hdlotando

Senhores, Muitíssimo obrigado novamente Executei conforme o solicitado, agora parece que alguns "GB a mais" voltaram a aparecer Que trabalhão! Qual era exatamente o vírus que estava "atuando"?

Mais uma vez, muito grato pela atenção Vou verificar sua sugestão de não utilizar dois sofwares antivirus Acho que, na verdade, já está/estava resolvido depois de sua análise - o que ocorre é que eu tinha liberado apenas 1GB e o espaço disponível ficava diminuindo mas quando eu reinicializava o notebook os 1GB voltavam a aparecer. Agora eu liberei 20GB e o espaço disponível em disco permanece estável Segue abaixo a log do MBAM e do hijackthis: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Versão da Base de Dados: 5974 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06/03/2011 14:39:27 mbam-log-2011-03-06 (14-39-27).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 298644 Tempo decorrido: 1 hora(s), 32 minuto(s), 34 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) ================xxxxxxxxxxxxxxxxxxxxx====================xxxxxxxxxxxxxxxxx==================xxxxxxxxxxxxxxxxx====== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:44:26, on 06/03/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Users\x\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\taskmgr.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\x\Downloads\HijackThis (2).exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~1\GbPlugin\gbiehUni.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Google Update] "C:\Users\x\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~1\GbPlugin\gbiehUni.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 7611 bytes

Mais uma vez, muito grato pela atenção Vou verificar sua sugestão de não utilizar dois sofwares antivirus Acho que, na verdade, já está/estava resolvido depois de sua análise - o que ocorre é que eu tinha liberado apenas 1GB e o espaço disponível ficava diminuindo mas quando eu reinicializava o notebook os 1GB voltavam a aparecer. Agora eu liberei 20GB e o espaço disponível em disco permanece estável Segue abaixo a log do MBAM e do hijackthis: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Versão da Base de Dados: 5974 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06/03/2011 14:39:27 mbam-log-2011-03-06 (14-39-27).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 298644 Tempo decorrido: 1 hora(s), 32 minuto(s), 34 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) ================xxxxxxxxxxxxxxxxxxxxx====================xxxxxxxxxxxxxxxxx==================xxxxxxxxxxxxxxxxx====== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:44:26, on 06/03/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Users\x\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\taskmgr.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\x\Downloads\HijackThis (2).exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~1\GbPlugin\gbiehUni.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Google Update] "C:\Users\x\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~1\GbPlugin\gbiehUni.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 7611 bytes

Senhores, O problema voltou a acontecer, qualquer espaço que eu libero no disco é muito rapidamente ocupado O desempenho do notebook continua satisfatório Grato pela atenção

Muito obrigado pela atenção Rodei HouseCallLauncher, sem erros Rodei novamente Combofix e o resultado segue abaixo: ComboFix 11-03-03.01 - x 03/03/2011 17:02:43.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.3062.2056 [GMT -3:00] Executando de: c:\users\x\Downloads\ComboFix.exe AV: COMODO Antivirus *Disabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695} AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((( Arquivos/Ficheiros criados de 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))) . 2011-03-03 20:09 . 2011-03-03 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-03 19:47 . 2011-03-03 19:47 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA9C8E0E-A10B-4FB5-A27E-3F93F4A89609}\MpKslf5062ba5.sys 2011-03-03 18:15 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA9C8E0E-A10B-4FB5-A27E-3F93F4A89609}\mpengine.dll 2011-03-03 18:11 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-03-02 23:19 . 2011-03-02 23:19 -------- d-----w- c:\program files\Common Files\Java 2011-03-02 00:19 . 2011-03-02 00:19 -------- d-----w- c:\users\x\AppData\Roaming\Malwarebytes 2011-03-02 00:19 . 2011-03-02 00:19 -------- d-----w- c:\programdata\Malwarebytes 2011-03-02 00:18 . 2011-03-02 20:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-24 05:01 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll 2011-02-23 23:39 . 2011-03-03 19:49 -------- d-----w- c:\users\x\Tracing 2011-02-23 08:19 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-02-23 08:19 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-21 12:52 . 2011-02-17 20:06 160560 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-02-21 12:51 . 2011-02-17 20:06 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-02-17 20:06 . 2011-02-17 20:06 33712 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys 2011-02-17 20:06 . 2011-02-17 20:06 111152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-02-15 14:57 . 2011-02-15 14:57 -------- d-----w- c:\users\x\AppData\Local\ElevatedDiagnostics 2011-02-09 04:01 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-02-01 20:56 . 2011-02-01 20:56 -------- d-----w- c:\program files\Conduit 2011-02-01 20:55 . 2011-03-03 19:15 -------- d-----w- c:\users\x\AppData\Local\FLVService 2011-02-01 20:55 . 2011-02-01 21:31 -------- d-----w- c:\program files\Freecorder 2011-02-01 20:55 . 2011-02-01 20:55 -------- d-----w- c:\windows\Freecorder . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-11 06:54 . 2010-08-02 21:44 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-02-03 00:40 . 2010-08-15 20:33 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-27 14:24 . 2011-01-27 14:25 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67DFA6C8-C236-4253-91EB-5569EAD3E3F9}\gapaengine.dll 2011-01-11 22:46 . 2010-06-01 21:00 285480 ----a-w- c:\windows\system32\guard32.dll 2011-01-11 22:46 . 2010-06-01 21:00 80064 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-01-11 22:46 . 2010-06-01 21:00 35768 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-01-11 22:46 . 2010-06-01 21:00 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-01-11 22:46 . 2010-06-04 13:55 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-12-07 09:26 . 2010-01-31 16:23 47360 ----a-w- c:\users\x\AppData\Roaming\pcouffin.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2010-10-18 14:26 3908192 ----a-w- c:\program files\Freecorder\tbFree.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 14:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\x\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-02 136176] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-21 2548552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] c:\users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~1\GbPlugin\gbiehUni.dll" [2010-10-11 341928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni] 2010-10-11 15:51 341928 ----a-w- c:\progra~1\GbPlugin\gbiehUni.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\guard32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R1 MpKsl38c9f10a;MpKsl38c9f10a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3154B0A3-8578-4689-81F6-891FFA5ED353}\MpKsl38c9f10a.sys [x] R1 MpKsl9bb5214b;MpKsl9bb5214b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49BC89AC-9B90-4230-A8EB-4811FD13BC24}\MpKsl9bb5214b.sys [x] R1 MpKsla6774749;MpKsla6774749;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93D7DA1B-154B-4D1D-A9F0-D8CDFC75066C}\MpKsla6774749.sys [x] R1 MpKslb67921b0;MpKslb67921b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D77B9A0E-FF05-4A90-BEAB-B6AA9BBC13F4}\MpKslb67921b0.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 111152] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-02-17 33712] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1343400] S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-06-08 45128] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-01-11 17256] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-11 236600] S1 MpKslf5062ba5;MpKslf5062ba5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA9C8E0E-A10B-4FB5-A27E-3F93F4A89609}\MpKslf5062ba5.sys [2011-03-03 28752] S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2009-12-15 47504] S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [2009-12-15 126680] S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [2009-12-15 684280] S3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [2009-12-15 2245624] S3 netw5v32;Driver de adaptador Intel® Wireless WiFi Link 5000 Series para Windows Vista 32 Bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776] --- =Outros Serviços/Drivers Na Memória --- *NewlyCreated* - MPKSLF5062BA5 . Conteúdo da pasta 'Tarefas Agendadas' 2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4150278040-172058659-1168864351-1000Core.job - c:\users\x\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-02 00:05] 2011-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4150278040-172058659-1168864351-1000UA.job - c:\users\x\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-02 00:05] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab FF - ProfilePath - c:\users\x\AppData\Roaming\Mozilla\Firefox\Profiles\bq7mfxvs.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000016 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(528) c:\windows\system32\guard32.dll - - - - - - - > 'Explorer.exe'(3876) c:\windows\system32\guard32.dll c:\users\x\AppData\Local\FLVService\lib\FLVSrvLib.dll . Tempo para conclusão: 2011-03-03 17:11:00 ComboFix-quarantined-files.txt 2011-03-03 20:11 ComboFix2.txt 2011-03-02 21:53 Pré-execução: 130.822.144 bytes disponíveis Pós execução: 159.600.640 bytes disponíveis - - End Of File - - 72FF69C5D6D3887903A2759FB1DB05DD