Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

igfmachado

[Arquivado] Instalações se fecham sozinhas

Recommended Posts

Há um tempo tento instalar alguns programas no meu computador só que a janela de instalação se fecha rapidamente (em menos de 1 segundo), suspeito que seja vírus já que alguns familiares andaram mexendo no PC.

Já utilizei o ESET Smart Security 5, BitDefender Quick Scan, Spybot e não foi detectado nada.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:10:40, on 25/08/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Windows\system32\Dwm.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Windows\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\mixer.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Users\Felipe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Users\Felipe\Downloads\HijackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=14784

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKCU\..\Run: [Google Update] "C:\Users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Felipe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [DIMBaixando a sua atualização...1338924290338] "c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Draw\DIM.exe" "c:\programdata\corel\downloads\540240626_310002\1338924290338\dim_params.xml" -Launch=3 -uibase="c:\users\felipe\appdata\roaming\corel\messages\540240626_310002\br\messagecache1\workflow"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-1580945115-1191433640-732724400-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1580945115-1191433640-732724400-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.bancoreal.com.br

O15 - Trusted Zone: http://www.bancosantander.com.br

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: http://www.santander.com.br

O15 - Trusted Zone: http://www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: www.secureweb.com.br

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 10285 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do ComboFix

 

ComboFix 12-08-25.04 - Felipe 25/08/2012 20:32:31.1.8 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3698.2551 [GMT -3:00]

Executando de: c:\users\Felipe\Downloads\ComboFix.exe

AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: Firewall pessoal do ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

* AV residente está ativo

.

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Felipe\Documents\~WRL0191.tmp

c:\windows\IsUn0416.exe

c:\windows\system32\DEBUG.log

c:\windows\system32\drivers\qandr.sys

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-07-25 to 2012-08-25 ))))))))))))))))))))))))))))

.

.

2012-08-25 23:37 . 2012-08-25 23:38 -------- d-----w- c:\users\Felipe\AppData\Local\temp

2012-08-25 23:37 . 2012-08-25 23:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-25 23:37 . 2012-08-25 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-25 23:36 . 2012-08-25 23:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0595C5A0-D2D5-41E8-86D5-F96E819906C3}\offreg.dll

2012-08-25 23:28 . 2012-08-25 23:28 -------- d-----w- c:\program files\Funmoods

2012-08-24 10:59 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0595C5A0-D2D5-41E8-86D5-F96E819906C3}\mpengine.dll

2012-08-21 12:40 . 2012-08-21 12:40 -------- d-----w- c:\users\Felipe\AppData\Local\Macromedia

2012-08-21 12:38 . 2012-08-21 13:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-14 22:17 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-14 22:17 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-14 20:34 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-14 20:34 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-08-14 20:34 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll

2012-08-14 20:34 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-14 20:34 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll

2012-08-07 12:59 . 2012-08-07 12:59 -------- d-----w- c:\users\Felipe\AppData\Local\Octoshape

2012-08-07 12:59 . 2012-08-07 12:59 -------- d-----w- c:\users\Felipe\AppData\Roaming\Octoshape

2012-07-30 22:45 . 2012-08-25 07:05 -------- d-----w- c:\users\Felipe\AppData\Roaming\QuickScan

2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Mozilla Firefox\Plugins\nppdf32.dll

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-21 13:35 . 2012-01-22 21:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-26 00:12 . 2011-03-28 21:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-19 14:43 . 2012-06-19 14:43 4608 ----a-w- c:\windows\system32\w95inf32.dll

2012-06-19 14:43 . 2012-06-19 14:43 2272 ----a-w- c:\windows\system32\w95inf16.dll

2012-06-06 23:59 . 2012-06-06 23:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-06 05:05 . 2012-07-10 23:07 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05 . 2012-07-10 23:07 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03 . 2012-07-10 23:07 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:19 . 2012-06-21 10:25 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 10:25 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 10:25 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 10:25 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 10:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 10:25 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 10:25 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 18:19 . 2012-06-21 10:24 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 18:12 . 2012-06-21 10:24 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:45 . 2012-07-10 23:07 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45 . 2012-07-10 23:07 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40 . 2012-07-10 23:07 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40 . 2012-07-10 23:07 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39 . 2012-07-10 23:07 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 15:25 . 2012-01-22 19:21 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-14 00:15 . 2012-07-25 11:52 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-30 880496]

"Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080]

"Octoshape Streaming Services"="c:\users\Felipe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2011-03-24 107800]

"DIMBaixando a sua atualização...1338924290338"="c:\program files\Corel\CorelDRAW Graphics Suite X6\Draw\DIM.EXE" [2012-02-23 179576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]

"C-Media Mixer"="Mixer.exe" [2003-03-20 1855488]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2012-01-06 19:59 735984 ----a-w- c:\program files\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Felipe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VDownloader.lnk]

path=c:\users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VDownloader.lnk

backup=c:\windows\pss\VDownloader.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2012-01-19 17:08 3477312 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2012-06-27 15:29 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 13:35]

.

2012-02-22 c:\windows\Tasks\DriverEasy Scheduled Scan.job

- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2012-01-22 22:20]

.

2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 21:30]

.

2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-22 21:30]

.

2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580945115-1191433640-732724400-1000Core.job

- c:\users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 23:58]

.

2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580945115-1191433640-732724400-1000UA.job

- c:\users\Felipe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 23:58]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0C0E0B0CyEyByC0AyEtN0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1272867591

mStart Page = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0C0E0B0CyEyByC0AyEtN0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1272867591

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

Trusted Zone: bancoreal.com.br\www

Trusted Zone: bancosantander.com.br\www

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 10.1.1.1

FF - ProfilePath - c:\users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\e4n6506u.default\

FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0C0E0B0CyEyByC0AyEtN0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1272867591

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0C0E0B0CyEyByC0AyEtN0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1272867591

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0C0E0B0CyEyByC0AyEtN0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1272867591

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0C0E0B0CyEyByC0AyEtN0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1272867591&q=

FF - user.js: extensions.funmoods.id - 7A79059CEBC476A4

FF - user.js: extensions.funmoods.instlDay - 15577

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:28:4

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - ironpub

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - ironpub

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

.

- - - - ORFÃOS REMOVIDOS - - - -

.

MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

AddRemove-Complitly_is1 - c:\program files\Complitly\unins000.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-1580945115-1191433640-732724400-1000\Software\SecuROM\License information*]

"datasecu"=hex:72,14,97,bd,6a,d2,24,a4,c5,52,f9,4d,ec,85,32,ee,28,fe,eb,82,d3,

94,6f,75,8e,5b,7d,47,1a,32,41,05,42,98,a5,1f,ab,3d,4b,80,4a,f0,4e,fd,49,35,\

"rkeysecu"=hex:d4,4a,b4,c0,b2,cf,0d,40,d2,ca,4d,2f,39,3a,47,a6

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-08-25 20:39:14

ComboFix-quarantined-files.txt 2012-08-25 23:39

.

Pré-execução: 151.734.374.400 bytes disponíveis

Pós execução: 151.753.977.856 bytes disponíveis

.

- - End Of File - - 94E60DE4F3D2DCE7F7B2ED3D92E229C8

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! igfmachado

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

AdwCleaner_Suppression.jpg

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

|- Baixe: < ZHPDiag_Silent.jpg > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

 

ZHPDiag_4cones.jpg

 

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.