Publicado em 2 de fev.

[Arquivado] Virus no meu pc- desligando sozinho

#topicos-arquivados-seguranca-malwares

E tb qdo tento desligar pela minha vontade ele nao desliga.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:23:33, on 1/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\wmdir\svwhost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\AdmIg\Firebird\bin\fbserver.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\BitTorrent\bittorrent.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Programas\HijackThis.exe

End of file - 1804 bytes

E AGORA O DO COMBOFIX

ComboFix 10-02-01.02 - lan-04 01/02/2010 19:36:45.14.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.478.90 [GMT -3:00]

Executando de: c:\documents and settings\lan-04\Desktop\ComboFix.exe

AV: ESET Smart Security 4.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Firewall pessoal do ESET enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

c:\documents and settings\lan-04\Dados de aplicativos\Desktopicon

c:\documents and settings\lan-04\Dados de aplicativos\Desktopicon\eBay.ico

c:\documents and settings\lan-04\Dados de aplicativos\Desktopicon\uninst.exe

C:\Thumbs.db

c:\windows\system32\inmbox

c:\windows\system32\inmbox\Config.ini

c:\windows\system32\inmbox\iData\2967795014\brunobarak1606753466.xml

c:\windows\system32\inmbox\iData\2967795014\dealuap3410016599.xml

c:\windows\system32\inmbox\iData\2967795014\heber_mi101904282.xml

c:\windows\system32\inmbox\iData\2967795014\linaguapita207800094.xml

c:\windows\system32\inmbox\iData\2967795014\marigelber2060544313.xml

c:\windows\system32\inmbox\iData\2967795014\MessageLog.xsl

c:\windows\system32\inmbox\iData\2967795014\noemiarocha20081796792211.xml

c:\windows\system32\inmbox\iData\2967795014\tatacastro_p424376812.xml

c:\windows\system32\inmbox\iData\2967795014\tiago_soneca_metal1342884053.xml

c:\windows\system32\inmbox\iData\2967795014\trecoul_zac2326045478.xml

c:\windows\system32\inmbox\iData\2967795014\vivianelopes.com556623785.xml

c:\windows\system32\inmbox\iData\3720902274\MessageLog.xsl

c:\windows\system32\inmbox\iData\4029172053\charles_50953492751931.xml

c:\windows\system32\inmbox\iData\4029172053\fabricioamigo102962367672.xml

c:\windows\system32\inmbox\iData\4029172053\folhasatelite3986094072.xml

c:\windows\system32\inmbox\iData\4029172053\hertonaldo1178061595.xml

c:\windows\system32\inmbox\iData\4029172053\MessageLog.xsl

c:\windows\system32\inmbox\iData\4029172053\oz_angelo3739649129.xml

c:\windows\system32\inmbox\iData\772360000\MessageLog.xsl

c:\windows\system32\inmbox\iData\Data.msn

c:\windows\system32\inmbox\iData\Mail.msm

c:\windows\system32\inmbox\iData\Screens\156939284301201019.JPG

c:\windows\system32\inmbox\iData\Screens\156939284301201020.JPG

c:\windows\system32\inmbox\iData\Screens\1858281481291201016.JPG

c:\windows\system32\inmbox\iData\Screens\2422125915281201020.JPG

c:\windows\system32\inmbox\iData\Screens\2422125915281201021.JPG

c:\windows\system32\inmbox\iData\Screens\2422125915281201022.JPG

c:\windows\system32\inmbox\iData\Screens\2443538492281201012.JPG

c:\windows\system32\inmbox\iData\Screens\2443538492301201016.JPG

c:\windows\system32\inmbox\iData\Screens\2621453422281201011.JPG

c:\windows\system32\inmbox\iData\Screens\2621453422281201012.JPG

c:\windows\system32\inmbox\iData\Screens\2787675700301201015.JPG

c:\windows\system32\inmbox\iData\Screens\302732757301201015.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847281201020.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847281201021.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847281201022.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847301201017.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847301201018.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847301201020.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847301201021.JPG

c:\windows\system32\inmbox\iData\Screens\3377696847301201022.JPG

c:\windows\system32\inmbox\iData\Screens\3442646370301201016.JPG

c:\windows\system32\inmbox\iData\Screens\3559688481281201017.JPG

c:\windows\system32\inmbox\iData\Screens\3584681626281201017.JPG

c:\windows\system32\inmbox\iData\Screens\3778595164291201022.JPG

c:\windows\system32\inmbox\iData\Screens\3778595164291201023.JPG

c:\windows\system32\inmbox\iData\Screens\3809655975291201016.JPG

c:\windows\system32\inmbox\iData\Screens\3971668634291201016.JPG

c:\windows\system32\inmbox\iData\Screens\3971668634291201017.JPG

c:\windows\system32\inmbox\iData\Screens\3971668634301201015.JPG

c:\windows\system32\inmbox\iData\Screens\3971668634301201016.JPG

c:\windows\system32\inmbox\iData\Screens\4276325400281201014.JPG

c:\windows\system32\inmbox\iData\Screens\470840060301201020.JPG

c:\windows\system32\inmbox\iData\Screens\470840060301201021.JPG

c:\windows\system32\inmbox\iData\Screens\79072907301201019.JPG

c:\windows\system32\inmbox\iData\Screens\79072907301201020.JPG

c:\windows\system32\inmbox\iData\Screens\916045179291201017.JPG

c:\windows\system32\inmbox\iData\Screens\916045179291201021.JPG

c:\windows\system32\inmbox\iData\Screens\916045179301201015.JPG

c:\windows\system32\inmbox\iData\Screens\923100725301201016.JPG

c:\windows\system32\inmbox\iData\Users.msm

c:\windows\system32\inmbox\unins000.dat

c:\windows\system32\inmbox\unins000.exe

c:\windows\system32\inmbox\winbox.exe

c:\windows\system32\Thumbs.db

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))

2010-01-29 12:10 . 2010-01-29 16:43 -------- d-----w- c:\arquivos de programas\XviD3

2010-01-29 03:25 . 2010-01-29 03:38 -------- d-----w- c:\arquivos de programas\Xvid2

2010-01-28 14:48 . 2010-01-28 14:48 -------- d-----w- c:\windows\system32\1035

2010-01-28 14:48 . 2010-01-28 15:39 -------- d-sh--w- c:\windows\system32\wmdir

2010-01-28 14:44 . 2006-11-10 19:28 139264 ----a-w- c:\windows\system32\vbSendMail.dll

2010-01-28 14:44 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll

2010-01-27 23:58 . 2010-01-27 23:58 -------- d-----w- C:\Intel

2010-01-27 15:19 . 2010-02-01 22:26 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\MPK

2010-01-27 15:19 . 2010-01-27 15:19 -------- d-sh--w- c:\windows\system32\MPK

2010-01-27 15:15 . 2010-01-27 15:15 -------- d-----w- c:\windows\logsysm

2010-01-05 12:06 . 2010-01-28 21:31 -------- d-----w- C:\fotos PI

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

2010-02-01 22:31 . 2009-04-11 19:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\BitTorrent

2010-02-01 22:24 . 2009-03-14 04:09 62357984 -csha-w- c:\windows\system32\drivers\fidbox.idx

2010-02-01 22:24 . 2009-03-14 04:09 4294966272 -csha-w- c:\windows\system32\drivers\fidbox.dat

2010-02-01 22:20 . 2009-03-03 23:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\SolidDocuments

2010-02-01 13:40 . 2008-07-27 13:19 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Orbit

2010-01-23 23:36 . 2009-04-01 15:31 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\SolidDocuments

2010-01-13 16:18 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2009-12-29 13:32 . 2009-03-28 11:07 98304 ----a-w- c:\windows\DUMP8a0f.tmp

2009-12-26 12:55 . 2001-10-28 12:07 98846 ----a-w- c:\windows\system32\perfc016.dat

2009-12-26 12:55 . 2001-10-28 12:07 551248 ----a-w- c:\windows\system32\perfh016.dat

2009-12-24 21:41 . 2009-03-28 11:07 98304 ----a-w- c:\windows\DUMP7649.tmp

2009-12-24 21:30 . 2009-03-28 11:07 98304 ----a-w- c:\windows\DUMP7455.tmp

2009-12-21 15:03 . 2009-12-21 14:47 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2009-12-21 15:03 . 2009-12-21 14:48 52224 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll

2009-12-21 15:03 . 2009-12-21 14:48 114688 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\npmozax.dll

2009-12-21 15:03 . 2009-12-21 14:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2009-12-21 14:48 . 2009-12-21 14:48 -------- d-----w- c:\arquivos de programas\Conduit

2009-12-20 16:48 . 2009-12-20 16:31 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Skype

2009-12-20 16:35 . 2009-12-20 16:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-20 16:35 . 2009-12-20 16:35 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\skypePM

2009-12-20 16:27 . 2009-12-20 16:24 -------- d-----r- c:\arquivos de programas\Skype

2009-12-20 16:24 . 2009-12-20 16:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-12-20 16:23 . 2009-12-20 16:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-12-17 17:55 . 2009-12-18 10:34 52224 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{0e2fd431-c6d0-4f34-8a82-ac423aa4652d}\components\FFExternalAlert.dll

2009-12-17 17:55 . 2009-12-18 10:34 101376 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{0e2fd431-c6d0-4f34-8a82-ac423aa4652d}\components\RadioWMPCore.dll

2009-12-10 23:42 . 2009-12-10 23:42 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-12-07 20:44 . 2009-12-07 20:44 -------- d-----w- c:\arquivos de programas\Aneesoft

2009-11-24 20:39 . 2010-01-24 00:41 1093064 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

2009-11-23 22:58 . 2009-08-02 14:23 4045528 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-05 12:20 . 2009-08-05 13:28 41063272 ----a-w- c:\arquivos de programas\Caspo.exe

2009-08-04 23:56 . 2009-08-04 23:43 40958056 ----a-w- c:\arquivos de programas\setup_7.0.0.290_05.08.2009_03-20.exe

2008-06-19 20:56 . 2008-06-19 20:56 4450382 ----a-w- c:\arquivos de programas\nero_photoshow_express_4_us_row.exe

2008-06-19 20:42 . 2008-06-19 20:42 6104632 ----a-w- c:\arquivos de programas\picasaweb-current-setup.exe

2004-07-22 13:51 . 2004-07-22 13:51 3432656 ----a-w- c:\arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 . 2004-07-20 01:58 1156363 ----a-w- c:\arquivos de programas\BDANT.cab

2004-07-20 01:53 . 2004-07-20 01:53 976020 ----a-w- c:\arquivos de programas\BDAXP.cab

2004-07-09 17:17 . 2004-07-09 17:17 13265040 ----a-w- c:\arquivos de programas\dxnt.cab

2004-07-09 12:13 . 2004-07-09 12:13 15493481 -c--a-w- c:\arquivos de programas\DirectX.cab

2004-07-09 12:13 . 2004-07-09 12:13 703080 -c--a-w- c:\arquivos de programas\BDA.cab

2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- c:\arquivos de programas\dxsetup.exe

2004-07-09 07:08 . 2004-07-09 07:08 2242560 ----a-w- c:\arquivos de programas\dsetup32.dll

2004-07-09 06:03 . 2004-07-09 06:03 62976 ----a-w- c:\arquivos de programas\DSETUP.dll

2009-03-14 04:18 . 2009-03-14 04:09 352288 -csha-w- c:\windows\system32\drivers\fidbox2.dat

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

2009-11-09 21:38 2331672 ----a-w- c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="c:\arquivos de programas\BitTorrent\bittorrent.exe" [2009-11-05 654128]

"box services"="c:\windows\system32\wmdir\svwhost.exe" [2009-10-23 527872]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"box services"="c:\windows\system32\wmdir\svwhost.exe" [2009-10-23 527872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

2008-10-31 22:20 3563232 ----a-w- c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2009-11-05 14:04 654128 ----a-w- c:\arquivos de programas\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 02:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2006-04-01 20:32 1581056 ----a-r- c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

2008-07-21 22:31 1888 ----a-w- c:\documents and settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-12-02 15:40 122880 ----a-w- c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-30 15:30	133104	----atw-	c:\documents and settings\lan-04\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2005-01-07 20:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 14:18	49152	----a-w-	c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-05-18 14:29 49152 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2006-05-10 19:52 249856 ----a-w- c:\arquiv~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-04-01 20:33 7110656 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-04-01 20:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-08 01:57 30208 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-10-10 00:43 729088 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-06-27 11:06 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2009-01-13 14:09 270128 ----a-w- c:\arquivos de programas\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2005-03-08 03:33 53248 ----a-r- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2005-11-01 04:15 163840 ----a-r- c:\windows\system32\VTTrayp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\River Past\\Wave@MP3\\WaveAtMp3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/5/2009 15:47 107256]

R1 is-A7UA6drv;is-A7UA6drv;c:\windows\system32\drivers\47000877.sys [4/8/2009 20:58 148496]

R1 is-D8KDBdrv;is-D8KDBdrv;c:\windows\system32\drivers\98782068.sys [4/8/2009 21:04 148496]

R1 is-QR2A2drv;is-QR2A2drv;c:\windows\system32\drivers\17601523.sys [5/8/2009 10:41 148496]

R1 is-UEHSSdrv;is-UEHSSdrv;c:\windows\system32\drivers\99758160.sys [4/8/2009 22:13 148496]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [14/3/2009 17:23 719392]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [9/9/2009 20:21 12672]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [14/5/2009 15:47 731840]

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance --> c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance [?]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/9/2009 18:09 721904]

S1 is-VD0FUdrv;is-VD0FUdrv;c:\windows\system32\drivers\27206467.sys [4/8/2009 21:08 148496]

S2 gupdate1c9d8de2812eabc;Google Update Service (gupdate1c9d8de2812eabc);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/5/2009 21:01 133104]

S3 ListOpenedFileDrv;System Explorer Opened File Info;\??\c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys --> c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys [?]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

Conteúdo da pasta 'Tarefas Agendadas'

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

.

.

------- Scan Suplementar -------

uStart Page = hxxp://www.orkut.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Enviar para &Bluetooth - c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

Trusted Zone: ufc.br\www.sofia

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{0e2fd431-c6d0-4f34-8a82-ac423aa4652d}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{0e2fd431-c6d0-4f34-8a82-ac423aa4652d}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npkimi.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-boxfile - c:\windows\system32\inmbox\winbox.exe

HKLM-Run-boxfile - c:\windows\system32\inmbox\winbox.exe

AddRemove-eBay Icon - c:\documents and settings\lan-04\Dados de aplicativos\Desktopicon\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-01 19:52

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76E7133E-2B34-3E68-ED04-9E913775FEB5}*]

@Allowed: (Read) (RestrictedCode)

"oaapannifmdfblpenmmkebgjiojkme"=hex:64,61,64,62,63,6b,6c,69,00,85

"oamaijaacolopohcfdigicocoggdff"=hex:6a,61,64,62,64,6b,66,6c,70,62,65,64,68,61,

65,65,6d,67,6c,6a,00,02

"nagakigjhiopiiapjidcdjckiajd"=hex:6a,61,64,62,64,6b,66,6c,70,62,65,64,68,61,

65,65,6d,67,6c,6a,00,02

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA1D4C37-500C-C3FE-7715-D3EDCD5B017A}*]

@Allowed: (Read) (RestrictedCode)

"iadpdfmhpgibdmnmbc"=hex:6a,61,61,64,6d,65,62,6f,68,66,65,68,70,6d,66,6d,69,6a,

61,64,00,01

"hanajcpmflboijbj"=hex:6a,61,61,64,6d,65,62,6f,68,66,65,68,70,6d,66,6d,69,6a,

61,64,00,01

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

Tempo para conclusão: 2010-02-01 20:03:09

ComboFix-quarantined-files.txt 2010-02-01 23:03

ComboFix2.txt 2009-09-14 18:50

Pré-execução: 4.909.010.944 bytes disponíveis

Pós execução: 7.088.390.144 bytes disponíveis

Current=11 Default=11 Failed=10 LastKnownGood=12 Sets=1,2,3,4,5,6,7,8,10,11,12

- End Of File - - A31A0A05C7DF2A304B0BB0EFF5B72713

Discussão (4)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

Carregando comentários...