matmaibat 0 Denunciar post Postado Fevereiro 22, 2012 Olá, meu Email começou a enviar mensagens sozinho e descobri que estou com vírus >.< segue os logs: HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:46:38, on 22/02/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe C:\Program Files (x86)\ASUS\EPU\EPU.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Orbitdownloader\orbitdm.exe C:\Program Files (x86)\Orbitdownloader\orbitnet.exe C:\Users\Matheus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matheus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matheus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matheus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Matheus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matheus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matheus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matheus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matheus\AppData\Local\Google\Chrome\Application\chrome.exe C:\Downloads\HiJackThis(1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=pando&id=pandoleveluptb&v=1_0&ent=hp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LevelUp Toolbar - {949A7FED-30B4-433e-9718-23EC99A126B0} - C:\Program Files (x86)\leveluptb\levelupdx.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: LevelUp Toolbar - {949A7FED-30B4-433e-9718-23EC99A126B0} - C:\Program Files (x86)\leveluptb\levelupdx.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b O4 - HKLM\..\Run: [six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13841 bytes ////////////////// ComboFix 12-02-21.01 - Matheus 22/02/2012 17:34:18.1.6 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3838.2625 [GMT -3:00] Executando de: c:\downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - drivers: deleted 208 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\local.txt c:\windows\SysWow64\muzapp.exe c:\windows\SysWow64\system32 c:\windows\SysWow64\system32\3DAudio.ax c:\windows\SysWow64\system32\avrt.dll c:\windows\SysWow64\system32\cis-2.4.dll c:\windows\SysWow64\system32\issacapi_bs-2.3.dll c:\windows\SysWow64\system32\issacapi_pe-2.3.dll c:\windows\SysWow64\system32\issacapi_se-2.3.dll c:\windows\SysWow64\system32\MACXMLProto.dll c:\windows\SysWow64\system32\MaDRM.dll c:\windows\SysWow64\system32\MaJGUILib.dll c:\windows\SysWow64\system32\MAMACExtract.dll c:\windows\SysWow64\system32\MASetupCleaner.exe c:\windows\SysWow64\system32\MaXMLProto.dll c:\windows\SysWow64\system32\mfplat.dll c:\windows\SysWow64\system32\MK_Lyric.dll c:\windows\SysWow64\system32\MSCLib.dll c:\windows\SysWow64\system32\MSFLib.dll c:\windows\SysWow64\system32\MSLUR71.dll c:\windows\SysWow64\system32\msvcp60.dll c:\windows\SysWow64\system32\MTTELECHIP.dll c:\windows\SysWow64\system32\MTXSYNCICON.dll c:\windows\SysWow64\system32\muzaf1.dll c:\windows\SysWow64\system32\muzapp.dll c:\windows\SysWow64\system32\muzapp.exe c:\windows\SysWow64\system32\muzdecode.ax c:\windows\SysWow64\system32\muzeffect.ax c:\windows\SysWow64\system32\muzmp4sp.ax c:\windows\SysWow64\system32\muzmpgsp.ax c:\windows\SysWow64\system32\muzoggsp.ax c:\windows\SysWow64\system32\muzwmts.dll c:\windows\SysWow64\system32\psapi.dll . . (((((((((((((((( Arquivos/Ficheiros criados de 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))) . . 2012-02-22 20:39 . 2012-02-22 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-22 02:13 . 2012-02-22 02:13 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58F68BC5-9ADC-4879-830D-B2D06F97A4FD}\offreg.dll 2012-02-21 20:48 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58F68BC5-9ADC-4879-830D-B2D06F97A4FD}\mpengine.dll 2012-02-18 04:21 . 2012-02-18 04:21 -------- d-----r- C:\Sandbox 2012-02-18 04:18 . 2012-02-18 04:18 -------- d-----w- c:\program files\Sandboxie 2012-02-15 21:00 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 21:00 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-15 21:00 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 21:00 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-15 21:00 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 21:00 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-15 21:00 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 21:00 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-14 22:36 . 2012-02-14 22:36 -------- d-----w- c:\program files (x86)\Cheat Engine 6 2012-02-13 10:50 . 2012-02-13 10:50 -------- d-----w- c:\users\Matheus\AppData\Local\Garena 2012-02-11 06:50 . 2012-02-11 06:50 -------- d-----w- c:\users\Matheus\AppData\Local\Chromium 2012-02-05 05:40 . 2012-02-17 02:19 -------- d-----w- c:\users\Matheus\AppData\Roaming\Ventrilo 2012-02-05 05:39 . 2012-02-05 05:39 -------- d-----w- c:\program files\Ventrilo 2012-02-05 05:38 . 2012-02-05 05:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-01-29 16:29 . 2012-02-01 15:27 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091 2012-01-28 03:03 . 2012-01-28 03:03 -------- d-----w- c:\programdata\Sony 2012-01-28 03:03 . 2012-01-28 03:03 -------- d-----w- c:\users\Matheus\AppData\Roaming\Publish Providers 2012-01-28 02:54 . 2012-01-28 03:02 -------- d-----w- c:\users\Matheus\AppData\Local\Sony 2012-01-28 02:54 . 2012-01-28 02:54 -------- d-----w- c:\program files\Sony 2012-01-28 02:54 . 2012-01-28 02:54 -------- d-----w- c:\program files (x86)\Sony 2012-01-28 02:53 . 2012-01-28 03:03 -------- d-----w- c:\users\Matheus\AppData\Roaming\Sony 2012-01-27 07:37 . 2012-01-27 07:40 -------- d-----w- C:\Fraps 2012-01-26 04:08 . 2012-02-20 03:57 -------- d-----w- c:\users\Matheus\AppData\Local\PointBlank 2012-01-25 05:39 . 2012-01-25 05:39 -------- d-----w- C:\ongame . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-22 02:12 . 2011-09-30 17:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-31 21:47 . 2011-09-21 01:56 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-01-29 08:10 . 2012-01-08 20:32 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-20 08:34 . 2012-01-20 08:34 73728 ----a-w- c:\windows\SysWow64\VistaInfo32.dll 2011-12-21 19:32 . 2011-11-09 23:13 45896 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{949A7FED-30B4-433e-9718-23EC99A126B0}] 2011-04-20 18:53 81920 ----a-w- c:\program files (x86)\leveluptb\levelupdx.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-02-01 22:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{949A7FED-30B4-433e-9718-23EC99A126B0}"= "c:\program files (x86)\leveluptb\levelupdx.dll" [2011-04-20 81920] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240] . [HKEY_CLASSES_ROOT\clsid\{949a7fed-30b4-433e-9718-23ec99a126b0}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-07 666384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-22 9919104] "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "QFan Help"="c:\program files\ASUS\Ai Suite\QFan4\FanHelp.exe" [2010-03-25 888960] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2012-02-14 19:05 1358408 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176] R3 AODDriver;AODDriver;c:\program files\ASUS\GPU Boost Driver\amd64\AODDriver.sys [2010-01-25 21048] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x] R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va005;X6va005;c:\users\Matheus\AppData\Local\Temp\005F0C6.tmp [x] R3 X6va006;X6va006;c:\users\Matheus\AppData\Local\Temp\0068524.tmp [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-11-14 1156216] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111219.001\IDSvia64.sys [2011-09-21 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-10 361984] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2011-12-21 204872] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' . 2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 19:57] . 2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 19:57] . 2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1621796390-1012695264-3663527530-1000Core.job - c:\users\Matheus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 02:09] . 2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1621796390-1012695264-3663527530-1000UA.job - c:\users\Matheus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-21 02:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.mystart.com/?pr=pando&id=pandoleveluptb&v=1_0&ent=hp mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Enviar para o OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: Download Link Using Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 Trusted Zone: bancobrasil.com.br\www Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\www TCP: DhcpNameServer = 192.168.1.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Matheus\AppData\Local\Temp\005F0C6.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006] "ImagePath"="\??\c:\users\Matheus\AppData\Local\Temp\0068524.tmp" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-1621796390-1012695264-3663527530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1621796390-1012695264-3663527530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1621796390-1012695264-3663527530-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27E1C5BC-4EA4-E0C9-4817-97D6135BB95C}*] "mafppcijdlcenhaipcnlekjbdj"=hex:6a,61,61,69,6a,64,63,6b,62,61,69,69,63,61,64, 6c,70,66,6a,61,00,00 "nalpnioekhiolcodbclnbfbalfae"=hex:6a,61,61,69,6a,64,63,6b,62,61,69,69,63,61, 64,6c,70,66,6a,61,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclusão: 2012-02-22 17:40:46 ComboFix-quarantined-files.txt 2012-02-22 20:40 . Pré-execução: 874.238.083.072 bytes disponíveis Pós execução: 873.916.977.152 bytes disponíveis . - - End Of File - - D6E84141616FF0B2AD7C765937DC82DD gostaria de lembrar que passei o combofix primeiro do que o hijack muitoobrigado Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 24, 2012 Bom Dia! matmaibat |- Desabilite seu antivírus! |- Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK. |- < > |- Clique em Executar --> Aguarde! |- Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK. |- Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório! |- Ou,vá em Iniciar --> Executar --> Digite ou cole ( Paste ): |- "%userprofile%\desktop\combofix" /uninstall |- Clique OK. |- Aguarde a desinstalação,e clique OK na mensagem. |- Ps: Outra opção,seria renomear o Combofix.exe para uninstall.exe e executá-lo. ///°°°/// |- Baixe: < GabKiller > ( ... par 2011N2 ) |- Salve-o no desktop! |- Feche pastas que estejam abertas e execute a ferramenta. |- Para Windows Vista ou 7,clique direito e execute como administrador. |- Escolha a opção 1. Rechercher -> Aperte Enter! |- Aguarde a conclusão e poste o relatório: Rapport de recherche de GabKiller |- Para sair,aperte a opção "4. Quitter" -> Enter! ///°°°/// |- Baixe: < AdwCleaner > ( ... par Xplode ) |- Clique em Télécharger! < > |- Salve-o no desktop! |- Dê início ao scan,clicando em "Recherche" < > |- Ao concluir,poste o relatório: C:\AdwCleaner[R].txt ///°°°/// |- Baixe: < > < > ( ...par Nicolas Coolman ) |- Estando na página,clique em: < > |- Salve-o em Arquivos de programas. |- Ps: Descompacte-o em Arquivos de programas. |- Abra a ferramenta ZHPDiag e habilite todas as opções de diagnóstico,clicando em ( Ícone da chave de fenda ) |- Clique em All. |- Dê início ao diagnóstico ( Diag ),clicando no ícone da lupa. |- Ao concluir,clique em "Save Report",para dispormos do relatório. |- Salve-o em um local conveniente! |- Poste-o,na sua resposta: ZHPDiag.txt |- Ps: Caso tenha problemas ao postar esse relatório,acesse < > |- Maiores informações: |Aqui!| ou |pjjoint.malekal.com| Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
matmaibat 0 Denunciar post Postado Fevereiro 24, 2012 Outil développé par 2011N2 Contact : lot12@hotmail.fr Site : http://2011n2.forumgratuit.fr/ Mis à jour le : 04/08/2011 à 13h | 1.45 par 2011N2 Début du scan de recherche : 13:30:04 Nom du PC : MATHEUS-PC Système d'exploitation : Windows 7 Ultimate Internet Explorer : 9.0.8112.16421 Mozilla Firefox : version 5 Mozilla Firefox : version 6 ############################# Éléments infectieux ############################# ============================ Section HKLM ============================ Présent : HKLM\Software\AskToolbar Présent : HKLM\Software\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Présent : HKLM\Software\Classes\Wow6432Node\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Présent : HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Présent : HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Présent : HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Présent : HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Présent : HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Présent : HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Présent : HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Présent : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Présent : HKLM\Software\Wow6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Présent : HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Présent : HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Présent : HKLM\Software\Classes\Wow6432Node\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Présent : HKLM\Software\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd Présent : HKLM\Software\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1 Présent : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Présent : HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Présent : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF ============================ Section HKCU ============================ Présent : HKCU\Software\Ask.com Présent : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Présent : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} ============================ Section HKCR ============================ Présent : HKCR\CLSID\{00000000-6e41-4fd3-8538-502f5495e5fc} Présent : HKCR\CLSID\{d4027c7f-154a-4066-a1ad-4243d8127440} Présent : HKCR\genericasktoolbar.toolbarwnd Présent : HKCR\genericasktoolbar.toolbarwnd.1 Présent : HKCR\TypeLib\{2996f0e7-292b-4cae-893f-47b8b1c05b56} Présent : HKCR\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Présent : HKCR\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Présent : HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKCR\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Présent : HKCR\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Présent : HKCR\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Présent : HKCR\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Présent : HKCR\Interface\{6C434537-053E-486D-B62A-160059D9D456} Présent : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Présent : HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Présent : HKCR\genericasktoolbar.toolbarwnd Présent : HKCR\genericasktoolbar.toolbarwnd.1 ========================== Dossiers/Fichiers ========================== ================================================================================================ Fin du scan de recherche : 13:30:38 Copyright © 2011. Tous droits réservés. ############### EOF ############### Outil développé par 2011N2 Contact : lot12@hotmail.fr Site : http://2011n2.forumgratuit.fr/ Mis à jour le : 04/08/2011 à 13h | 1.45 par 2011N2 Début du scan de recherche : 13:30:04 Nom du PC : MATHEUS-PC Système d'exploitation : Windows 7 Ultimate Internet Explorer : 9.0.8112.16421 Mozilla Firefox : version 5 Mozilla Firefox : version 6 ############################# Éléments infectieux ############################# ============================ Section HKLM ============================ Présent : HKLM\Software\AskToolbar Présent : HKLM\Software\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Présent : HKLM\Software\Classes\Wow6432Node\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Présent : HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Présent : HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Présent : HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Présent : HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Présent : HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Présent : HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Présent : HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Présent : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Présent : HKLM\Software\Wow6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Présent : HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Présent : HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Présent : HKLM\Software\Classes\Wow6432Node\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Présent : HKLM\Software\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd Présent : HKLM\Software\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1 Présent : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Présent : HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Présent : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF ============================ Section HKCU ============================ Présent : HKCU\Software\Ask.com Présent : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Présent : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} ============================ Section HKCR ============================ Présent : HKCR\CLSID\{00000000-6e41-4fd3-8538-502f5495e5fc} Présent : HKCR\CLSID\{d4027c7f-154a-4066-a1ad-4243d8127440} Présent : HKCR\genericasktoolbar.toolbarwnd Présent : HKCR\genericasktoolbar.toolbarwnd.1 Présent : HKCR\TypeLib\{2996f0e7-292b-4cae-893f-47b8b1c05b56} Présent : HKCR\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Présent : HKCR\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Présent : HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKCR\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Présent : HKCR\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Présent : HKCR\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Présent : HKCR\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Présent : HKCR\Interface\{6C434537-053E-486D-B62A-160059D9D456} Présent : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Présent : HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Présent : HKCR\genericasktoolbar.toolbarwnd Présent : HKCR\genericasktoolbar.toolbarwnd.1 ========================== Dossiers/Fichiers ========================== ======================================================================= Fin du scan de recherche : 13:30:38 Copyright © 2011. Tous droits réservés. ############### EOF ############### # AdwCleaner v1.500 - Logfile created 02/24/2012 at 13:33:38 # Updated 23/02/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Matheus - MATHEUS-PC # Running from : C:\Users\Matheus\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\Ask Folder Found : C:\Users\Matheus\AppData\LocalLow\AskToolbar Folder Found : C:\Program Files (x86)\Ask.com Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [H. Navipromo] ***** ***** [Registry] ***** Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKLM\SOFTWARE\AskToolbar Key Found : HKLM\SOFTWARE\Cheat Engine\OpenCandy Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Registry (x64)] ***** Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.mystart.com/?pr=pando&id=pandoleveluptb&v=1_0&ent=hp -\\ Google Chrome v17.0.963.56 File : C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [4927 octets] - [24/02/2012 13:33:38] ########## EOF - C:\AdwCleaner[R1].txt - [5055 octets] ########## Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 24, 2012 Boa Tarde! matmaibat |- Lance,novamente,GabKiller,e escolha a opção 2. Suppression ou 2. Delete -> Aperte Enter! |- Aguarde a conclusão e poste o relatório: Rapport de suppression de GabKiller |- Para sair,aperte a opção "4. Quitter" -> Enter! ///°°°/// |- Lance,novamente,AdwCleaner e clique em "Suppression". |- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt ///°°°/// |- Ps: Não esqueça de postar o relatório de ZHPDiag. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
matmaibat 0 Denunciar post Postado Fevereiro 24, 2012 =========== Informations =========== Mis à jour le : 07/08/2011 à 16h12 | 1.45 par 2011N2 Rapport de suppression de GabKiller par 2011N2 Contact : lot12@hotmail.fr Site : http://2011n2.forumgratuit.fr/ Début du nettoyage : 18:37:06 ###################################### Clés supprimées #################################### ============================ Section HKLM ============================ supprimé !! HKLM\Software\AskToolbar supprimé !! HKLM\Software\Classes\Wow6432Node\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} supprimé !! HKLM\Software\Classes\AppID\GenericAskToolbar.DLL supprimé !! HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} supprimé !! HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} supprimé !! HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd supprimé !! HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF supprimé !! HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} supprimé !! HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} supprimé !! HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF supprimé !! HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} supprimé !! HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} supprimé !! HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} supprimé !! HKLM\Software\Wow6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} supprimé !! HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} supprimé !! HKLM\Software\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1 supprimé !! HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} ============================ Section HKCU ============================ Supprimé !! HKCU\Software\Ask.com Supprimé !! HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Supprimé !! HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} ============================ Section HKCR ============================ ========================== Dossiers/Fichiers ======================== =================================== Fin du nettoyage : 18:37:24 Copyright © 2011. Tous droits réservés. ======== EOF ======== e http://mydoc.tk/3/423ZHPDiag.txt Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 25, 2012 Boa Noite! matmaibat |- Poste,AdwCleaner na opção "Suppression". ########### ---\\ Crack & Keygen Files (CKF) (O82) C:\Program Files\Sony\Vegas Pro 11.0\sony.vegas11_64bit_keygen-patch.exe C:\RF2.2.3.2GU.part01(1)\SERVER\ZoneServer\RF_Bin\Script\FIrecracker.dat C:\RF2.2.3.2GU.part01(1)\SERVER\ZoneServer\RF_Bin\Script\FIrecracker_str.dat C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen\keygen.exe C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen.rar C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen.zip C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1.exe C:\Users\Matheus\Downloads\Hide_IP_Platium___KeyGen.rar C:\Program Files\Sony\Vegas Pro 11.0\sony.vegas11_64bit_keygen-patch.exe C:\RF2.2.3.2GU.part01(1)\SERVER\ZoneServer\RF_Bin\Script\FIrecracker.dat C:\RF2.2.3.2GU.part01(1)\SERVER\ZoneServer\RF_Bin\Script\FIrecracker_str.dat C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen\keygen.exe C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen.rar C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen.zip C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1.exe C:\Users\Matheus\Downloads\Hide_IP_Platium___KeyGen.rar ########### |- Cracks e KeyGens,fragilizam a segurança do PC. Busque removê-los! ///°°°/// |- Feche programas/pastas que estejam abertas. |- Para Windows Vista,desabilite a UAC. |- Dê um duplo clique em ZHPFix. |- Clique no menu,H < > R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.comO2 - BHO: Ask Toolbar BHO [64Bits] - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O4 - Global Startup: C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk - Orphean Key O4 - Global Startup: C:\Users\Matheus\Desktop\Computador.lnk - Orphean Key O4 - Global Startup: C:\Users\Matheus\Desktop\Navegador web em uma caixa.lnk . (...) -- C:\Program Files (x86)\Sandboxie\Start.exe (.not file.) O4 - Global Startup: C:\Users\Matheus\Desktop\Ventrilo.lnk . (...) -- C:\Program Files (x86)\Ventrilo\Ventrilo.exe (.not file.) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1621796390-1012695264-3663527530-1000Core.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1621796390-1012695264-3663527530-1000UA.job [MD5.00000000000000000000000000000000] [APT] [{CFB441D8-AF08-4094-9336-CB7C5C021AD8}] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exenotoffered;toolbaroffered (.not file.) O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} O42 - Logiciel: Java 6 Update 29 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216029FF} O43 - CFD: 26/10/2011 - 18:19:12 - [0] ----D- C:\ProgramData\Ask O43 - CFD: 20/01/2012 - 05:12:48 - [1,858] ----D- C:\Program Files (x86)\Ask.com O44 - LFC:[MD5.319BE80386271D3FC5C9E350E7F580CD] - 22/02/2012 - 17:40:46 ---A- . (...) -- C:\ComboFix.txt [21705] O45 - LFCP:[MD5.BBD576F4BA16DB0842D5C5EFB614C3D2] - 24/02/2012 - 13:03:27 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1621796390-1012695264-3663527530-1000.db O45 - LFCP:[MD5.20BE386919DECED8F0BB9AAAF328A231] - 24/02/2012 - 13:03:28 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1621796390-1012695264-3663527530-1000.db O45 - LFCP:[MD5.7FB69E1207D6E3FC47A46DA63A4A8695] - 24/02/2012 - 13:13:59 ---A- - C:\Windows\Prefetch\AgRobust.db O45 - LFCP:[MD5.2E5E089060F60756AB43C63483E3F0D4] - 24/02/2012 - 13:14:00 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db O45 - LFCP:[MD5.C70C8DDAFC287494BB86F2C98087A2F4] - 24/02/2012 - 13:14:00 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db O45 - LFCP:[MD5.FB10ED0EDAC8787A048E400E8B253D4D] - 24/02/2012 - 13:14:00 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O69 - SBI: SearchScopes [HKCU] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (Search The Web) - http://www.mystart.com O69 - SBI: SearchScopes [HKCU] {992981BA-287B-480F-9C1B-BA97DB14E10E} - (Ask Search) - http://websearch.ask.com [HKLM\Software\Wow6432Node\Cheat Engine\OpenCandy] [HKLM\Software\WOW6432Node\Classes\AppID\GenericAskToolbar.DLL] [HKLM\Software\WOW6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] [HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKLM\Software\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}] [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}] [HKLM\Software\WOW6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] [HKLM\Software\WOW6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] [HKLM\Software\WOW6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] [HKLM\Software\WOW6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKLM\Software\WOW6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKCU\Software\Ask.com] [HKLM\Software\Ask.com] [HKCU\Software\AppDataLow\Software\AskToolbar] [HKLM\Software\WOW6432Node\AskToolbar] [HKLM\Software\AskToolbar] [HKLM\Software\Swearware] C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll C:\Users\Matheus\AppData\LocalLow\AskToolbar C:\Program Files (x86)\Ask.com C:\ProgramData\Ask C:\ComboFix.txt emptytemp emptyflash firewallraz sysrestore |- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix. |- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote. |- Clique em GO -> Oui. |- Ao concluir,e caso tenha desaparecido todos os ícones de seu desktop,faça o seguinte: |- Abra o Gerenciador de tarefas. ( ctrl+alt+del ) |- Clique na aba "Aplicativos". |- Clique em "Nova tarefa..." |- Digite na caixa: explorer.exe |- Clique em OK. |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt |- Ps: Também,serão gerados os seguintes relatórios,que não serão postados! |- ZHPExportRegistry-dia-mes-2012-hs-min-seg; |- ZHPADSReport; |- ZHPFixQuarantine; Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
matmaibat 0 Denunciar post Postado Fevereiro 25, 2012 Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011 Fichier d'export Registre : Run by Matheus at 24/02/2012 23:22:06 Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601) Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html Web site : http://nicolascoolman.skyrock.com/ ========== Software ========== NOT FOUND Software Key: {86D4B82A-ABED-442A-BE86-96357B70F4FE} NOT FOUND Software Key: {26A24AE4-039D-4CA4-87B4-2F83216029FF} ========== Registry Key ========== NOT FOUND Key: CLSID BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} NOT FOUND O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) NOT FOUND SearchScopes :{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} DELETED Key: SearchScopes :{992981BA-287B-480F-9C1B-BA97DB14E10E} NOT FOUND Key: HKLM\Software\Wow6432Node\Cheat Engine\OpenCandy NOT FOUND Key: HKLM\Software\WOW6432Node\Classes\AppID\GenericAskToolbar.DLL NOT FOUND Key: HKLM\Software\WOW6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} NOT FOUND Key: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} NOT FOUND Key: HKLM\Software\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} NOT FOUND Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} NOT FOUND Key: HKLM\Software\WOW6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} NOT FOUND Key: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} NOT FOUND Key: HKLM\Software\WOW6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} NOT FOUND Key: HKLM\Software\WOW6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} NOT FOUND Key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} NOT FOUND Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} NOT FOUND Key: HKLM\Software\WOW6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} NOT FOUND Key: HKLM\Software\WOW6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} NOT FOUND Key: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} NOT FOUND Key: HKCU\Software\Ask.com NOT FOUND Key: HKLM\Software\Ask.com NOT FOUND Key: HKCU\Software\AppDataLow\Software\AskToolbar NOT FOUND Key: HKLM\Software\WOW6432Node\AskToolbar NOT FOUND Key: HKLM\Software\AskToolbar DELETED Key**: HKLM\Software\Swearware ========== Registry Value ========== No Value in Domain Profile Register Key FirewallRaz : DELETED FirewallRaz (Public) : {89313630-0248-4B06-90DE-26B5CDDAFEE6} DELETED FirewallRaz (Public) : {03DFA5A9-3152-4B68-8732-2B3FAE827567} DELETED FirewallRaz (Public) : {F84BD4C3-20A0-478F-BFE2-D4492E9984E6} DELETED FirewallRaz (Public) : {9D8CF7C0-898D-401F-9D32-021086FB3B2B} DELETED FirewallRaz (None) : {0A6150FC-2B77-49F9-87FA-2F5B32B6E358} DELETED FirewallRaz (Private) : {72E66230-53EF-4088-B476-CC509D976E2B} DELETED FirewallRaz (Private) : {D03A4D72-6314-4267-90F9-589A2E5BE538} ========== Registry Data Items ========== REMOVED R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page ========== Repertory ========== NOT FOUND C:\ProgramData\Ask NOT FOUND C:\Program Files (x86)\Ask.com DELETED Window Temporary: : 74 DELETED Flash Cookies: 16 ========== File ========== NOT FOUND File: c:\program files (x86)\ask.com DELETED File: c:\users\matheus\appdata\roaming\microsoft\windows\start menu\programs\social games.lnk DELETED File: c:\users\matheus\desktop\computador.lnk DELETED File: c:\users\matheus\desktop\navegador web em uma caixa.lnk DELETED File: c:\users\matheus\desktop\ventrilo.lnk DELETED File: c:\windows\tasks\googleupdatetaskmachinecore.job DELETED File: c:\windows\tasks\googleupdatetaskmachineua.job DELETED File: c:\windows\tasks\googleupdatetaskusers-1-5-21-1621796390-1012695264-3663527530-1000core.job DELETED File: c:\windows\tasks\googleupdatetaskusers-1-5-21-1621796390-1012695264-3663527530-1000ua.job DELETED File: c:\combofix.txt DELETED File: c:\windows\prefetch\aggluad_s-1-5-21-1621796390-1012695264-3663527530-1000.db DELETED File: c:\windows\prefetch\aggluad_p_s-1-5-21-1621796390-1012695264-3663527530-1000.db DELETED File: c:\windows\prefetch\agrobust.db DELETED File: c:\windows\prefetch\agglfaulthistory.db DELETED File: c:\windows\prefetch\agglfgapphistory.db DELETED File: c:\windows\prefetch\agglglobalhistory.db NOT FOUND File: c:\windows\system32\drivers\vgasave.sys DELETED File: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar NOT FOUND Folder/File: c:\program files (x86)\ask.com\genericasktoolbar.dll NOT FOUND Folder/File: c:\users\matheus\appdata\locallow\asktoolbar NOT FOUND Folder/File: c:\programdata\ask NOT FOUND Folder/File: c:\combofix.txt DELETED Window Temporary: : 21 DELETED Flash Cookies: 12 ========== Task ========== DELETED Task: {CFB441D8-AF08-4094-9336-CB7C5C021AD8} ========== Restoration ========== Restore System Point created succefully ========== Summary ========== 27 : Registry Key 8 : Registry Value 1 : Registry Data Items 4 : Repertory 24 : File 2 : Software 1 : Task 1 : Restoration End of clean in 00mn 33s ========== Report File ========== C:\ZHP\ZHPFix[R1].txt - 24/02/2012 23:22:06 [5707] PS: Quanto ao Poste,AdwCleaner na opção "Suppression". eu não entendi. Obrigado. @edit: Pelo que estou vendo eu fiz m*****.... 1- quanto ao AdwCleaner: # AdwCleaner v1.500 - Logfile created 02/24/2012 at 23:16:07 # Updated 23/02/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Matheus - MATHEUS-PC # Running from : C:\Users\Matheus\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\Users\Matheus\AppData\LocalLow\AskToolbar Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [H. Navipromo] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Cheat Engine\OpenCandy Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Registry (x64)] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.mystart.com/?pr=pando&id=pandoleveluptb&v=1_0&ent=hp --> hxxp://www.google.fr -\\ Google Chrome v17.0.963.56 File : C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5016 octets] - [24/02/2012 13:33:38] AdwCleaner[R2].txt - [2507 octets] - [24/02/2012 23:15:35] AdwCleaner[s1].txt - [272 octets] - [24/02/2012 23:15:41] AdwCleaner[s2].txt - [2177 octets] - [24/02/2012 23:16:07] ########## EOF - C:\AdwCleaner[s2].txt - [2305 octets] ########## Este é o log. 2- Quanto ao zhpfix eu copiei isto tudo que esta de vermelho em amarelo com a barra de descer está certo? ou era isto: ---\\ Crack & Keygen Files (CKF) (O82) C:\Program Files\Sony\Vegas Pro 11.0\sony.vegas11_64bit_keygen-patch.exe C:\RF2.2.3.2GU.part01(1)\SERVER\ZoneServer\RF_Bin\Script\FIrecracker.dat C:\RF2.2.3.2GU.part01(1)\SERVER\ZoneServer\RF_Bin\Script\FIrecracker_str.dat C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen\keygen.exe C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen.rar C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen.zip C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1.exe C:\Users\Matheus\Downloads\Hide_IP_Platium___KeyGen.rar C:\Program Files\Sony\Vegas Pro 11.0\sony.vegas11_64bit_keygen-patch.exe C:\RF2.2.3.2GU.part01(1)\SERVER\ZoneServer\RF_Bin\Script\FIrecracker.dat C:\RF2.2.3.2GU.part01(1)\SERVER\ZoneServer\RF_Bin\Script\FIrecracker_str.dat C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen\keygen.exe C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen.rar C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1 Keygen.zip C:\Users\Matheus\Desktop\Hide_IP_Platium___KeyGen\Hide IP platium 3.1.exe C:\Users\Matheus\Downloads\Hide_IP_Platium___KeyGen.rar Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 25, 2012 Bom Dia! matmaibat PS: Quanto ao Poste,AdwCleaner na opção "Suppression". eu não entendi. |- A opção no AdwCleaner,tal como relatório,seria "Delete" ou "Suppression". |- Você possui o 1° relatório de Suppression de AdwCleaner. ( AdwCleaner[s1].txt - [272 octets] - [24/02/2012 23:15:41] ) |- Poste,portanto,esse relatório! ///°°°/// 2- Quanto ao zhpfix eu copiei isto tudo que esta de vermelho em amarelo com a barra de descer está certo? |- Sim! Era isso mesmo. |- Quanto aos "Cracks" e/ou "KeyGens",não solicitei nenhuma ação por intermédio de alguma ferramenta. ///°°°/// |- Ps: Baixe uma nova versão de ComboFix. |- Salve-a no desktop! |- Execute ComboFix.exe e poste seu relatório. ( ComboFix.txt ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
matmaibat 0 Denunciar post Postado Fevereiro 25, 2012 S1 eu acho que eu parei antes de completar mais vou posta os 3 que tenho: S1: # AdwCleaner v1.500 - Logfile created 02/24/2012 at 23:15:41 # Updated 23/02/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Matheus - MATHEUS-PC # Running from : C:\Users\Matheus\Downloads\adwcleaner.exe # Option [Delete] S2: AdwCleaner v1.500 - Logfile created 02/24/2012 at 23:16:07 # Updated 23/02/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Matheus - MATHEUS-PC # Running from : C:\Users\Matheus\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\Users\Matheus\AppData\LocalLow\AskToolbar Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [H. Navipromo] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Cheat Engine\OpenCandy Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Registry (x64)] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.mystart.com/?pr=pando&id=pandoleveluptb&v=1_0&ent=hp --> hxxp://www.google.fr -\\ Google Chrome v17.0.963.56 File : C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5016 octets] - [24/02/2012 13:33:38] AdwCleaner[R2].txt - [2507 octets] - [24/02/2012 23:15:35] AdwCleaner[s1].txt - [272 octets] - [24/02/2012 23:15:41] AdwCleaner[s2].txt - [2177 octets] - [24/02/2012 23:16:07] ########## EOF - C:\AdwCleaner[s2].txt - [2305 octets] ########## S3: # AdwCleaner v1.500 - Logfile created 02/24/2012 at 23:27:42 # Updated 23/02/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Matheus - MATHEUS-PC # Running from : C:\Users\Matheus\Downloads\adwcleaner.exe # Option [Delete] ComboFix 12-02-22.01 - Matheus 25/02/2012 16:15:45.1.6 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3838.2553 [GMT -3:00] Executando de: c:\downloads\60329_combofix_122221.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - drivers: deleted 208 bytes in 1 streams. . (((((((((((((((( Arquivos/Ficheiros criados de 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))) . . 2012-02-25 19:20 . 2012-02-25 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-24 12:54 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41A15610-9F3C-48C8-8AF6-8473B2161552}\mpengine.dll 2012-02-18 04:21 . 2012-02-18 04:21 -------- d-----r- C:\Sandbox 2012-02-18 04:18 . 2012-02-18 04:18 -------- d-----w- c:\program files\Sandboxie 2012-02-15 21:00 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 21:00 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-15 21:00 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 21:00 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-15 21:00 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 21:00 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-15 21:00 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 21:00 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-14 22:36 . 2012-02-14 22:36 -------- d-----w- c:\program files (x86)\Cheat Engine 6 2012-02-13 10:50 . 2012-02-13 10:50 -------- d-----w- c:\users\Matheus\AppData\Local\Garena 2012-02-11 06:50 . 2012-02-11 06:50 -------- d-----w- c:\users\Matheus\AppData\Local\Chromium 2012-02-05 05:40 . 2012-02-17 02:19 -------- d-----w- c:\users\Matheus\AppData\Roaming\Ventrilo 2012-02-05 05:39 . 2012-02-05 05:39 -------- d-----w- c:\program files\Ventrilo 2012-02-05 05:38 . 2012-02-05 05:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-01-29 16:29 . 2012-02-01 15:27 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091 2012-01-28 03:03 . 2012-01-28 03:03 -------- d-----w- c:\programdata\Sony 2012-01-28 03:03 . 2012-01-28 03:03 -------- d-----w- c:\users\Matheus\AppData\Roaming\Publish Providers 2012-01-28 02:54 . 2012-01-28 03:02 -------- d-----w- c:\users\Matheus\AppData\Local\Sony 2012-01-28 02:54 . 2012-01-28 02:54 -------- d-----w- c:\program files\Sony 2012-01-28 02:54 . 2012-01-28 02:54 -------- d-----w- c:\program files (x86)\Sony 2012-01-28 02:53 . 2012-01-28 03:03 -------- d-----w- c:\users\Matheus\AppData\Roaming\Sony 2012-01-27 07:37 . 2012-01-27 07:40 -------- d-----w- C:\Fraps . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-22 02:12 . 2011-09-30 17:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-31 21:47 . 2011-09-21 01:56 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-01-29 08:10 . 2012-01-08 20:32 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-20 08:34 . 2012-01-20 08:34 73728 ----a-w- c:\windows\SysWow64\VistaInfo32.dll 2011-12-21 19:32 . 2011-11-09 23:13 45896 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . S3:*Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{949A7FED-30B4-433e-9718-23EC99A126B0}] 2011-04-20 18:53 81920 ----a-w- c:\program files (x86)\leveluptb\levelupdx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{949A7FED-30B4-433e-9718-23EC99A126B0}"= "c:\program files (x86)\leveluptb\levelupdx.dll" [2011-04-20 81920] . [HKEY_CLASSES_ROOT\clsid\{949a7fed-30b4-433e-9718-23ec99a126b0}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-07 666384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-22 9919104] "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "QFan Help"="c:\program files\ASUS\Ai Suite\QFan4\FanHelp.exe" [2010-03-25 888960] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2012-02-14 19:05 1358408 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176] R3 AODDriver;AODDriver;c:\program files\ASUS\GPU Boost Driver\amd64\AODDriver.sys [2010-01-25 21048] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x] R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va005;X6va005;c:\users\Matheus\AppData\Local\Temp\005F0C6.tmp [x] R3 X6va006;X6va006;c:\users\Matheus\AppData\Local\Temp\0068524.tmp [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-11-14 1156216] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111219.001\IDSvia64.sys [2011-09-21 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-10 361984] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2011-12-21 204872] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.fr/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Enviar para o OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: Download Link Using Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 Trusted Zone: bancobrasil.com.br\www Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\www TCP: DhcpNameServer = 192.168.1.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Matheus\AppData\Local\Temp\005F0C6.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006] "ImagePath"="\??\c:\users\Matheus\AppData\Local\Temp\0068524.tmp" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-1621796390-1012695264-3663527530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1621796390-1012695264-3663527530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1621796390-1012695264-3663527530-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27E1C5BC-4EA4-E0C9-4817-97D6135BB95C}*] "mafppcijdlcenhaipcnlekjbdj"=hex:6a,61,61,69,6a,64,63,6b,62,61,69,69,63,61,64, 6c,70,66,6a,61,00,00 "nalpnioekhiolcodbclnbfbalfae"=hex:6a,61,61,69,6a,64,63,6b,62,61,69,69,63,61, 64,6c,70,66,6a,61,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclusão: 2012-02-25 16:21:52 ComboFix-quarantined-files.txt 2012-02-25 19:21 . Pré-execução: 874.147.024.896 bytes disponíveis Pós execução: 874.085.081.088 bytes disponíveis . - - End Of File - - 0FD2C99AD4D6D6501A1EAD71773A1AC6 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 26, 2012 Boa Noite! matmaibat ComboFix 12-02-22.01 - Matheus 25/02/2012 16:15:45.1.6 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3838.2553 [GMT -3:00] Executando de: c:\downloads\60329_combofix_122221.exe |- Desinstale o ComboFix,conforme instruções,e baixe nova versão para o desktop! |- Existem procedimentos de script,que devem ser executados com o ComboFix instalado na área de trabalho. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
matmaibat 0 Denunciar post Postado Fevereiro 29, 2012 ComboFix 12-02-22.01 - Matheus 29/02/2012 1:33.2.6 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3838.2429 [GMT -3:00] Executando de: c:\users\Matheus\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . - MODO DE FUNCIONALIDADE REDUZIDA - . [i] ADS - drivers: deleted 208 bytes in 1 streams. [/i] . (((((((((((((((( Arquivos/Ficheiros criados de 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))) . . 2012-02-29 04:34 . 2012-02-29 04:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-28 20:25 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{918F60BD-FA8E-4396-91AA-6223F7653545}\mpengine.dll 2012-02-28 20:24 . 2012-02-28 20:25 -------- d-----w- C:\1962e2255437e351e33d 2012-02-26 07:47 . 2012-02-26 07:47 -------- d-----w- C:\60329_combofix_122221 2012-02-24 16:44 . 2012-02-24 16:44 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2012-02-24 16:40 . 2012-02-25 02:22 -------- d-----w- C:\ZHP 2012-02-24 16:39 . 2012-02-25 02:20 -------- d-----w- c:\program files (x86)\ZHPDiag 2012-02-18 04:21 . 2012-02-18 04:21 -------- d-----r- C:\Sandbox 2012-02-18 04:18 . 2012-02-18 04:18 -------- d-----w- c:\program files\Sandboxie 2012-02-15 21:00 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 21:00 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-15 21:00 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 21:00 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-15 21:00 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 21:00 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-15 21:00 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 21:00 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-14 22:36 . 2012-02-14 22:36 -------- d-----w- c:\program files (x86)\Cheat Engine 6 2012-02-13 10:50 . 2012-02-13 10:50 -------- d-----w- c:\users\Matheus\AppData\Local\Garena 2012-02-11 06:50 . 2012-02-11 06:50 -------- d-----w- c:\users\Matheus\AppData\Local\Chromium 2012-02-05 05:40 . 2012-02-17 02:19 -------- d-----w- c:\users\Matheus\AppData\Roaming\Ventrilo 2012-02-05 05:39 . 2012-02-05 05:39 -------- d-----w- c:\program files\Ventrilo 2012-02-05 05:38 . 2012-02-05 05:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-22 02:12 . 2011-09-30 17:16 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-31 21:47 . 2011-09-21 01:56 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-01-29 08:10 . 2012-01-08 20:32 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-20 08:34 . 2012-01-20 08:34 73728 ----a-w- c:\windows\SysWow64\VistaInfo32.dll 2011-12-21 19:32 . 2011-11-09 23:13 45896 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{949A7FED-30B4-433e-9718-23EC99A126B0}] 2011-04-20 18:53 81920 ----a-w- c:\program files (x86)\leveluptb\levelupdx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{949A7FED-30B4-433e-9718-23EC99A126B0}"= "c:\program files (x86)\leveluptb\levelupdx.dll" [2011-04-20 81920] . [HKEY_CLASSES_ROOT\clsid\{949a7fed-30b4-433e-9718-23ec99a126b0}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-07 666384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-22 9919104] "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "QFan Help"="c:\program files\ASUS\Ai Suite\QFan4\FanHelp.exe" [2010-03-25 888960] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2012-02-14 19:05 1358408 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176] R3 AODDriver;AODDriver;c:\program files\ASUS\GPU Boost Driver\amd64\AODDriver.sys [2010-01-25 21048] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x] R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va005;X6va005;c:\users\Matheus\AppData\Local\Temp\005F0C6.tmp [x] R3 X6va006;X6va006;c:\users\Matheus\AppData\Local\Temp\0068524.tmp [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-11-14 1156216] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111219.001\IDSvia64.sys [2011-09-21 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-10 361984] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2011-12-21 204872] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.fr/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Enviar para o OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: Download Link Using Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 Trusted Zone: bancobrasil.com.br\www Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\www TCP: DhcpNameServer = 192.168.1.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Matheus\AppData\Local\Temp\005F0C6.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006] "ImagePath"="\??\c:\users\Matheus\AppData\Local\Temp\0068524.tmp" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-1621796390-1012695264-3663527530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1621796390-1012695264-3663527530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1621796390-1012695264-3663527530-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27E1C5BC-4EA4-E0C9-4817-97D6135BB95C}*] "mafppcijdlcenhaipcnlekjbdj"=hex:6a,61,61,69,6a,64,63,6b,62,61,69,69,63,61,64, 6c,70,66,6a,61,00,00 "nalpnioekhiolcodbclnbfbalfae"=hex:6a,61,61,69,6a,64,63,6b,62,61,69,69,63,61, 64,6c,70,66,6a,61,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclusão: 2012-02-29 01:36:12 ComboFix-quarantined-files.txt 2012-02-29 04:36 ComboFix2.txt 2012-02-25 19:21 . Pré-execução: 873.623.040.000 bytes disponíveis Pós execução: 873.228.931.072 bytes disponíveis . - - End Of File - - EC4D27730A9B000240006A98FA7A5B2B Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 29, 2012 Bom Dia! matmaibat ComboFix 12-02-22.01 - Matheus 29/02/2012 1:33.2.6 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3838.2429 [GMT -3:00] Executando de: c:\users\Matheus\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . - MODO DE FUNCIONALIDADE REDUZIDA - |- Você moveu o ComboFix.exe para o desktop e não efetuou o download de nova versão da ferramenta. |- "MODO DE FUNCIONALIDADE REDUZIDA" |- Ps: A ferramenta teve muitas execuções ( 6 ),e solicita update! |- Portanto,desinstale a antiga e baixe nova versão para o desktop. |- Execute-a e poste seu relatório. ( ComboFix.txt ) |- Ps: Evite colocar seu relatório sob "Quotes" ou "Codes",pois isso dificulta a visualização podendo ocultar informações relevantes. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 10, 2012 Tópico Arquivado Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
