Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

esdrasyave

[Arquivado] Virus no meu pc- desligando sozinho

Recommended Posts

E tb qdo tento desligar pela minha vontade ele nao desliga.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:23:33, on 1/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\wmdir\svwhost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\AdmIg\Firebird\bin\fbserver.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\BitTorrent\bittorrent.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Programas\HijackThis.exe

 

 

--

End of file - 1804 bytes

 

 

E AGORA O DO COMBOFIX

 

ComboFix 10-02-01.02 - lan-04 01/02/2010 19:36:45.14.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.478.90 [GMT -3:00]

Executando de: c:\documents and settings\lan-04\Desktop\ComboFix.exe

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Firewall pessoal do ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\lan-04\Dados de aplicativos\Desktopicon

c:\documents and settings\lan-04\Dados de aplicativos\Desktopicon\eBay.ico

c:\documents and settings\lan-04\Dados de aplicativos\Desktopicon\uninst.exe

C:\Thumbs.db

c:\windows\system32\inmbox

c:\windows\system32\inmbox\Config.ini

c:\windows\system32\inmbox\iData\2967795014\brunobarak1606753466.xml

c:\windows\system32\inmbox\iData\2967795014\dealuap3410016599.xml

c:\windows\system32\inmbox\iData\2967795014\heber_mi101904282.xml

c:\windows\system32\inmbox\iData\2967795014\linaguapita207800094.xml

c:\windows\system32\inmbox\iData\2967795014\marigelber2060544313.xml

c:\windows\system32\inmbox\iData\2967795014\MessageLog.xsl

c:\windows\system32\inmbox\iData\2967795014\noemiarocha20081796792211.xml

c:\windows\system32\inmbox\iData\2967795014\tatacastro_p424376812.xml

c:\windows\system32\inmbox\iData\2967795014\tiago_soneca_metal1342884053.xml

c:\windows\system32\inmbox\iData\2967795014\trecoul_zac2326045478.xml

c:\windows\system32\inmbox\iData\2967795014\vivianelopes.com556623785.xml

c:\windows\system32\inmbox\iData\3720902274\MessageLog.xsl

c:\windows\system32\inmbox\iData\4029172053\charles_50953492751931.xml

c:\windows\system32\inmbox\iData\4029172053\fabricioamigo102962367672.xml

c:\windows\system32\inmbox\iData\4029172053\folhasatelite3986094072.xml

c:\windows\system32\inmbox\iData\4029172053\hertonaldo1178061595.xml

c:\windows\system32\inmbox\iData\4029172053\MessageLog.xsl

c:\windows\system32\inmbox\iData\4029172053\oz_angelo3739649129.xml

c:\windows\system32\inmbox\iData\772360000\MessageLog.xsl

c:\windows\system32\inmbox\iData\Data.msn

c:\windows\system32\inmbox\iData\Mail.msm

c:\windows\system32\inmbox\iData\Screens\156939284301201019.JPG

c:\windows\system32\inmbox\iData\Screens\156939284301201020.JPG

c:\windows\system32\inmbox\iData\Screens\1858281481291201016.JPG

c:\windows\system32\inmbox\iData\Screens\2422125915281201020.JPG

c:\windows\system32\inmbox\iData\Screens\2422125915281201021.JPG

c:\windows\system32\inmbox\iData\Screens\2422125915281201022.JPG

c:\windows\system32\inmbox\iData\Screens\2443538492281201012.JPG

c:\windows\system32\inmbox\iData\Screens\2443538492301201016.JPG

c:\windows\system32\inmbox\iData\Screens\2621453422281201011.JPG

c:\windows\system32\inmbox\iData\Screens\2621453422281201012.JPG

c:\windows\system32\inmbox\iData\Screens\2787675700301201015.JPG

c:\windows\system32\inmbox\iData\Screens\302732757301201015.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847281201020.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847281201021.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847281201022.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847301201017.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847301201018.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847301201020.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847301201021.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847301201022.JPG

c:\windows\system32\inmbox\iData\Screens\3442646370301201016.JPG

c:\windows\system32\inmbox\iData\Screens\3559688481281201017.JPG

c:\windows\system32\inmbox\iData\Screens\3584681626281201017.JPG

c:\windows\system32\inmbox\iData\Screens\3778595164291201022.JPG

c:\windows\system32\inmbox\iData\Screens\3778595164291201023.JPG

c:\windows\system32\inmbox\iData\Screens\3809655975291201016.JPG

c:\windows\system32\inmbox\iData\Screens\3971668634291201016.JPG

c:\windows\system32\inmbox\iData\Screens\3971668634291201017.JPG

c:\windows\system32\inmbox\iData\Screens\3971668634301201015.JPG

c:\windows\system32\inmbox\iData\Screens\3971668634301201016.JPG

c:\windows\system32\inmbox\iData\Screens\4276325400281201014.JPG

c:\windows\system32\inmbox\iData\Screens\470840060301201020.JPG

c:\windows\system32\inmbox\iData\Screens\470840060301201021.JPG

c:\windows\system32\inmbox\iData\Screens\79072907301201019.JPG

c:\windows\system32\inmbox\iData\Screens\79072907301201020.JPG

c:\windows\system32\inmbox\iData\Screens\916045179291201017.JPG

c:\windows\system32\inmbox\iData\Screens\916045179291201021.JPG

c:\windows\system32\inmbox\iData\Screens\916045179301201015.JPG

c:\windows\system32\inmbox\iData\Screens\923100725301201016.JPG

c:\windows\system32\inmbox\iData\Users.msm

c:\windows\system32\inmbox\unins000.dat

c:\windows\system32\inmbox\unins000.exe

c:\windows\system32\inmbox\winbox.exe

c:\windows\system32\Thumbs.db

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))

.

 

2010-01-29 12:10 . 2010-01-29 16:43 -------- d-----w- c:\arquivos de programas\XviD3

2010-01-29 03:25 . 2010-01-29 03:38 -------- d-----w- c:\arquivos de programas\Xvid2

2010-01-28 14:48 . 2010-01-28 14:48 -------- d-----w- c:\windows\system32\1035

2010-01-28 14:48 . 2010-01-28 15:39 -------- d-sh--w- c:\windows\system32\wmdir

2010-01-28 14:44 . 2006-11-10 19:28 139264 ----a-w- c:\windows\system32\vbSendMail.dll

2010-01-28 14:44 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll

2010-01-27 23:58 . 2010-01-27 23:58 -------- d-----w- C:\Intel

2010-01-27 15:19 . 2010-02-01 22:26 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\MPK

2010-01-27 15:19 . 2010-01-27 15:19 -------- d-sh--w- c:\windows\system32\MPK

2010-01-27 15:15 . 2010-01-27 15:15 -------- d-----w- c:\windows\logsysm

2010-01-05 12:06 . 2010-01-28 21:31 -------- d-----w- C:\fotos PI

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-01 22:31 . 2009-04-11 19:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\BitTorrent

2010-02-01 22:24 . 2009-03-14 04:09 62357984 -csha-w- c:\windows\system32\drivers\fidbox.idx

2010-02-01 22:24 . 2009-03-14 04:09 4294966272 -csha-w- c:\windows\system32\drivers\fidbox.dat

2010-02-01 22:20 . 2009-03-03 23:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\SolidDocuments

2010-02-01 13:40 . 2008-07-27 13:19 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Orbit

2010-01-23 23:36 . 2009-04-01 15:31 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\SolidDocuments

2010-01-13 16:18 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2009-12-29 13:32 . 2009-03-28 11:07 98304 ----a-w- c:\windows\DUMP8a0f.tmp

2009-12-26 12:55 . 2001-10-28 12:07 98846 ----a-w- c:\windows\system32\perfc016.dat

2009-12-26 12:55 . 2001-10-28 12:07 551248 ----a-w- c:\windows\system32\perfh016.dat

2009-12-24 21:41 . 2009-03-28 11:07 98304 ----a-w- c:\windows\DUMP7649.tmp

2009-12-24 21:30 . 2009-03-28 11:07 98304 ----a-w- c:\windows\DUMP7455.tmp

2009-12-21 15:03 . 2009-12-21 14:47 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2009-12-21 15:03 . 2009-12-21 14:48 52224 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll

2009-12-21 15:03 . 2009-12-21 14:48 114688 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\npmozax.dll

2009-12-21 15:03 . 2009-12-21 14:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2009-12-21 14:48 . 2009-12-21 14:48 -------- d-----w- c:\arquivos de programas\Conduit

2009-12-20 16:48 . 2009-12-20 16:31 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Skype

2009-12-20 16:35 . 2009-12-20 16:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-20 16:35 . 2009-12-20 16:35 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\skypePM

2009-12-20 16:27 . 2009-12-20 16:24 -------- d-----r- c:\arquivos de programas\Skype

2009-12-20 16:24 . 2009-12-20 16:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-12-20 16:23 . 2009-12-20 16:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-12-17 17:55 . 2009-12-18 10:34 52224 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{0e2fd431-c6d0-4f34-8a82-ac423aa4652d}\components\FFExternalAlert.dll

2009-12-17 17:55 . 2009-12-18 10:34 101376 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{0e2fd431-c6d0-4f34-8a82-ac423aa4652d}\components\RadioWMPCore.dll

2009-12-10 23:42 . 2009-12-10 23:42 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-12-07 20:44 . 2009-12-07 20:44 -------- d-----w- c:\arquivos de programas\Aneesoft

2009-11-24 20:39 . 2010-01-24 00:41 1093064 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

2009-11-23 22:58 . 2009-08-02 14:23 4045528 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-05 12:20 . 2009-08-05 13:28 41063272 ----a-w- c:\arquivos de programas\Caspo.exe

2009-08-04 23:56 . 2009-08-04 23:43 40958056 ----a-w- c:\arquivos de programas\setup_7.0.0.290_05.08.2009_03-20.exe

2008-06-19 20:56 . 2008-06-19 20:56 4450382 ----a-w- c:\arquivos de programas\nero_photoshow_express_4_us_row.exe

2008-06-19 20:42 . 2008-06-19 20:42 6104632 ----a-w- c:\arquivos de programas\picasaweb-current-setup.exe

2004-07-22 13:51 . 2004-07-22 13:51 3432656 ----a-w- c:\arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 . 2004-07-20 01:58 1156363 ----a-w- c:\arquivos de programas\BDANT.cab

2004-07-20 01:53 . 2004-07-20 01:53 976020 ----a-w- c:\arquivos de programas\BDAXP.cab

2004-07-09 17:17 . 2004-07-09 17:17 13265040 ----a-w- c:\arquivos de programas\dxnt.cab

2004-07-09 12:13 . 2004-07-09 12:13 15493481 -c--a-w- c:\arquivos de programas\DirectX.cab

2004-07-09 12:13 . 2004-07-09 12:13 703080 -c--a-w- c:\arquivos de programas\BDA.cab

2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- c:\arquivos de programas\dxsetup.exe

2004-07-09 07:08 . 2004-07-09 07:08 2242560 ----a-w- c:\arquivos de programas\dsetup32.dll

2004-07-09 06:03 . 2004-07-09 06:03 62976 ----a-w- c:\arquivos de programas\DSETUP.dll

2009-03-14 04:18 . 2009-03-14 04:09 352288 -csha-w- c:\windows\system32\drivers\fidbox2.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

2009-11-09 21:38 2331672 ----a-w- c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="c:\arquivos de programas\BitTorrent\bittorrent.exe" [2009-11-05 654128]

"box services"="c:\windows\system32\wmdir\svwhost.exe" [2009-10-23 527872]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"box services"="c:\windows\system32\wmdir\svwhost.exe" [2009-10-23 527872]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

2008-10-31 22:20 3563232 ----a-w- c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2009-11-05 14:04 654128 ----a-w- c:\arquivos de programas\BitTorrent\bittorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 02:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2006-04-01 20:32 1581056 ----a-r- c:\windows\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

2008-07-21 22:31 1888 ----a-w- c:\documents and settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-12-02 15:40 122880 ----a-w- c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-30 15:30 133104 ----atw- c:\documents and settings\lan-04\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2005-01-07 20:07 61952 ------w- c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 14:18 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-05-18 14:29 49152 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2006-05-10 19:52 249856 ----a-w- c:\arquiv~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-04-01 20:33 7110656 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-04-01 20:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-08 01:57 30208 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-10-10 00:43 729088 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-06-27 11:06 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2009-01-13 14:09 270128 ----a-w- c:\arquivos de programas\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2005-03-08 03:33 53248 ----a-r- c:\windows\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2005-11-01 04:15 163840 ----a-r- c:\windows\system32\VTTrayp.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\River Past\\Wave@MP3\\WaveAtMp3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/5/2009 15:47 107256]

R1 is-A7UA6drv;is-A7UA6drv;c:\windows\system32\drivers\47000877.sys [4/8/2009 20:58 148496]

R1 is-D8KDBdrv;is-D8KDBdrv;c:\windows\system32\drivers\98782068.sys [4/8/2009 21:04 148496]

R1 is-QR2A2drv;is-QR2A2drv;c:\windows\system32\drivers\17601523.sys [5/8/2009 10:41 148496]

R1 is-UEHSSdrv;is-UEHSSdrv;c:\windows\system32\drivers\99758160.sys [4/8/2009 22:13 148496]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [14/3/2009 17:23 719392]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [9/9/2009 20:21 12672]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [14/5/2009 15:47 731840]

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance --> c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance [?]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/9/2009 18:09 721904]

S1 is-VD0FUdrv;is-VD0FUdrv;c:\windows\system32\drivers\27206467.sys [4/8/2009 21:08 148496]

S2 gupdate1c9d8de2812eabc;Google Update Service (gupdate1c9d8de2812eabc);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/5/2009 21:01 133104]

S3 ListOpenedFileDrv;System Explorer Opened File Info;\??\c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys --> c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys [?]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

 

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Enviar para &Bluetooth - c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

Trusted Zone: ufc.br\www.sofia

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{0e2fd431-c6d0-4f34-8a82-ac423aa4652d}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{0e2fd431-c6d0-4f34-8a82-ac423aa4652d}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npkimi.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-boxfile - c:\windows\system32\inmbox\winbox.exe

HKLM-Run-boxfile - c:\windows\system32\inmbox\winbox.exe

AddRemove-eBay Icon - c:\documents and settings\lan-04\Dados de aplicativos\Desktopicon\uninst.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-01 19:52

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76E7133E-2B34-3E68-ED04-9E913775FEB5}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oaapannifmdfblpenmmkebgjiojkme"=hex:64,61,64,62,63,6b,6c,69,00,85

"oamaijaacolopohcfdigicocoggdff"=hex:6a,61,64,62,64,6b,66,6c,70,62,65,64,68,61,

65,65,6d,67,6c,6a,00,02

"nagakigjhiopiiapjidcdjckiajd"=hex:6a,61,64,62,64,6b,66,6c,70,62,65,64,68,61,

65,65,6d,67,6c,6a,00,02

 

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA1D4C37-500C-C3FE-7715-D3EDCD5B017A}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iadpdfmhpgibdmnmbc"=hex:6a,61,61,64,6d,65,62,6f,68,66,65,68,70,6d,66,6d,69,6a,

61,64,00,01

"hanajcpmflboijbj"=hex:6a,61,61,64,6d,65,62,6f,68,66,65,68,70,6d,66,6d,69,6a,

61,64,00,01

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2010-02-01 20:03:09

ComboFix-quarantined-files.txt 2010-02-01 23:03

ComboFix2.txt 2009-09-14 18:50

 

Pré-execução: 4.909.010.944 bytes disponíveis

Pós execução: 7.088.390.144 bytes disponíveis

 

Current=11 Default=11 Failed=10 LastKnownGood=12 Sets=1,2,3,4,5,6,7,8,10,11,12

- - End Of File - - A31A0A05C7DF2A304B0BB0EFF5B72713

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá esdrasyave! Delete o ComboFix que está no desktop. Baixe novamente: '>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix > salve na área de trabalho

 

Salve ou imprima estas instruções:

 

A ordem de rodar as ferramentas deve ser como está nas instruções.

 

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

 

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
    NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.
  • Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
  • Dê um duplo-clique no combofix.exe e clique em Executar para prosseguir o Fix. Aguarde pois é um pouco demorado.
  • O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  • Selecione, copie e cole o conteúdo do log do MBAM na sua póxima resposta + o conteúdo do ComboFix.txt.
     
    OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-02-17.01 - lan-04 18/02/2010 11:17:29.15.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.478.145 [GMT -3:00]

Executando de: c:\documents and settings\lan-04\Desktop\ComboFix.exe

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Firewall pessoal do ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Thumbs.db

c:\windows\system32\inmbox

c:\windows\system32\inmbox\iData\2967795014\anjinhavf1284085212.xml

c:\windows\system32\inmbox\iData\2967795014\bellpontocom2146675425.xml

c:\windows\system32\inmbox\iData\2967795014\bin_edson3920706408.xml

c:\windows\system32\inmbox\iData\2967795014\brunobarak1606753466.xml

c:\windows\system32\inmbox\iData\2967795014\carlos_stauros1596501203.xml

c:\windows\system32\inmbox\iData\2967795014\cintia-ric1149617382.xml

c:\windows\system32\inmbox\iData\2967795014\ellen_acricya251252682.xml

c:\windows\system32\inmbox\iData\2967795014\esdrasyave2967795014.xml

c:\windows\system32\inmbox\iData\2967795014\glennielacks90101766358769.xml

c:\windows\system32\inmbox\iData\2967795014\gregoriohermes1376142385.xml

c:\windows\system32\inmbox\iData\2967795014\heber_mi101904282.xml

c:\windows\system32\inmbox\iData\2967795014\karolzinha_gdt1819809946.xml

c:\windows\system32\inmbox\iData\2967795014\levi_cunha3781753073.xml

c:\windows\system32\inmbox\iData\2967795014\marybrisamorena650676319.xml

c:\windows\system32\inmbox\iData\2967795014\MessageLog.xsl

c:\windows\system32\inmbox\iData\2967795014\miriamlongaray1503418143.xml

c:\windows\system32\inmbox\iData\2967795014\naldinyagamy1388311321.xml

c:\windows\system32\inmbox\iData\2967795014\ninagatapoderosa4230355267.xml

c:\windows\system32\inmbox\iData\2967795014\noemiarocha20081796792211.xml

c:\windows\system32\inmbox\iData\2967795014\otvjr2064077784.xml

c:\windows\system32\inmbox\iData\2967795014\rogerioestevamshow2071872412.xml

c:\windows\system32\inmbox\iData\2967795014\stefanicb596672678.xml

c:\windows\system32\inmbox\iData\2967795014\vivianelopes.com556623785.xml

c:\windows\system32\inmbox\iData\2967795014\vivianereis_1523878151.xml

c:\windows\system32\inmbox\iData\4029172053\charles_50953492751931.xml

c:\windows\system32\inmbox\iData\4029172053\edineusa_carvalho2172415856.xml

c:\windows\system32\inmbox\iData\4029172053\edmarafl1984335119.xml

c:\windows\system32\inmbox\iData\4029172053\hertonaldo1178061595.xml

c:\windows\system32\inmbox\iData\4029172053\MessageLog.xsl

c:\windows\system32\inmbox\iData\4029172053\oz_angelo3739649129.xml

c:\windows\system32\inmbox\iData\4029172053\paulo.cezar.ce3734423093.xml

c:\windows\system32\inmbox\iData\772360000\brunobarak1606753466.xml

c:\windows\system32\inmbox\iData\772360000\carlosericveras2412739279.xml

c:\windows\system32\inmbox\iData\772360000\clariceferreira174076726586.xml

c:\windows\system32\inmbox\iData\772360000\johnsonstrings772360000.xml

c:\windows\system32\inmbox\iData\772360000\levi_cunha3781753073.xml

c:\windows\system32\inmbox\iData\772360000\marigelber2060544313.xml

c:\windows\system32\inmbox\iData\772360000\mariihh_09053787366650.xml

c:\windows\system32\inmbox\iData\772360000\MessageLog.xsl

c:\windows\system32\inmbox\iData\772360000\micheldasilvamonte4054791004.xml

c:\windows\system32\inmbox\iData\772360000\trecoul_zac2326045478.xml

c:\windows\system32\inmbox\iData\772360000\valmusic73312907742.xml

c:\windows\system32\inmbox\iData\772360000\yldemar1362565449.xml

c:\windows\system32\Thumbs.db

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-18 to 2010-02-18 ))))))))))))))))))))))))))))

.

 

2010-02-17 22:39 . 2010-02-17 22:43 -------- d-----w- c:\arquivos de programas\Grand Theft Auto III - RIP

2010-02-11 00:38 . 2010-02-11 00:39 -------- d-----w- c:\arquivos de programas\Megacubo

2010-01-29 12:10 . 2010-02-04 19:29 -------- d-----w- c:\arquivos de programas\XviD3

2010-01-29 03:25 . 2010-01-29 03:38 -------- d-----w- c:\arquivos de programas\Xvid2

2010-01-28 14:48 . 2010-01-28 14:48 -------- d-----w- c:\windows\system32\1035

2010-01-28 14:48 . 2010-01-28 15:39 -------- d-sh--w- c:\windows\system32\wmdir

2010-01-28 14:44 . 2006-11-10 19:28 139264 ----a-w- c:\windows\system32\vbSendMail.dll

2010-01-28 14:44 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll

2010-01-27 23:58 . 2010-01-27 23:58 -------- d-----w- C:\Intel

2010-01-27 15:19 . 2010-02-01 22:26 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\MPK

2010-01-27 15:19 . 2010-01-27 15:19 -------- d-sh--w- c:\windows\system32\MPK

2010-01-27 15:15 . 2010-01-27 15:15 -------- d-----w- c:\windows\logsysm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-18 14:13 . 2009-04-11 19:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\BitTorrent

2010-02-18 14:05 . 2009-03-14 04:09 62357984 -csha-w- c:\windows\system32\drivers\fidbox.idx

2010-02-18 14:05 . 2009-03-14 04:09 4294966272 -csha-w- c:\windows\system32\drivers\fidbox.dat

2010-02-18 13:46 . 2009-08-02 14:22 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-18 13:42 . 2009-08-02 14:23 5115824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-02-18 00:18 . 2009-03-03 23:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\SolidDocuments

2010-02-13 18:46 . 2008-07-27 13:19 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Orbit

2010-02-06 12:52 . 2001-10-28 12:07 583946 ----a-w- c:\windows\system32\perfh016.dat

2010-02-06 12:52 . 2001-10-28 12:07 113906 ----a-w- c:\windows\system32\perfc016.dat

2010-02-05 20:58 . 2009-04-11 19:12 -------- d-----w- c:\arquivos de programas\BitTorrent

2010-02-04 22:14 . 2009-04-01 15:31 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\SolidDocuments

2010-02-02 22:08 . 2009-01-07 14:15 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-02-02 01:18 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2010-01-07 19:07 . 2009-08-02 14:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 19:07 . 2009-08-02 14:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-31 16:50 . 2004-08-04 02:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-29 13:32 . 2009-03-28 11:07 98304 ----a-w- c:\windows\DUMP8a0f.tmp

2009-12-24 21:41 . 2009-03-28 11:07 98304 ----a-w- c:\windows\DUMP7649.tmp

2009-12-24 21:30 . 2009-03-28 11:07 98304 ----a-w- c:\windows\DUMP7455.tmp

2009-12-21 19:08 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-21 15:03 . 2009-12-21 14:47 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2009-12-21 15:03 . 2009-12-21 14:48 52224 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll

2009-12-21 15:03 . 2009-12-21 14:48 114688 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\npmozax.dll

2009-12-21 15:03 . 2009-12-21 14:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2009-12-21 14:48 . 2009-12-21 14:48 -------- d-----w- c:\arquivos de programas\Conduit

2009-12-20 16:48 . 2009-12-20 16:31 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Skype

2009-12-20 16:35 . 2009-12-20 16:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-20 16:35 . 2009-12-20 16:35 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\skypePM

2009-12-20 16:27 . 2009-12-20 16:24 -------- d-----r- c:\arquivos de programas\Skype

2009-12-20 16:24 . 2009-12-20 16:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-12-20 16:23 . 2009-12-20 16:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-12-17 17:55 . 2009-12-18 10:34 52224 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{0e2fd431-c6d0-4f34-8a82-ac423aa4652d}\components\FFExternalAlert.dll

2009-12-17 17:55 . 2009-12-18 10:34 101376 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{0e2fd431-c6d0-4f34-8a82-ac423aa4652d}\components\RadioWMPCore.dll

2009-12-17 07:41 . 2008-06-06 12:55 345600 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:09 . 2004-08-04 03:45 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2004-08-04 03:40 2149376 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:09 . 2004-08-04 00:40 2028032 ------w- c:\windows\system32\ntkrnlpa.exe

2009-12-04 18:22 . 2004-08-04 02:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-11-27 17:13 . 2004-08-04 03:45 1296384 ----a-w- c:\windows\system32\quartz.dll

2009-11-27 17:13 . 2004-08-04 00:45 17920 ----a-w- c:\windows\system32\msyuv.dll

2009-11-27 16:08 . 2001-09-05 23:50 8704 ----a-w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:08 . 2004-08-04 03:45 11264 ----a-w- c:\windows\system32\msrle32.dll

2009-11-27 16:08 . 2004-08-04 03:45 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-11-27 16:08 . 2004-08-04 00:45 48128 ----a-w- c:\windows\system32\iyuv_32.dll

2009-11-27 16:08 . 2001-10-28 12:07 28672 ----a-w- c:\windows\system32\msvidc32.dll

2009-11-24 20:39 . 2010-01-24 00:41 1093064 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

2009-11-21 15:58 . 2004-08-04 03:45 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-08-05 12:20 . 2009-08-05 13:28 41063272 ----a-w- c:\arquivos de programas\Caspo.exe

2009-08-04 23:56 . 2009-08-04 23:43 40958056 ----a-w- c:\arquivos de programas\setup_7.0.0.290_05.08.2009_03-20.exe

2008-06-19 20:56 . 2008-06-19 20:56 4450382 ----a-w- c:\arquivos de programas\nero_photoshow_express_4_us_row.exe

2008-06-19 20:42 . 2008-06-19 20:42 6104632 ----a-w- c:\arquivos de programas\picasaweb-current-setup.exe

2004-07-22 13:51 . 2004-07-22 13:51 3432656 ----a-w- c:\arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 . 2004-07-20 01:58 1156363 ----a-w- c:\arquivos de programas\BDANT.cab

2004-07-20 01:53 . 2004-07-20 01:53 976020 ----a-w- c:\arquivos de programas\BDAXP.cab

2004-07-09 17:17 . 2004-07-09 17:17 13265040 ----a-w- c:\arquivos de programas\dxnt.cab

2004-07-09 12:13 . 2004-07-09 12:13 15493481 -c--a-w- c:\arquivos de programas\DirectX.cab

2004-07-09 12:13 . 2004-07-09 12:13 703080 -c--a-w- c:\arquivos de programas\BDA.cab

2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- c:\arquivos de programas\dxsetup.exe

2004-07-09 07:08 . 2004-07-09 07:08 2242560 ----a-w- c:\arquivos de programas\dsetup32.dll

2004-07-09 06:03 . 2004-07-09 06:03 62976 ----a-w- c:\arquivos de programas\DSETUP.dll

2009-03-14 04:18 . 2009-03-14 04:09 352288 -csha-w- c:\windows\system32\drivers\fidbox2.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

2009-11-09 21:38 2331672 ----a-w- c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="c:\arquivos de programas\BitTorrent\bittorrent.exe" [2009-11-05 654128]

"box services"="c:\windows\system32\wmdir\svwhost.exe" [2009-10-23 527872]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"box services"="c:\windows\system32\wmdir\svwhost.exe" [2009-10-23 527872]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

2008-10-31 22:20 3563232 ----a-w- c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2009-11-05 14:04 654128 ----a-w- c:\arquivos de programas\BitTorrent\bittorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 02:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2006-04-01 20:32 1581056 ----a-r- c:\windows\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

2008-07-21 22:31 1888 ----a-w- c:\documents and settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-12-02 15:40 122880 ----a-w- c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-30 15:30 133104 ----atw- c:\documents and settings\lan-04\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2005-01-07 20:07 61952 ------w- c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 14:18 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-05-18 14:29 49152 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2006-05-10 19:52 249856 ----a-w- c:\arquiv~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-04-01 20:33 7110656 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-04-01 20:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-08 01:57 30208 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-10-10 00:43 729088 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-06-27 11:06 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2009-01-13 14:09 270128 ----a-w- c:\arquivos de programas\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2005-03-08 03:33 53248 ----a-r- c:\windows\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2005-11-01 04:15 163840 ----a-r- c:\windows\system32\VTTrayp.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\River Past\\Wave@MP3\\WaveAtMp3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Documents and Settings\\lan-04\\Meus documentos\\Meus arquivos recebidos\\TeamViewer.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/5/2009 15:47 107256]

R1 is-A7UA6drv;is-A7UA6drv;c:\windows\system32\drivers\47000877.sys [4/8/2009 20:58 148496]

R1 is-D8KDBdrv;is-D8KDBdrv;c:\windows\system32\drivers\98782068.sys [4/8/2009 21:04 148496]

R1 is-QR2A2drv;is-QR2A2drv;c:\windows\system32\drivers\17601523.sys [5/8/2009 10:41 148496]

R1 is-UEHSSdrv;is-UEHSSdrv;c:\windows\system32\drivers\99758160.sys [4/8/2009 22:13 148496]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [14/3/2009 17:23 719392]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [9/9/2009 20:21 12672]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [14/5/2009 15:47 731840]

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance --> c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance [?]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/9/2009 18:09 721904]

S1 is-VD0FUdrv;is-VD0FUdrv;c:\windows\system32\drivers\27206467.sys [4/8/2009 21:08 148496]

S2 gupdate1c9d8de2812eabc;Google Update Service (gupdate1c9d8de2812eabc);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/5/2009 21:01 133104]

S3 ListOpenedFileDrv;System Explorer Opened File Info;\??\c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys --> c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys [?]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

 

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Enviar para &Bluetooth - c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

Trusted Zone: ufc.br\www.sofia

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npkimi.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-18 11:31

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76E7133E-2B34-3E68-ED04-9E913775FEB5}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oaapannifmdfblpenmmkebgjiojkme"=hex:64,61,64,62,63,6b,6c,69,00,85

"oamaijaacolopohcfdigicocoggdff"=hex:6a,61,64,62,64,6b,66,6c,70,62,65,64,68,61,

65,65,6d,67,6c,6a,00,02

"nagakigjhiopiiapjidcdjckiajd"=hex:6a,61,64,62,64,6b,66,6c,70,62,65,64,68,61,

65,65,6d,67,6c,6a,00,02

 

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA1D4C37-500C-C3FE-7715-D3EDCD5B017A}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iadpdfmhpgibdmnmbc"=hex:6a,61,61,64,6d,65,62,6f,68,66,65,68,70,6d,66,6d,69,6a,

61,64,00,01

"hanajcpmflboijbj"=hex:6a,61,61,64,6d,65,62,6f,68,66,65,68,70,6d,66,6d,69,6a,

61,64,00,01

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2010-02-18 11:42:31

ComboFix-quarantined-files.txt 2010-02-18 14:42

ComboFix2.txt 2010-02-01 23:03

ComboFix3.txt 2009-09-14 18:50

 

Pré-execução: 4.155.711.488 bytes disponíveis

Pós execução: 2.338.406.400 bytes disponíveis

 

Current=11 Default=11 Failed=10 LastKnownGood=12 Sets=1,2,3,4,5,6,7,8,10,11,12

- - End Of File - - 8FB261057FD717AF3066B7173671BEB4

 

 

 

AGORA O LOG DO MWB

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

18/2/2010 12:15:40

mbam-log-2010-02-18 (12-15-40).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 116722

Tempo decorrido: 25 minute(s), 5 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 13

Arquivos infectados: 86

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

C:\Documents and Settings\All Users\Dados de aplicativos\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\2 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\3 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\I40208_8599573148 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\2\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\2\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\3\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\3\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger\Get discount!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger\Order now!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger\REFOG Free Keylogger on the Web.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger\REFOG Free Keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\MPK\REFOG Free Keylogger\Uninstall REFOG Free Keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\French.lng (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\German.lng (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Mpk.dll (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\MPK.exe (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Mpk64.dll (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\MPK64.exe (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\MPKView.exe (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Romanian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Spanish.lng (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\sqlite3.dll (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images\english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images\german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images\russian.gif (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, o ComboFix é que dará o log para a análise depois do que o MBAM removeu e os próprios ítens que o ComboFix remove. O log do ComboFix pode não ser o que realmente informa pois, rodou o MBAM depois dele. Por isso coloco o aviso abaixo quando peço para rodar as ferramentas:

 

A ordem de rodar as ferramentas deve ser como está nas instruções.

 

Assim, peço que rode novamente o ComboFix e poste o novo log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.