Ir ao conteúdo
  • Cadastre-se

Enviando meu log


monicavtavaresj

Posts recomendados

OLÁ GOSTARIA QUE ANALISASSEM MEU LOG PELO QUAL FINALIZEI ATRAVÉS DO COMBOFIX.

MAS O QUE EU REALMENTE QUERIA RESOLVER EU NÃO CONSEGUI, Q ERA MEU TECLADO DESCONFIGURADO-QUALQUER TECLA QUE EU PRECISE DO SHIFT EU NÃO CONSIGO USAR.

SE ALGUÉM PUDER ME AJUDAR FICARIA GRATA.

ComboFix 13-01-03.05 - User 03/01/2013 16:27:10.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.511.301 [GMT -2:00]

Executando de: c:\documents and settings\User\Meus documentos\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Dados de aplicativos\TEMP

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.exe.lnk

c:\documents and settings\User\Dados de aplicativos\Desktopicon

c:\documents and settings\User\Dados de aplicativos\Desktopicon\config.ini

c:\documents and settings\User\Meus documentos\~WRL0138.tmp

c:\documents and settings\User\Meus documentos\~WRL0795.tmp

c:\documents and settings\User\Meus documentos\~WRL1407.tmp

c:\documents and settings\User\Meus documentos\~WRL2094.tmp

c:\documents and settings\User\Meus documentos\~WRL2700.tmp

c:\documents and settings\User\Meus documentos\~WRL3498.tmp

c:\documents and settings\User\Meus documentos\~WRL3526.tmp

c:\documents and settings\User\WINDOWS

C:\systeam

c:\systeam\idmaq

c:\systeam\kill6.mod

c:\systeam\kill7.mod

c:\systeam\kill8.mod

c:\systeam\regmaq9.mod

c:\systeam\roninnn.cmd

c:\systeam\vgrenew9.jar

c:\systeam\winnhelp6432.ini

C:\USER-5718C497DD.txt

c:\windows\system32\AutoRun.inf

c:\windows\system32\SET35B.tmp

c:\windows\system32\SET35C.tmp

c:\windows\system32\SET37.tmp

c:\windows\system32\SET39.tmp

c:\windows\system32\SET3D.tmp

c:\windows\system32\SET45.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\unin0416.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-12-03 to 2013-01-03 ))))))))))))))))))))))))))))

.

.

2110-01-27 21:15 . 2110-01-27 21:15 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google

2110-01-27 21:11 . 2011-08-15 08:05 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google

2013-01-02 04:01 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-01-02 04:01 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-01-02 04:01 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-01-02 04:01 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-01-02 04:01 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-01-02 04:01 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2013-01-02 04:01 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2013-01-02 04:00 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2013-01-02 03:59 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2013-01-02 03:59 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2013-01-02 03:59 . 2013-01-02 03:59 -------- d-----w- c:\arquivos de programas\AVAST Software

2013-01-02 03:33 . 2013-01-02 03:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVAST Software

10111-12-24 20:54 . 2012-07-13 04:38 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\HpUpdate

10111-12-24 20:54 . 10111-12-24 20:54 -------- d-----w- c:\windows\Hewlett-Packard

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-31 18:35 . 2009-05-31 18:35 16070968 ----a-w- c:\arquivos de programas\gimp-2.6.6-i686-setup.exe

2008-10-28 16:30 . 2008-10-28 16:29 50108836 ----a-w- c:\arquivos de programas\ADBEIDSNCS3_P.exe

2007-11-20 22:15 . 2007-11-20 22:15 3966288 ----a-w- c:\arquivos de programas\MsgPlusLive-423.exe

2007-09-30 18:01 . 2007-09-30 16:44 4237337 ----a-w- c:\arquivos de programas\RLSetup_Final.exe

2007-08-11 00:55 . 2007-08-11 00:55 949164 ----a-w- c:\arquivos de programas\Discador_Yahoo_V1_1_0a.exe

2007-08-06 04:39 . 2007-08-06 04:39 949164 ----a-w- c:\arquivos de programas\Discador_Yahoo_V1_1_0.exe

2007-03-13 15:44 . 2007-03-13 15:44 568467 ----a-w- c:\arquivos de programas\YahooAcessoGratis.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]

"Media Finder"="c:\arquivos de programas\Media Finder\Media Finder.exe" [2012-06-28 8613888]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2012-02-02 3209216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]

"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]

"nwiz"="nwiz.exe" [2006-06-01 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]

"AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 88203]

"LtMoh"="c:\arquivos de programas\ltmoh\Ltmoh.exe" [2005-05-18 188416]

"etMonitor"="c:\windows\etMon.exe" [2005-10-11 36864]

"TkBellExe"="c:\arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" [2007-09-30 180269]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-6 110592]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\WebEye\\WebEye.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/1/2013 02:01 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/1/2013 02:01 361032]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/1/2013 02:01 21256]

R3 DCamUSBET;ET USB 2710 Camera;c:\windows\system32\drivers\etDevice.sys [8/3/2007 21:23 106496]

R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [8/3/2007 21:23 176384]

R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [8/3/2007 21:23 6016]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-01-03 c:\windows\Tasks\avast! Emergency Update.job

- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-02 22:50]

.

2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2110-01-27 21:10]

.

2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2110-01-27 21:10]

.

2013-01-03 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 17:07]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download with &Media Finder - c:\arquivos de programas\Media Finder\hook.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.09\MediaManager\grab.html

TCP: DhcpNameServer = 201.17.0.79 201.17.0.119

.

- - - - ORFÃOS REMOVIDOS - - - -

.

HKCU-Run-areslite - c:\arquivos de programas\Ares Lite Edition\AresLite.exe

HKCU-Run-eMuleAutoStart - c:\arquivos de programas\eMule\emule.exe

AddRemove-Adobe Photoshop 5.0 - c:\windows\UNIN0416.EXE

AddRemove-SoundConvert - c:\arquivos de programas\MP3 Player Utilities 3.73\SoundConvert\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-03 16:55

Windows 5.1.2600 Service Pack 2 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.url]

@DACL=(02 0000)

@="{FBF23B40-E3F0-101B-8488-00AA003E56F8}"

"DisableProcessIsolation"=dword:00000001

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'explorer.exe'(3620)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\SOUNDMAN.EXE

c:\arquivos de programas\Java\jre1.5.0_05\bin\jucheck.exe

c:\windows\AGRSMMSG.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-01-03 17:01:56 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-01-03 19:01

.

Pré-execução: 10 pasta(s) 44.941.201.408 bytes disponíveis

Pós execução: 12 pasta(s) 48.374.980.608 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 59169EABD92604CD186BAC72D30B6762

Link para o comentário
Compartilhar em outros sites

  • 2 meses depois...

Boa noite a todos!

Estava pesquisando como retirar malware na internet e obtive a recomendação de aplicar o combo fix. Após essa aplicação eu vi que deveria encaminhar para o fórum o resultado para que vocês pudessem analisar e me dar um retorno se devo fazer mais alguma coisa.

Segue o relatório:

ComboFix 13-03-07.03 - Quel_Aguiar 08/03/2013 23:46:19.1.2 - x86

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3033.1889 [GMT -3:00]

Executando de: c:\users\Quel_Aguiar\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - system32: deleted 6 bytes in 3 streams.

ADS - drivers: deleted 412 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\ChilkatMail_v7_9.dll

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\kernel.dll

c:\windows\system32\Logof.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-02-09 to 2013-03-09 ))))))))))))))))))))))))))))

.

.

2013-03-09 02:51 . 2013-03-09 02:51 -------- d-----w- c:\users\Quel_Aguiar\AppData\Local\temp

2013-03-09 02:51 . 2013-03-09 02:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-09 02:44 . 2013-03-09 02:44 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E8794BD-43A8-4E31-A302-7A121A06E27E}\MpKslcde9f5cb.sys

2013-03-09 02:44 . 2013-03-09 02:44 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2013-03-08 21:13 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E8794BD-43A8-4E31-A302-7A121A06E27E}\mpengine.dll

2013-03-07 14:57 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-02-27 15:40 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll

2013-02-27 15:40 . 2013-01-13 19:02 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2013-02-27 15:40 . 2013-01-13 21:17 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-27 15:40 . 2013-01-13 21:17 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-02-27 15:40 . 2013-01-13 21:16 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-02-23 15:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-22 00:54 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-02-22 00:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll

2013-02-22 00:54 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2013-02-22 00:54 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2013-02-22 00:53 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2013-02-17 01:00 . 2013-02-27 15:23 -------- d-----w- c:\program files\Mozilla Maintenance Service

2013-02-15 01:22 . 2013-02-15 01:22 -------- d-----w- c:\programdata\Motorola

2013-02-15 01:22 . 2013-02-16 16:52 -------- d-----w- C:\Temp

2013-02-15 01:22 . 2013-02-15 01:22 -------- d-----w- c:\users\Quel_Aguiar\AppData\Roaming\Motorola Mobility

2013-02-15 01:22 . 2013-02-16 18:05 -------- d-----w- c:\program files\Motorola

2013-02-15 01:21 . 2013-02-15 01:21 -------- d-----w- c:\program files\Common Files\Motorola Shared

2013-02-15 01:20 . 2013-02-15 01:20 -------- d-----w- c:\users\Quel_Aguiar\AppData\Roaming\Motorola

2013-02-13 15:00 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 14:58 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-02-13 14:58 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 14:58 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 14:58 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-13 14:58 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-08 21:01 . 2010-08-02 18:09 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2013-03-08 21:01 . 2010-08-02 18:36 58288 ----a-w- c:\windows\system32\rpcnet.dll

2013-03-01 00:41 . 2012-04-07 11:52 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-01 00:41 . 2011-05-29 14:40 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-30 10:53 . 2010-08-02 19:36 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-22 20:08 . 2013-01-22 20:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-22 20:08 . 2012-07-24 21:51 859552 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-01-22 20:08 . 2010-08-04 18:22 780192 ----a-w- c:\windows\system32\deployJava1.dll

2013-01-20 18:59 . 2013-01-20 18:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-01-20 18:59 . 2010-10-24 23:25 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-01-10 09:00 . 2010-08-02 18:36 58288 ------w- c:\windows\system32\rpcnet.exe

2013-01-10 08:57 . 2010-08-02 18:10 17920 ----a-w- c:\windows\system32\rpcnetp.dll

2012-12-16 14:13 . 2012-12-21 01:10 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 01:10 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-02-26 22:30 . 2013-02-26 22:30 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-02 39408]

"Facebook Update"="c:\users\Quel_Aguiar\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-09 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-27 217088]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]

.

c:\users\Quel_Aguiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [N/A]

Gerenciador de HotSync.lnk - c:\program files\Palm\Hotsync.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~1\GbPlugin\gbiehUni.dll" [2011-12-20 732072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-11-22 18:05 1585768 ------w- c:\program files\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-12-26 15:03 1652584 ----a-w- c:\program files\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2011-12-20 17:32 732072 ------w- c:\progra~1\GbPlugin\gbiehUni.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

R3 BthAvrcp;Perfil AVRCP do Bluetooth;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

S1 MpKslcde9f5cb;MpKslcde9f5cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E8794BD-43A8-4E31-A302-7A121A06E27E}\MpKslcde9f5cb.sys [x]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [x]

S3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [x]

S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [x]

S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [x]

S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - MPKSLCDE9F5CB

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

GPSvcGroup REG_MULTI_SZ GPSvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 00:41]

.

2013-03-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1104088236-3391115795-950534968-1000Core.job

- c:\users\Quel_Aguiar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-09 14:54]

.

2013-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1104088236-3391115795-950534968-1000UA.job

- c:\users\Quel_Aguiar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-09 14:54]

.

2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-02 20:14]

.

2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-02 20:14]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.estadao.com.br/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\www

TCP: DhcpNameServer = 192.168.1.1

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.itau.com.br/itau/GbPlugin/cab/GbPluginUni.cab

FF - ProfilePath - c:\users\Quel_Aguiar\AppData\Roaming\Mozilla\Firefox\Profiles\98z3h3x4.default\

FF - ExtSQL: 2013-02-17 09:35; {87F8774F-B485-47E2-A755-A40A8A5E886C}; c:\users\Quel_Aguiar\AppData\Roaming\Mozilla\Firefox\Profiles\98z3h3x4.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

.

- - - - ORFÃOS REMOVIDOS - - - -

.

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

HKLM-Run-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

MSConfigStartUp-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe

MSConfigStartUp-wxs - c:\windowsf\wxs.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-03-08 23:53:42

ComboFix-quarantined-files.txt 2013-03-09 02:53

.

Pré-execução: 38.569.390.080 bytes disponíveis

Pós execução: 39.677.456.384 bytes disponíveis

.

- - End Of File - - 026216D4CEF710F765BDFE57E3784CF0

Obrigada pela ajuda!

Link para o comentário
Compartilhar em outros sites

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...