[Resolvido] &nbspLog para analise

[Edvan 30]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:08:43, on 15/06/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\USB Disk Security\USBGuard.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\System32\msdt.exe

C:\Windows\System32\sdiagnhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [uSB Security] C:\Program Files\USB Disk Security\USBGuard.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [Acronis Serviço Scheduler2] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)

O23 - Service: Acronis Serviço Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Serviço de Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

 

--

End of file - 8676 bytes

[Edvan 30]

Adiantando algumas ferramentas.. ;)

 

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

 

Versão da Base de Dados: 6864

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

15/06/2011 22:48:29

mbam-log-2011-06-15 (22-48-29).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|F:\|G:\|)

Objetos escaneados: 262007

Tempo decorrido: 35 minuto(s), 24 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 5

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

d:\Andreza\dvd 03 - musicas\monitoria\skecht up\CD\programa para instalar sketchup pro 6\Crack\Keymaker.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

d:\Andreza\dvd 03 - musicas\monitoria\skecht up\CD\programa para instalar sketchup pro 6\Crack\crack\Keymaker.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

f:\nero-7.10.1.0_ptb\nero_keygen.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.

f:\Pendrive\nero-7.10.1.0 + nero 8.2.8\nero_keygen.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.

f:\Pendrive\nero-7.10.1.0_ptb\nero_keygen.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.

[wings 22]

Olá Edvan

 

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Não use o mouse nem o teclado durante as etapas, pois implicará na desconfiguração do seu desktop!

*Cole o relatório apresentado

[Edvan 30]

ComboFix 11-06-17.04 - Edvan 18/06/2011 10:21:22.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.2036.1098 [GMT -3:00]

Executando de: c:\users\Edvan\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-05-18 to 2011-06-18 ))))))))))))))))))))))))))))

.

.

2011-06-18 13:28 . 2011-06-18 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-17 12:56 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B8B4299-226B-490B-8733-16494E7049AB}\mpengine.dll

2011-06-16 13:30 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-16 13:30 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 13:30 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 13:28 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-16 13:28 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 13:22 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 13:21 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 13:20 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 13:14 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-16 13:13 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-06-16 13:07 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 13:07 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 13:07 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 01:59 . 2011-06-16 01:59 -------- d-----w- c:\program files\Auslogics

2011-06-15 04:04 . 2011-06-15 04:04 -------- d-----w- c:\program files\Marcos Velasco Security

2011-06-15 03:07 . 2011-06-15 03:07 388608 ----a-w- C:\HiJackThis.exe

2011-06-15 00:32 . 2011-06-15 00:32 -------- d-----w- c:\program files\CPUID

2011-06-15 00:32 . 2010-11-09 18:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys

2011-06-13 02:08 . 2011-06-18 13:15 -------- d-----w- c:\users\Edvan\AppData\Local\LogMeIn Hamachi

2011-06-13 02:07 . 2011-06-13 02:07 -------- d-----w- c:\program files\LogMeIn Hamachi

2011-06-12 02:54 . 2009-09-04 20:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2011-06-12 02:54 . 2009-09-04 20:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2011-06-12 02:54 . 2009-09-04 20:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-06-12 02:53 . 2006-11-29 16:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-06-12 02:51 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2011-06-12 02:51 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-06-12 02:49 . 2011-06-12 02:49 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\5bb54eaa1cc28ab14\InstallManager_WLE_WLE.exe

2011-06-12 02:49 . 2011-06-12 02:49 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\5a08e9021cc28ab12\DSETUP.dll

2011-06-12 02:49 . 2011-06-12 02:49 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\5a08e9021cc28ab12\DXSETUP.exe

2011-06-12 02:49 . 2011-06-12 02:49 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\5a08e9021cc28ab12\dsetup32.dll

2011-06-12 02:49 . 2011-06-12 02:49 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\5abfa3121cc28ab13\MeshBetaRemover.exe

2011-06-12 02:49 . 2011-06-12 02:49 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\5878eedc1cc28ab11\DXSETUP.exe

2011-06-12 02:49 . 2011-06-12 02:49 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\5878eedc1cc28ab11\dsetup32.dll

2011-06-12 02:49 . 2011-06-12 02:49 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\5878eedc1cc28ab11\DSETUP.dll

2011-06-12 02:49 . 2011-06-12 02:49 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\513ac55d1cc28ab0d\Silverlight.4.0.exe

2011-06-11 20:29 . 2011-06-11 20:29 -------- d-----w- c:\users\Edvan\AppData\Roaming\AVI ReComp

2011-06-11 20:28 . 2011-06-11 20:28 -------- d-----w- c:\program files\Xvid

2011-06-11 17:46 . 2011-06-11 17:46 -------- d-----w- c:\windows\AVIFiles

2011-06-11 17:44 . 2011-06-11 17:46 -------- d-----w- c:\program files\DMMultiView

2011-06-11 17:44 . 2011-06-11 17:45 -------- d--h--w- c:\program files\InstallShield Installation Information

2011-06-11 17:44 . 2011-06-11 17:44 -------- d-----w- c:\program files\Common Files\InstallShield

2011-06-11 17:43 . 2011-06-11 17:43 -------- d-----w- c:\windows\system32\v8310

2011-06-11 17:43 . 2011-06-11 17:43 -------- d-----w- c:\windows\system32\v8300

2011-06-11 17:43 . 2009-03-27 17:28 322560 ----a-w- c:\windows\VISCA.dll

2011-06-11 17:43 . 2011-06-11 17:43 -------- d-----w- c:\windows\GeoOCX

2011-06-11 17:43 . 2011-06-11 17:43 -------- d-----w- c:\windows\v8310

2011-06-11 17:43 . 2011-06-11 17:43 -------- d-----w- c:\windows\v8110

2011-06-10 01:28 . 2011-06-10 01:28 -------- d-----w- c:\program files\Xilisoft

2011-06-01 00:00 . 2011-06-01 00:00 -------- d-----w- c:\users\Edvan\AppData\Roaming\Malwarebytes

2011-06-01 00:00 . 2011-05-29 12:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-01 00:00 . 2011-06-01 00:00 -------- d-----w- c:\programdata\Malwarebytes

2011-06-01 00:00 . 2011-06-16 00:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-01 00:00 . 2011-05-29 12:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-30 02:24 . 2011-05-30 02:24 -------- d-----w- c:\program files\Common Files\xing shared

2011-05-30 02:23 . 2011-05-30 02:23 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-30 02:23 . 2011-05-30 02:23 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-05-30 02:23 . 2011-05-30 02:24 -------- d-----w- c:\program files\Real

2011-05-27 02:07 . 2011-05-27 02:07 -------- d-----w- c:\users\Edvan\AppData\Local\Mozilla

2011-05-27 01:50 . 2011-05-27 01:50 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-05-27 01:50 . 2011-05-27 01:50 -------- d-----w- c:\users\Edvan\AppData\Roaming\C736FD1E-7FA3-4110-BFCD-D0F5C7D2EBB5

2011-05-27 01:50 . 2011-05-27 01:50 581984 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-05-27 01:49 . 2011-05-27 01:49 170464 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-05-27 01:49 . 2011-05-27 01:49 -------- d-----w- c:\program files\Acronis

2011-05-27 01:49 . 2011-05-27 01:50 -------- d-----w- c:\program files\Common Files\Acronis

2011-05-27 01:46 . 2011-05-27 01:46 -------- d-----w- c:\users\Edvan\AppData\Local\ElevatedDiagnostics

2011-05-27 00:59 . 2011-05-27 00:59 -------- d-----w- c:\users\Edvan\AppData\Roaming\62485F94-B869-4F25-B694-59D315331889

2011-05-26 02:02 . 2011-05-26 02:02 -------- d-----w- c:\users\Edvan\AppData\Roaming\A1A6FCDB-0BD3-4595-ADD8-3DE36C2C3791

2011-05-26 02:02 . 2011-05-26 02:02 -------- d-----w- c:\users\Edvan\AppData\Roaming\96265808-6C00-4407-A78F-021853402432

2011-05-25 23:48 . 2011-05-27 01:50 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2011-05-25 16:32 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-25 00:31 . 2011-05-25 00:31 -------- d-----w- c:\users\Edvan\AppData\Local\ODUI

2011-05-25 00:31 . 2011-05-25 00:31 -------- d-----w- c:\users\Edvan\AppData\Local\Stardock

2011-05-25 00:31 . 2011-05-25 00:31 -------- d-----w- c:\users\Edvan\AppData\Roaming\Stardock

2011-05-25 00:31 . 2011-05-25 00:31 -------- d-----w- c:\program files\Stardock

2011-05-25 00:31 . 2011-05-25 00:31 -------- d-----w- c:\users\Edvan\AppData\Local\PackageAware

2011-05-23 01:12 . 2011-05-23 01:12 -------- d-----w- c:\program files\Common Files\Adobe

2011-05-21 03:53 . 2011-05-21 03:53 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-05-21 02:24 . 2011-05-21 02:24 -------- d-----w- c:\program files\TrendMicro

2011-05-20 22:56 . 2011-06-12 07:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-20 18:21 . 2011-05-20 18:21 -------- d-----w- c:\program files\FreeTime

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-24 22:14 . 2011-05-14 00:55 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-10 12:10 . 2011-05-14 02:26 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2011-05-14 02:26 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2011-05-14 02:26 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 12:03 . 2011-05-14 02:27 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2011-05-14 02:26 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2011-05-14 02:27 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2011-05-14 02:26 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2011-05-14 02:27 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-04-14 08:07 . 2011-05-16 15:00 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-09 06:13 . 2011-05-14 02:27 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-14 02:27 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-15 18:34 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-04-14 16:59 . 2011-05-27 02:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-16 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2011-01-29 623520]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-03 5149840]

"Acronis Serviço Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-03 358808]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-30 273544]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2011-5-14 1843000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 135664]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1343400]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-05-27 752128]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 afcdpsrv;Serviço de Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-27 3246040]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-05-27 167968]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 03:30]

.

2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 03:30]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 187.0.32.67 187.0.32.66 192.168.1.1

FF - ProfilePath - c:\users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\15q1nmpg.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=6c07e24700000000000000265a794b4b&tlver=1.4.19.19&instlRef=sst&affID=17160&q=

.

- - - - ORFÃOS REMOVIDOS - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\Adsense]

@DACL=(02 0000)

"AdsenseLang"="Portuguese"

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to 3GP]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to AAC]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to AMR]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to AVI]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to BMP]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to FLAC]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to FLV]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to GIF]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to ICO]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to JPG]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to M4A]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to M4R]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to MKV]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to MMF]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to Mobile Device]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to MOV]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to MP2]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to MP3]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to MP4]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to MPG]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to OGG]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to PCX]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to PNG]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to RMVB]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to SWF]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to TGA]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to TIF]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to VOB]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to WAV]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to WavPack]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to WMA]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\All to WMV]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\Audio Joiner]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\DVD to Video File]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\Music CD to Audio File]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\Mux]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\FreeTime\FormatFactory\Video Joiner]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\Microsoft\Installer\Products\6DED2C82B5237CC489A371778C7FBFBA\SourceList\Media]

@DACL=(02 0000)

"1"=";"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2011-06-18 10:31:09

ComboFix-quarantined-files.txt 2011-06-18 13:31

.

Pré-execução: 10.173.607.936 bytes disponíveis

Pós execução: 10.114.351.104 bytes disponíveis

.

- - End Of File - - E123A6B6B18361AD74860993C0469CC7

[wings 22]

OK...o log está limpo.:)

 

Os travamentos podem ser decorrentes dos módulos de proteção do Avast.

 

*Clique [iniciar] > [Todos os programas] > [Acessórios] > [Executar] > copie e cole: c:\users\Edvan\Desktop\ComboFix.exe /uninstall

*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

 

Um abraço.

[Edvan 30]

feito...mais uma vez obrigado amigo.. :joia:

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.