744906

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-30-19-18748656

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-35-15-19045125

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-35-19-19048671

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-40-15-19344953

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-40-19-19348656

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-45-20-19654578

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-50-15-19944937

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-50-19-19948781

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-55-15-20244968

c:\arquivos de programas\BPK\dt\th_2009-09-23_16-55-19-20248656

c:\arquivos de programas\BPK\dt\th_2009-09-23_17-00-15-20544984

c:\arquivos de programas\BPK\dt\th_2009-09-23_17-00-19-20548656

c:\arquivos de programas\BPK\dt\th_2009-09-23_17-05-15-20844984

c:\arquivos de programas\BPK\dt\th_2009-09-23_17-05-19-20848671

c:\arquivos de programas\BPK\dt\th_2009-09-23_17-10-15-21144921

c:\arquivos de programas\BPK\dt\th_2009-09-23_17-10-19-21148671

c:\arquivos de programas\BPK\dt\th_2009-09-23_17-15-16-21446484

c:\arquivos de programas\BPK\dt\th_2009-09-23_17-15-19-21448765

c:\arquivos de programas\BPK\dt\th_2009-09-23_17-20-15-21744906

c:\arquivos de programas\BPK\dt\th_2009-09-23_17-20-19-21748703

c:\arquivos de programas\BPK\install.log

c:\arquivos de programas\BPK\license.txt

c:\arquivos de programas\BPK\order.url

c:\arquivos de programas\BPK\pk.bin

c:\arquivos de programas\BPK\web.dat

c:\arquivos de programas\SGPSA

c:\arquivos de programas\SGPSA\BHO.dll

c:\documents and settings\Jackson\Localdir

c:\windows\system32\AutoRun.inf

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-07 to 2009-11-07 ))))))))))))))))))))))))))))

.

 

2009-11-07 14:38 . 2009-11-07 14:38 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\Malwarebytes

2009-11-07 14:38 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-07 14:38 . 2009-11-07 14:38 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-07 14:38 . 2009-11-07 14:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-07 14:38 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-07 12:48 . 2009-11-07 16:11 -------- d-----w- C:\HijaThis

2009-11-05 05:20 . 2009-11-05 05:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2009-11-03 07:45 . 2009-11-03 07:45 38208 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-11-03 07:45 . 2009-11-03 07:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2009-10-31 02:07 . 2009-11-03 07:45 38208 ----a-w- c:\documents and settings\Jackson\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-30 14:56 . 2009-10-30 14:56 -------- d-----w- C:\Inetpub

2009-10-27 21:19 . 2009-10-27 21:19 -------- d-----w- c:\documents and settings\Jackson\Library

2009-10-27 21:19 . 2009-10-27 21:19 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\com.adobe.ExMan

2009-10-25 21:43 . 2009-10-26 03:02 -------- d-----w- c:\documents and settings\Jackson\dwhelper

2009-10-24 14:11 . 2009-10-27 16:22 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-10-24 13:45 . 2009-10-24 13:45 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\Moyea

2009-10-24 13:45 . 2006-10-11 22:03 75264 ----a-w- c:\windows\system32\zlib1.dll

2009-10-24 13:31 . 2009-10-24 13:32 -------- d-----w- c:\arquivos de programas\Temp

2009-10-24 13:30 . 2005-09-21 11:42 49152 ----a-w- c:\windows\system32\RegistrationLib192.dll

2009-10-24 13:30 . 2005-07-07 02:36 24576 ----a-w- c:\windows\system32\CWExt12.dll

2009-10-24 13:30 . 2005-07-07 01:15 139264 ----a-w- c:\windows\system32\VSCWR12.dll

2009-10-24 13:12 . 2009-10-24 13:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SourceTec

2009-10-24 13:12 . 2009-10-24 13:12 -------- d-----w- c:\arquivos de programas\SourceTec

2009-10-23 02:11 . 2009-10-23 02:12 -------- d-----w- C:\wamp

2009-10-22 03:08 . 2009-10-22 03:08 -------- d-----w- c:\arquivos de programas\uTIPu

2009-10-21 14:02 . 2009-10-21 06:47 54776 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Findbasic\findbasic131.exe

2009-10-20 02:58 . 2004-03-29 18:23 90112 ----a-w- c:\windows\unvise32.exe

2009-10-20 02:58 . 2009-10-20 03:03 -------- d-----w- c:\arquivos de programas\SWiSHmax

2009-10-15 11:35 . 2009-10-15 11:35 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-10-15 07:41 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-10-15 07:41 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-10-15 07:41 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-10-15 07:41 . 2009-10-15 07:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-10-15 07:41 . 2009-10-15 07:41 -------- d-----w- c:\arquivos de programas\Avira

2009-10-15 07:38 . 2009-10-15 07:39 -------- d-----w- c:\arquivos de programas\EasyPHP5.3.0

2009-10-15 03:29 . 2009-10-15 03:29 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-10-09 02:15 . 2009-10-26 11:25 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\Download Manager

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-07 16:12 . 2008-04-14 12:00 49044 ----a-w- c:\windows\system32\perfc016.dat

2009-11-07 16:12 . 2008-04-14 12:00 344972 ----a-w- c:\windows\system32\perfh016.dat

2009-11-07 07:53 . 2009-09-16 16:29 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\FileZilla

2009-11-05 05:12 . 2009-09-10 01:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-29 03:32 . 2009-09-25 03:39 -------- d-----w- c:\arquivos de programas\Findbasic

2009-10-28 04:59 . 2009-09-22 10:49 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\LimeWire

2009-10-27 02:17 . 2009-09-11 01:13 -------- d-----w- c:\arquivos de programas\Oi Velox

2009-10-26 05:12 . 2009-10-01 02:43 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\Notepad++

2009-10-26 05:12 . 2009-10-01 02:43 -------- d-----w- c:\arquivos de programas\Notepad++

2009-10-26 05:12 . 2009-09-09 14:40 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-10-26 05:11 . 2009-09-10 02:58 -------- d-----w- c:\arquivos de programas\Macromedia

2009-10-23 14:24 . 2009-09-10 02:08 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\Skype

2009-10-21 14:02 . 2009-09-25 03:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Findbasic

2009-10-04 04:12 . 2009-10-04 04:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-10-01 14:33 . 2009-09-27 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-09-30 15:30 . 2009-09-25 18:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-09-26 01:47 . 2009-09-18 18:43 -------- d-----w- c:\arquivos de programas\Google

2009-09-25 18:36 . 2009-09-25 18:35 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-09-22 10:41 . 2009-09-22 10:41 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-22 10:41 . 2009-09-22 10:41 -------- d-----w- c:\arquivos de programas\Java

2009-09-22 10:41 . 2009-09-22 10:41 152576 ----a-w- c:\documents and settings\Jackson\Dados de aplicativos\Sun\Java\jre1.6.0_16\lzma.dll

2009-09-22 10:37 . 2009-09-22 10:37 -------- d-----w- c:\arquivos de programas\LimeWire

2009-09-22 10:26 . 2009-09-22 10:22 -------- d-----w- c:\arquivos de programas\eMule

2009-09-20 16:15 . 2009-09-20 16:14 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\ActiveState

2009-09-20 02:04 . 2009-09-20 02:04 -------- d-----w- c:\arquivos de programas\Opera

2009-09-20 02:03 . 2009-09-20 02:03 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\Apple Computer

2009-09-20 02:03 . 2009-09-20 02:02 -------- d-----w- c:\arquivos de programas\Safari

2009-09-20 02:02 . 2009-09-20 02:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-09-20 02:02 . 2009-09-20 02:02 -------- d-----w- c:\arquivos de programas\Apple Software Update

2009-09-20 02:02 . 2009-09-20 02:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2009-09-17 23:06 . 2009-09-17 23:06 -------- d-----w- c:\arquivos de programas\Search Guard PlusU

2009-09-17 23:06 . 2009-09-17 23:06 -------- d-----w- c:\arquivos de programas\Search Guard Plus

2009-09-17 17:05 . 2009-09-17 17:05 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-09-17 01:19 . 2009-09-17 01:19 -------- d-----w- c:\arquivos de programas\ShowMyPCService

2009-09-16 15:46 . 2009-09-16 15:46 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2009-09-16 15:45 . 2009-09-16 15:43 -------- d-----w- c:\arquivos de programas\Windows Live

2009-09-16 15:44 . 2009-09-16 15:44 -------- d-----w- c:\arquivos de programas\Microsoft

2009-09-16 15:44 . 2009-09-16 15:44 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-09-16 15:31 . 2009-09-16 15:31 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-09-15 00:37 . 2009-09-15 00:37 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Ahead

2009-09-15 00:10 . 2009-09-15 00:10 37376 ----a-w- c:\documents and settings\Jackson\Dados de aplicativos\Thinstall\Settings\4000003000002h\CorelDRW.exe

2009-09-15 00:10 . 2009-09-15 00:10 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\Thinstall

2009-09-14 21:37 . 2009-09-14 21:37 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\CyberLink

2009-09-10 22:17 . 2009-09-10 22:15 -------- d-----w- c:\arquivos de programas\Valve

2009-09-10 21:42 . 2009-09-10 21:42 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\Corel

2009-09-10 19:03 . 2009-09-09 14:19 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-09-10 03:01 . 2009-09-10 03:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macromedia

2009-09-10 02:49 . 2009-09-10 02:49 -------- d-----w- c:\arquivos de programas\Adobe Media Player

2009-09-10 02:44 . 2009-09-10 02:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-09-10 02:40 . 2009-09-10 02:40 -------- d-----w- c:\arquivos de programas\Recover Files

2009-09-10 02:31 . 2009-09-10 02:31 65536 ----a-r- c:\documents and settings\Jackson\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe

2009-09-10 02:31 . 2009-09-10 02:31 10134 ----a-r- c:\documents and settings\Jackson\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe

2009-09-10 02:31 . 2009-09-10 02:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InstallShield

2009-09-10 02:31 . 2009-09-09 14:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-09-10 02:28 . 2009-09-10 02:28 -------- d-----w- c:\arquivos de programas\Corel

2009-09-10 02:28 . 2009-09-10 02:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel

2009-09-10 02:08 . 2009-09-10 02:08 -------- d-----r- c:\arquivos de programas\Skype

2009-09-10 02:08 . 2009-09-10 02:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-09-10 01:55 . 2009-09-10 01:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2009-09-09 21:22 . 2009-09-09 21:22 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\Media Player Classic

2009-09-09 15:07 . 2009-09-09 15:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-09-09 15:07 . 2009-09-09 15:07 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-09-09 15:02 . 2009-09-09 15:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2009-09-09 15:01 . 2009-09-09 14:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-09-09 15:01 . 2009-09-09 15:01 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\Ahead

2009-09-09 15:00 . 2009-09-09 15:00 -------- d-----w- c:\arquivos de programas\IObit

2009-09-09 14:59 . 2009-09-09 14:59 -------- d-----w- c:\arquivos de programas\CCleaner

2009-09-09 14:59 . 2009-09-09 14:59 -------- d-----w- c:\arquivos de programas\Nero

2009-09-09 14:59 . 2009-09-09 14:59 -------- d-----w- c:\arquivos de programas\CyberLink

2009-09-09 14:58 . 2009-09-09 14:58 552 ----a-w- c:\windows\system32\d3d8caps.dat

2009-09-09 14:57 . 2009-09-09 14:57 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-09-09 14:53 . 2009-09-09 14:53 -------- d-----w- c:\arquivos de programas\Motorola

2009-09-09 14:51 . 2009-09-09 14:51 0 ----a-w- c:\windows\nsreg.dat

2009-09-09 14:50 . 2009-09-09 14:50 -------- d-----w- c:\arquivos de programas\Realtek

2009-09-09 14:50 . 2009-09-09 14:50 315392 ----a-w- c:\windows\HideWin.exe

2009-09-09 14:50 . 2009-09-09 14:49 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-09-09 14:49 . 2009-09-09 14:49 -------- d-----w- c:\arquivos de programas\SiS VGA Utilities V3.83

2009-09-09 14:49 . 2009-09-09 14:49 -------- d-----w- c:\arquivos de programas\sisagp

2009-09-09 14:45 . 2009-09-09 14:45 -------- d-----w- c:\documents and settings\Jackson\Dados de aplicativos\Foxit

2009-09-09 14:45 . 2009-09-09 14:45 -------- d-----w- c:\arquivos de programas\Foxit Software

2009-09-09 14:41 . 2007-07-18 20:40 264576 ----a-w- c:\windows\system32\drivers\RTL8187B.sys

2009-09-09 14:40 . 2009-09-09 14:40 133 ----a-w- c:\windows\xUninstall.bat

2009-09-09 14:20 . 2009-09-09 14:20 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-09-09 14:18 . 2009-09-09 14:18 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-09-09 14:18 . 2009-09-09 14:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-09-09 14:16 . 2009-09-09 14:16 21844 ----a-w- c:\windows\system32\emptyregdb.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SGPUpdater"="c:\arquivos de programas\Search Guard PlusU\sgpUpdaters.exe" [2009-05-15 67456]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2007-10-03 53248]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-19 16858112]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Jackson\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-9-9 262144]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jackson^Menu Iniciar^Programas^Inicializar^TipCam.lnk]

path=c:\documents and settings\Jackson\Menu Iniciar\Programas\Inicializar\TipCam.lnk

backup=c:\windows\pss\TipCam.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TipCtrl"=3 (0x3)

"ose"=3 (0x3)

"NBService"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"gupdate"=2 (0x2)

"Findbasic Service"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"Adobe LM Service"=3 (0x3)

"odserv"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\Jackson\\Configurações locais\\Temp\\IXP000.TMP\\smwinvnc.exe"=

"c:\\Documents and Settings\\Jackson\\Configurações locais\\Temp\\IXP000.TMP\\SMPCSetup.exe"=

"c:\\Arquivos de programas\\eMule\\eMule.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [15/10/2009 04:41 108289]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [29/10/2008 20:05 31896]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [8/7/2008 10:16 96856]

S2 ANSAVDaemon;ANSAV Guard;g:\ansav\ansavd.exe --> g:\ansav\ansavd.exe [?]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [18/7/2007 17:40 264576]

S4 Findbasic Service;Findbasic Service;c:\documents and settings\All Users\Dados de aplicativos\Findbasic\findbasic131.exe [21/10/2009 11:02 54776]

S4 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [18/9/2009 15:43 133104]

S4 TipCtrl;TipCtrl;c:\arquivos de programas\uTIPu\TipCtrl.exe [3/2/2009 16:15 314504]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - MBR

*Deregistered* - mbr

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-18 18:43]

 

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-18 18:43]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

FF - ProfilePath - c:\documents and settings\Jackson\Dados de aplicativos\Mozilla\Firefox\Profiles\vqy6proi.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=

FF - prefs.js: browser.search.selectedEngine - Fast Browser Search

FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={46163192-5E49-D3DB-A614-4A146E20B5C5}&q=

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-Google Update - c:\documents and settings\Jackson\Configurac¸o~es locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

AddRemove-Perfect Keylogger - c:\arquivos de programas\BPK\bpkun.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-07 16:01

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SGPUpdater = c:\arquivos de programas\Search Guard PlusU\sgpUpdaters.exe??o?????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2680)

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\msls31.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\uTIPu\tipc.exe

c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE

.

**************************************************************************

.

Tempo para conclusão: 2009-11-07 16:04 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-11-07 19:04

 

Pré-execução: 12 pasta(s) 45.149.093.888 bytes disponíveis

Pós execução: 15 pasta(s) 45.170.810.880 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 1A1B6F639D651976C2990CEEE85BC4C6

 

 

 

:seta:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:05:49, on 7/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Search Guard PlusU\sgpUpdaters.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\uTIPu\tipc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijaThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [sGPUpdater] C:\Arquivos de programas\Search Guard PlusU\sgpUpdaters.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BlazingTools Perfect Keylogger.lnk = C:\Arquivos de programas\BPK\bpkvw.exe

O4 - Startup: TipCam.lnk = C:\Arquivos de programas\uTIPu\tipc.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: ANSAV Guard (ANSAVDaemon) - Unknown owner - G:\ANSAV\ansavd.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 5193 bytes

 

 

:thumbsup:

[DigRam 144]

Boa Noite! LunG_ShiH

 

<!> Execute,novamente,Malwarebytes em seu escaneamento rápido. <-- Poste o relatório!

<><><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

 

< >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ps: A remoção,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /u

 

<@> Clique OK.

<><><><><><><><><><>

<!> Ps: Recomendo a remoção desse Adware,de alto risco: Perfect KeyLogger

<!> O antimalware a-squared,completará a limpeza.

 

< Adware.Win32.Perfect KeyLogger >

<><><><><><><><><><>

<@> Baixe: < > ( ...by EmsiSoft )

<@> Salve-o em Arquivos de programas.

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve e poste o relatório desta verificação. ( a2scan_xxyy09-xxxxxx.txt ) <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Jackson Dias 68]

Dig! Boa Noite.

 

Bom o processo do Malwarebytes:

:seta:

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3116

Windows 5.1.2600 Service Pack 3

 

8/11/2009 17:02:57

mbam-log-2009-11-08 (17-02-57).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 105870

Tempo decorrido: 3 minute(s), 46 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

:!:

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

 

Não funcionou :no:

 

:seta:

 

a-squared Free Version 4.5

Senaste Uppdatering: 8/11/2009 17:33:32

 

Skanningsinställning:

 

Skanningstyp: Djup Skanning

Objekt: Minne, Spår, Kakor, C:\, D:\

Skanna Arkiv: På

Heuristiskt: Av

ADS Skanning: På

 

Skanning Start: 8/11/2009 17:34:08

 

c:\arquivos de programas\findbasic\ Upptäckta: Trace.Directory.FileSubmit.A!A2

c:\arquivos de programas\findbasic\findbasic.exe Upptäckta: Trace.File.FileSubmit.A!A2

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Findbasic Service\ Upptäckta: Trace.Registry.FileSubmit.A!A2

c:\arquivos de programas\search guard plus Upptäckta: Trace.Directory.els.mywebtattoo.com!A2

c:\arquivos de programas\search guard plusu Upptäckta: Trace.Directory.els.mywebtattoo.com!A2

c:\arquivos de programas\search guard plusu\tmp Upptäckta: Trace.Directory.els.mywebtattoo.com!A2

c:\arquivos de programas\search guard plus\fbsprotection.xml Upptäckta: Trace.File.els.mywebtattoo.com!A2

c:\arquivos de programas\search guard plus\fbssearchprovider.xml Upptäckta: Trace.File.els.mywebtattoo.com!A2

c:\arquivos de programas\search guard plus\fbssearchproviderie8.exe Upptäckta: Trace.File.els.mywebtattoo.com!A2

c:\arquivos de programas\search guard plus\searchguardplus.exe Upptäckta: Trace.File.els.mywebtattoo.com!A2

c:\arquivos de programas\search guard plus\searchguardplus.ico Upptäckta: Trace.File.els.mywebtattoo.com!A2

c:\arquivos de programas\search guard plusu\sgpu.ico Upptäckta: Trace.File.els.mywebtattoo.com!A2

c:\arquivos de programas\search guard plusu\sgpupdater.exe Upptäckta: Trace.File.els.mywebtattoo.com!A2

c:\arquivos de programas\search guard plusu\sgpupdater.xml Upptäckta: Trace.File.els.mywebtattoo.com!A2

c:\arquivos de programas\search guard plusu\sgpupdaters.exe Upptäckta: Trace.File.els.mywebtattoo.com!A2

Value: HKEY_USERS\S-1-5-21-1123561945-1960408961-1417001333-1003\Software\FBSearch --> Disable Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_USERS\S-1-5-21-1123561945-1960408961-1417001333-1003\Software\FBSearch --> ProgramPath Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_USERS\S-1-5-21-1123561945-1960408961-1417001333-1003\Software\FBSearch --> TBGUID Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_USERS\S-1-5-21-1123561945-1960408961-1417001333-1003\Software\FBSearch --> toolbar_id Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_USERS\S-1-5-21-1123561945-1960408961-1417001333-1003\Software\FBSearch --> v Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_USERS\S-1-5-21-1123561945-1960408961-1417001333-1003\Software\FBSearch --> Version Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus --> Contact Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus --> DisplayIcon Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus --> DisplayName Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus --> DisplayVersion Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus --> HelpLink Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus --> HelpTelephone Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus --> Publisher Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus --> UninstallString Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus --> URLInfoAbout Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater --> Contact Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater --> DisplayIcon Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater --> DisplayName Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater --> DisplayVersion Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater --> HelpLink Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater --> HelpTelephone Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater --> Publisher Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater --> UninstallString Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater --> URLInfoAbout Upptäckta: Trace.Registry.els.mywebtattoo.com!A2

C:\Documents and Settings\Jackson\Cookies\jackson@atdmt[1].txt Upptäckta: Trace.TrackingCookie.atdmt!A2

C:\Arquivos de programas\Adobe\Adobe Fireworks CS4\disable_activation.cmd Upptäckta: Riskware.patch.Adobe!IK

C:\Arquivos de programas\Adobe\Adobe Fireworks CS4\disable_activation_osx Upptäckta: Riskware.patch.Adobe!IK

C:\Arquivos de programas\Findbasic\findbasic.exe Upptäckta: Riskware.AdWare.Win32.Zwangi!IK

C:\System Volume Information\_restore{B03E6688-FD7E-48A9-A635-00835C77FC47}\RP1\A0000237.exe Upptäckta: Riskware.AdWare.Win32.Zwangi!IK

D:\Meus Documentos\Downloads\Programas\Sothink.SWF.Decompiler.5.2.Build.521.rar/Keygen.exe Upptäckta: Trojan.Generic!IK

D:\Meus Documentos\Downloads\TRECOS\Adobe_Fireworks_CS4_DownloadTotal.rar/keygen.exe Upptäckta: Riskware.Keygen.Adobe!IK

D:\Meus Documentos\Downloads\TRECOS\Crack+kasperresetall_www.kidownload.rar/Resetter.exe Upptäckta: HackTool.Win32.Kiser!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/license.txt Upptäckta: Riskware.Monitor.Win32.Perflogger!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/bpk.exe Upptäckta: Riskware.Monitor.Win32.Perflogger!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/bpkun.exe Upptäckta: Riskware.Monitor.Win32.Perflogger!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/bpkvw.exe Upptäckta: Riskware.Monitor.Win32.Perflogger!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/Setup.exe Upptäckta: Generic.Perfloger!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/bpkhk.dll Upptäckta: Riskware.Monitor.Win32.Perflogger!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/bpki.dll Upptäckta: Riskware.Monitor.Win32.Perflogger!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/bpkwb.dll Upptäckta: Riskware.Monitor.Win32.Perflogger!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/downloads.url Upptäckta: Trojan.Keylog.154!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/bpkr.exe Upptäckta: Trojan-Spy.Win32.Perfloger.ab!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/inst.bin Upptäckta: Riskware.Monitor.Win32.Perflogger!IK

D:\Meus Documentos\Downloads\TRECOS\refog_setup_free_kl_524.exe Upptäckta: Riskware.Monitor.Win32.KGBSpy!IK

D:\Meus Documentos\Fireworks Cs4 + Crack\KeyGen+Adobe+Fireworks+CS4.zip/adobe-master-cs4-keygen.exe Upptäckta: Riskware.Keygen.Adobe!IK

D:\Meus Documentos\Fireworks Cs4 + Crack\KeyGen+Adobe+Fireworks+CS4.zip/CS4MCLG.EXE Upptäckta: Riskware.Keygen.Adobe!IK

D:\Meus Documentos\Fireworks Cs4 + Crack\KeyGen+Adobe+Fireworks+CS4.zip/disable_activation.cmd Upptäckta: Riskware.patch.Adobe!IK

D:\Meus Documentos\Fireworks Cs4 + Crack\KeyGen+Adobe+Fireworks+CS4.zip/disable_activation_osx Upptäckta: Riskware.patch.Adobe!IK

D:\Meus Documentos\LimeWire\Saved\111-cradle_of_filth-filthy_little_secret.wma Upptäckta: Trojan-Downloader.WMA.Wimad!IK

D:\Meus Documentos\LimeWire\Saved\Adobe Fireworks CS4 10.0 (Multilang).zip/Install.exe Upptäckta: Backdoor.Win32.VB!IK

D:\Meus Documentos\LimeWire\Saved\Adobe Flash CS4 Professional 2009.zip/Install.exe Upptäckta: Backdoor.Win32.VB!IK

D:\Meus Documentos\LimeWire\Saved\Adobe Flash CS4 v10.0 Professional.zip/Install.exe Upptäckta: Backdoor.Win32.VB!IK

D:\Meus Documentos\LimeWire\Saved\Adobe Photoshop CS4 Full Version + ( tested crack).zip/crack.exe Upptäckta: Trojan-Downloader.Win32.VB!IK

D:\Meus Documentos\LimeWire\Saved\Adobe Photoshop CS4 Full Version + ( tested crack).zip/Setup.exe Upptäckta: Trojan-Downloader.Win32.VB!IK

D:\Meus Documentos\LimeWire\Saved\Audio Books - CBS Radio Mystery Theatre - Vincent Price - Price of Fear - Cats Cradle.wma Upptäckta: Trojan-Downloader.WMA.Wimad!IK

D:\Meus Documentos\LimeWire\Saved\Coldplay - Sparks.wma Upptäckta: Trojan-Downloader.WMA.Wim!IK

D:\Meus Documentos\LimeWire\Saved\coldplay.wma Upptäckta: Trojan-Downloader.WMA.GetCodec!IK

D:\Meus Documentos\LimeWire\Saved\Cradle of Filth - Her ghost in the fog.wma Upptäckta: Trojan-Downloader.WMA.GetCodec!IK

D:\Meus Documentos\LimeWire\Saved\cradle of filth prey.wma Upptäckta: Trojan-Downloader.ASX.Wimad!IK

D:\Meus Documentos\LimeWire\Saved\cradle of filth rare record.wma Upptäckta: Trojan-Downloader.WMA.Wimad!IK

 

Skannade:

 

Filer: 262437

Spår: 638121

Kakor: 19

Processer: 32

 

Funna:

 

Filer: 35

Spår: 39

Kakor: 1

Processer: 0

Registernycklar: 0

 

Skannings Slut: 8/11/2009 18:41:37

Skannings Tid: 1:07:29

 

D:\Meus Documentos\LimeWire\Saved\cradle of filth prey.wma I Karantän Trojan-Downloader.ASX.Wimad!IK

D:\Meus Documentos\LimeWire\Saved\coldplay.wma I Karantän Trojan-Downloader.WMA.GetCodec!IK

D:\Meus Documentos\LimeWire\Saved\Cradle of Filth - Her ghost in the fog.wma I Karantän Trojan-Downloader.WMA.GetCodec!IK

D:\Meus Documentos\LimeWire\Saved\Coldplay - Sparks.wma I Karantän Trojan-Downloader.WMA.Wim!IK

D:\Meus Documentos\LimeWire\Saved\Adobe Photoshop CS4 Full Version + ( tested crack).zip/crack.exe I Karantän Trojan-Downloader.Win32.VB!IK

D:\Meus Documentos\LimeWire\Saved\Adobe Fireworks CS4 10.0 (Multilang).zip/Install.exe I Karantän Backdoor.Win32.VB!IK

D:\Meus Documentos\LimeWire\Saved\Adobe Flash CS4 Professional 2009.zip/Install.exe I Karantän Backdoor.Win32.VB!IK

D:\Meus Documentos\LimeWire\Saved\Adobe Flash CS4 v10.0 Professional.zip/Install.exe I Karantän Backdoor.Win32.VB!IK

D:\Meus Documentos\LimeWire\Saved\111-cradle_of_filth-filthy_little_secret.wma I Karantän Trojan-Downloader.WMA.Wimad!IK

D:\Meus Documentos\LimeWire\Saved\Audio Books - CBS Radio Mystery Theatre - Vincent Price - Price of Fear - Cats Cradle.wma I Karantän Trojan-Downloader.WMA.Wimad!IK

D:\Meus Documentos\LimeWire\Saved\cradle of filth rare record.wma I Karantän Trojan-Downloader.WMA.Wimad!IK

D:\Meus Documentos\Downloads\TRECOS\i_bpk_trial.exe/bpkr.exe I Karantän Trojan-Spy.Win32.Perfloger.ab!IK

D:\Meus Documentos\Downloads\TRECOS\Crack+kasperresetall_www.kidownload.rar/Resetter.exe I Karantän HackTool.Win32.Kiser!IK

D:\Meus Documentos\Downloads\Programas\Sothink.SWF.Decompiler.5.2.Build.521.rar/Keygen.exe I Karantän Trojan.Generic!IK

D:\Meus Documentos\Downloads\TRECOS\refog_setup_free_kl_524.exe I Karantän Riskware.Monitor.Win32.KGBSpy!IK

 

I Karantän

 

Filer: 30

Spår: 0

Kakor: 0

 

 

:seta:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:54:00, on 8/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijaThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: BlazingTools Perfect Keylogger.lnk = C:\Arquivos de programas\BPK\bpkvw.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANSAV Guard (ANSAVDaemon) - Unknown owner - G:\ANSAV\ansavd.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

 

--

End of file - 5575 bytes

 

 

:thumbsup:

[DigRam 144]

Boa Noite! LunG_ShiH

 

<@> Acesse o prompt e desregistre,abaixo,as seguintes DLLs:

 

regsvr32 /u bpkwb.dll

regsvr32 /u bpkhk.dll

regsvr32 /u bsdhooks.dll

 

<@> Maiores informações: < Link >

<@> Faça um por vez! --> Reinicie o computador.

<><><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Arquivos de programas\Perfect Keylogger Lite\uninstall.exe

C:\Arquivos de programas\blazingtools perfect keylogger\bpkr.exe

C:\Arquivos de programas\Perfect Keylogger Lite\bpk.exe

C:\Arquivos de programas\BPK\bpkun.exe

C:\Arquivos de programas\BPK\bpki.dll

C:\Arquivos de programas\BPK\bpkhk.dll

C:\Arquivos de programas\BPK\bsdhooks.dll

C:\Arquivos de programas\BPK\bpkvw.exe

C:\Arquivos de programas\BPK\bpkr.exe

C:\Arquivos de programas\BPK\bpk.exe

C:\Arquivos de programas\bpkhk.dll

C:\Arquivos de programas\bpkwb.dll

c:\windows\system32\bpk.exe

c:\windows\system32\rinst.exe

c:\windows\system32\LANO.exe

c:\windows\system32\LANOr.exe

Folder::

C:\Arquivos de programas\blazingtools perfect keylogger

C:\Arquivos de programas\Perfect Keylogger Lite

C:\Arquivos de programas\BPK

Registry::

[-HKCR\PK.IE]

[-HKCR\PK.IE.1]

[-HKCU\Software\Microsoft\Internet Explorer\IEPK]

[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Keylogger]

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Jackson Dias 68]

Olá DigRam!

O caso está resolvido.

Agradeço a atenção.

:thumbsup:

Abraços,

Jackson

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.