[Arquivado] Malware - Som de erro do Windows

[Rapha Lemos 0]

Senhores,

 

Boa noite.

Estou com um problema e gostaria de uma ajuda para a solução do mesmo, pois acredito ser um Malware ou algo do gênero.

 

O que está acontecendo, é que o windows está emitido um som de erro aleatório e toda hora, porem, não aparece nenhuma janela de erro, só o som de "pam" sem parar.

Já tentei utilizar uma quantidade enorme de softwares. e ainda não consegui remover esse barulho maldito e nem uma pequena barra da "google" que aparece no canto esquerdo inferior da tela com o seguinte dizeres "Coupons for Google.com.br"

 

 

Segue log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:48:44, on 03/01/2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\DreaMule\emule.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\Desktop\HiJackThis.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: continuetosave - {A497C7C9-25C7-FC42-A389-F5EB0D489F9E} - C:\ProgramData\continuetosave\50e4d8069014e.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: continuetosave - {B7CE76B9-DCF3-A6F7-C7EE-74F8A6DDA700} - C:\ProgramData\continuetosave\50e4d7402926c.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Computer\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [Google Update] "C:\Users\Computer\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files (x86)\DreaMule\emule.exe -AutoStart

O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 13815 bytes

[DigRam 144]

Boa Tarde! Rapha Lemos

 

|- Baixe: < > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

 

-/-

 

|- Baixe: < > ( ... by sUBs )

|- Salve-o no desktop! ( Área de trabalho! )

|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )

|- Feche algum programa/arquivo que esteja aberto.

|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )

|- Ps: Esteja conectado(a) à Internet. <- Importante!

|- Execute ComboFix.exe,com um duplo clique.

|- Para Windows Vista e/ou 7,dê clique direito em ComboFix.exe e execute-o como administrador. <- Importante!

|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!

|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

 

 

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.

|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.

|- Abrir-se-á a janela Auto Scan.

 

 

|- Aguarde a finalização de todas as Etapas.

|- Durante o scan,evite utilizar o mouse ou teclado!

|- Concluindo,poste: C:\ComboFix.txt

 

"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."

|- Ao ocorrer este erro,basta reiniciar o computador!

|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

 

A+

[Rapha Lemos 0]

DigRam,

 

Eu utilizei o AdwCleaner, porem o erro com o som ainda continua. Segue o relatorio:

 

Deleted on reboot : C:\Users\Computer\AppData\Roaming\OpenCandy

File Deleted : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ayqm4du1.default\searchplugins\WebSearch.xml

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\VDownloader\OpenCandy

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Software

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v14.0.1 (pt-BR)

 

File : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ayqm4du1.default\prefs.js

 

C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ayqm4du1.default\user.js ... Deleted !

 

Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.soft-quick.info/");

Deleted : user_pref("browser.search.order.1", "WebSearch");

Deleted : user_pref("browser.search.defaultenginename", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine", "WebSearch");

Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.soft-quick.info/?l=1&q=");

Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Deleted : user_pref("keyword.URL", "hxxp://websearch.soft-quick.info/?l=1&q=");

 

-\\ Google Chrome v23.0.1271.97

 

File : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://websearch.soft-quick.info/" ]

Deleted [l.2200] : urls_to_restore_on_startup = [ "hxxp://websearch.soft-quick.info/" ]

 

*************************

 

AdwCleaner[s1].txt - [3296 octets] - [03/01/2013 17:38:33]

 

########## EOF - C:\AdwCleaner[s1].txt - [3356 octets] ##########

[DigRam 144]

Boa Noite! Rapha Lemos

 

|- Baixe: < > ( ... de Thisisu )

|- Salve-o no desktop!

|- Para Windows 7,clique direito em JRT.exe e execute-o como

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

|- Poste,também,o log do ComboFix que foi pedido anteriormente.

 

A+

[Rapha Lemos 0]

Boa Noite! DigRam,

 

O barulho permanece, segue log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.3.7 (01.03.2013:1)

OS: Windows 7 Ultimate x64

Ran by Computer on 03/01/2013 at 19:55:12,29

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Computer\AppData\Roaming\dvdvideosoftiehelpers"

Successfully deleted: [Folder] "C:\Program Files (x86)\continuetosave"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 03/01/2013 at 20:07:12,82

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[DigRam 144]

Boa Noite! Rapha Lemos

 

|- <1> C:\Program Files (x86)\McAfee Security Scan <<

 

|- <2> < SpyHunter 4 >

 

|- <3> C:\Program Files (x86)\PC Tools\PC Tools Security <<

 

|- <4> C:\Program Files (x86)\Avira <<

 

|- <5> C:\Program Files (x86)\IObit\Advanced SystemCare 6 <<

 

|- <6> C:\Program Files\SUPERAntiSpyware <<

|- Você possui excesso de programas de proteção,que podem conflitar e afetar o Sistema.

|- Desinstale todos e deixe,somente,1 antivírus!

|- Utilize o Adicionar e remover programas.

|- Caso desinstale o Avira,limpe à seguir,o registro.

 

-/-

 

|- Baixe: < Avira RegistryCleaner >

 

|- Ou aqui! >

 

|- Salve-o no desktop!

|- Clique direito em avira_registry_cleaner_en.exe e execute-o como administrador.

|- Ps: E o ComboFix? Esqueceu?

 

A+

[Rapha Lemos 0]

Boa Noite, DigRam.

 

Exclui os programas e deixei apenas o Avira. Tambem executei o ComboFix, segue o log:

 

ComboFix 13-01-03.05 - Computer 03/01/2013 22:21:58.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3583.2286 [GMT -2:00]

Executando de: c:\users\Computer\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Computer\Desktop\Internet Explorer.lnk

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-12-04 to 2013-01-04 ))))))))))))))))))))))))))))

.

.

2013-01-04 00:32 . 2013-01-04 00:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-04 00:32 . 2013-01-04 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-03 21:54 . 2013-01-03 21:54 -------- d-----w- c:\windows\ERUNT

2013-01-03 21:54 . 2013-01-03 21:54 -------- d-----w- C:\JRT

2013-01-03 17:43 . 2013-01-03 17:43 -------- d-----w- c:\users\Computer\AppData\Local\Threat Expert

2013-01-03 16:30 . 2012-08-21 15:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2013-01-03 16:27 . 2013-01-03 16:27 -------- d-----w- c:\program files\iPod

2013-01-03 16:27 . 2013-01-03 16:30 -------- d-----w- c:\program files\iTunes

2013-01-03 16:27 . 2013-01-03 16:30 -------- d-----w- c:\program files (x86)\iTunes

2013-01-03 16:18 . 2013-01-03 16:18 -------- d-----w- c:\program files (x86)\Bonjour

2013-01-03 16:18 . 2013-01-03 16:18 -------- d-----w- c:\program files\Bonjour

2013-01-03 14:34 . 2013-01-03 14:34 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-01-03 05:07 . 2012-11-19 03:01 9125352 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A9FB5C16-D80A-4A55-833F-749C5D6CF29F}\mpengine.dll ERROR(0x00000005)

2013-01-03 02:29 . 2013-01-03 02:29 142336 ----a-w- c:\windows\system32\poqexec.exe

2013-01-03 02:29 . 2013-01-03 02:29 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2013-01-03 01:52 . 2012-10-12 21:09 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2013-01-03 01:13 . 2013-01-03 01:13 -------- d-----w- c:\program files (x86)\PC Tools

2013-01-03 01:09 . 2013-01-04 00:01 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2013-01-03 01:09 . 2012-11-01 17:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2013-01-03 01:08 . 2013-01-03 01:08 -------- d-----w- c:\users\Computer\AppData\Roaming\TestApp

2013-01-03 00:57 . 2013-01-03 00:57 -------- d-----w- c:\program files\Enigma Software Group

2013-01-03 00:55 . 2013-01-03 17:51 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP

2013-01-03 00:55 . 2013-01-03 00:55 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2013-01-03 00:49 . 2013-01-03 00:49 -------- d-----w- c:\users\Computer\AppData\Roaming\SUPERAntiSpyware.com

2013-01-03 00:49 . 2013-01-03 00:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-01-03 00:42 . 2013-01-03 00:42 -------- d-----w- c:\users\Computer\AppData\Roaming\IObit

2013-01-03 00:42 . 2013-01-03 00:42 -------- d-----w- c:\program files (x86)\IObit

2013-01-03 00:36 . 2013-01-03 00:40 -------- d-----w- c:\program files (x86)\SoftQuick

2013-01-03 00:18 . 2013-01-03 00:20 -------- d-----w- c:\users\Computer\AppData\Roaming\Ad-Aware Antivirus

2013-01-03 00:13 . 2013-01-03 00:14 -------- d-----w- C:\LinhaDefensiva

2012-12-14 03:00 . 2012-12-14 03:00 -------- d-----w- c:\users\Computer\AppData\Roaming\VDownloader

2012-12-14 02:59 . 2012-12-14 03:06 -------- d-----w- c:\users\Computer\AppData\Local\VDownloader

2012-12-14 02:59 . 2010-01-26 13:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2012-12-14 02:59 . 2012-12-29 15:05 -------- d-----w- c:\program files\VDownloader

2012-12-14 02:30 . 2012-12-14 02:30 -------- d-----w- c:\users\Computer\AppData\Roaming\TuneUp Software

2012-12-14 02:29 . 2012-12-14 02:29 -------- d-----w- c:\program files (x86)\Buscapé

2012-12-14 02:29 . 2012-12-14 02:29 -------- d-----w- c:\users\Computer\PSafe

2012-12-14 02:28 . 2012-12-11 15:13 288688 ----a-r- c:\windows\system32\drivers\360FltOEM.sys

2012-12-14 02:27 . 2012-12-14 02:48 -------- d-----w- c:\program files (x86)\PSafe

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 21:03 . 2012-05-05 13:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 21:03 . 2011-12-03 16:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-19 03:01 . 2011-02-05 06:06 9125352 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)

2012-11-18 15:34 . 2012-11-18 15:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-18 15:34 . 2012-08-14 23:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-11-18 15:34 . 2010-12-01 02:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2010-09-21 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll

.

[-] 2010-09-21 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Akamai NetSession Interface"="c:\users\Computer\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"Facebook Update"="c:\users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]

"eMuleAutoStart"="c:\program files (x86)\DreaMule\emule.exe" [2008-07-21 6696960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2012-08-02 12:48 644592 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"RequireSignedAppInit_DLLs"=0 (0x0)

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-12-23 185856]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-12-23 221184]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-20 1255736]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-20 834544]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-08-02 275440]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 21:03]

.

2013-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3586451016-1755823497-4040945707-1000Core.job

- c:\users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 00:19]

.

2013-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3586451016-1755823497-4040945707-1000UA.job

- c:\users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 00:19]

.

2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586451016-1755823497-4040945707-1000Core.job

- c:\users\Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 22:32]

.

2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586451016-1755823497-4040945707-1000UA.job

- c:\users\Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 22:32]

.

2013-01-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0f7bda08-4714-41fe-a0ba-821671a73e0b.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2013-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ae8696aa-1838-4e2f-8270-72947e3cc6c5.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"VDownloader"="c:\program files\VDownloader\VDownloader.exe" [2012-09-27 881664]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{B7CE76B9-DCF3-A6F7-C7EE-74F8A6DDA700} - c:\programdata\continuetosave\50e4d7402926c.dll

AddRemove-FoxTab FLV Converter - c:\program files (x86)\FoxTabFLVConverter\Uninstall\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-01-03 22:54:11 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-01-04 00:54

.

Pré-execução: 163.922.325.504 bytes disponíveis

Pós execução: 164.014.055.424 bytes disponíveis

.

- - End Of File - - 2C296CFA8F763F02DCBE24EAC1915C9F

[Rapha Lemos 0]

Boa Noite, DigRam.

 

Exclui os programas e deixei apenas o Avira. Tambem executei o ComboFix, segue o log:

 

ComboFix 13-01-03.05 - Computer 03/01/2013 22:21:58.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3583.2286 [GMT -2:00]

Executando de: c:\users\Computer\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Computer\Desktop\Internet Explorer.lnk

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-12-04 to 2013-01-04 ))))))))))))))))))))))))))))

.

.

2013-01-04 00:32 . 2013-01-04 00:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-04 00:32 . 2013-01-04 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-03 21:54 . 2013-01-03 21:54 -------- d-----w- c:\windows\ERUNT

2013-01-03 21:54 . 2013-01-03 21:54 -------- d-----w- C:\JRT

2013-01-03 17:43 . 2013-01-03 17:43 -------- d-----w- c:\users\Computer\AppData\Local\Threat Expert

2013-01-03 16:30 . 2012-08-21 15:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2013-01-03 16:27 . 2013-01-03 16:27 -------- d-----w- c:\program files\iPod

2013-01-03 16:27 . 2013-01-03 16:30 -------- d-----w- c:\program files\iTunes

2013-01-03 16:27 . 2013-01-03 16:30 -------- d-----w- c:\program files (x86)\iTunes

2013-01-03 16:18 . 2013-01-03 16:18 -------- d-----w- c:\program files (x86)\Bonjour

2013-01-03 16:18 . 2013-01-03 16:18 -------- d-----w- c:\program files\Bonjour

2013-01-03 14:34 . 2013-01-03 14:34 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-01-03 05:07 . 2012-11-19 03:01 9125352 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{A9FB5C16-D80A-4A55-833F-749C5D6CF29F}\mpengine.dll ERROR(0x00000005)

2013-01-03 02:29 . 2013-01-03 02:29 142336 ----a-w- c:\windows\system32\poqexec.exe

2013-01-03 02:29 . 2013-01-03 02:29 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2013-01-03 01:52 . 2012-10-12 21:09 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2013-01-03 01:13 . 2013-01-03 01:13 -------- d-----w- c:\program files (x86)\PC Tools

2013-01-03 01:09 . 2013-01-04 00:01 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2013-01-03 01:09 . 2012-11-01 17:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2013-01-03 01:08 . 2013-01-03 01:08 -------- d-----w- c:\users\Computer\AppData\Roaming\TestApp

2013-01-03 00:57 . 2013-01-03 00:57 -------- d-----w- c:\program files\Enigma Software Group

2013-01-03 00:55 . 2013-01-03 17:51 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP

2013-01-03 00:55 . 2013-01-03 00:55 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2013-01-03 00:49 . 2013-01-03 00:49 -------- d-----w- c:\users\Computer\AppData\Roaming\SUPERAntiSpyware.com

2013-01-03 00:49 . 2013-01-03 00:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-01-03 00:42 . 2013-01-03 00:42 -------- d-----w- c:\users\Computer\AppData\Roaming\IObit

2013-01-03 00:42 . 2013-01-03 00:42 -------- d-----w- c:\program files (x86)\IObit

2013-01-03 00:36 . 2013-01-03 00:40 -------- d-----w- c:\program files (x86)\SoftQuick

2013-01-03 00:18 . 2013-01-03 00:20 -------- d-----w- c:\users\Computer\AppData\Roaming\Ad-Aware Antivirus

2013-01-03 00:13 . 2013-01-03 00:14 -------- d-----w- C:\LinhaDefensiva

2012-12-14 03:00 . 2012-12-14 03:00 -------- d-----w- c:\users\Computer\AppData\Roaming\VDownloader

2012-12-14 02:59 . 2012-12-14 03:06 -------- d-----w- c:\users\Computer\AppData\Local\VDownloader

2012-12-14 02:59 . 2010-01-26 13:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2012-12-14 02:59 . 2012-12-29 15:05 -------- d-----w- c:\program files\VDownloader

2012-12-14 02:30 . 2012-12-14 02:30 -------- d-----w- c:\users\Computer\AppData\Roaming\TuneUp Software

2012-12-14 02:29 . 2012-12-14 02:29 -------- d-----w- c:\program files (x86)\Buscapé

2012-12-14 02:29 . 2012-12-14 02:29 -------- d-----w- c:\users\Computer\PSafe

2012-12-14 02:28 . 2012-12-11 15:13 288688 ----a-r- c:\windows\system32\drivers\360FltOEM.sys

2012-12-14 02:27 . 2012-12-14 02:48 -------- d-----w- c:\program files (x86)\PSafe

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 21:03 . 2012-05-05 13:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 21:03 . 2011-12-03 16:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-19 03:01 . 2011-02-05 06:06 9125352 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)

2012-11-18 15:34 . 2012-11-18 15:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-18 15:34 . 2012-08-14 23:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-11-18 15:34 . 2010-12-01 02:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2010-09-21 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll

.

[-] 2010-09-21 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Akamai NetSession Interface"="c:\users\Computer\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"Facebook Update"="c:\users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]

"eMuleAutoStart"="c:\program files (x86)\DreaMule\emule.exe" [2008-07-21 6696960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2012-08-02 12:48 644592 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"RequireSignedAppInit_DLLs"=0 (0x0)

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-12-23 185856]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-12-23 221184]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-20 1255736]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-20 834544]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-08-02 275440]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 21:03]

.

2013-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3586451016-1755823497-4040945707-1000Core.job

- c:\users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 00:19]

.

2013-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3586451016-1755823497-4040945707-1000UA.job

- c:\users\Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 00:19]

.

2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586451016-1755823497-4040945707-1000Core.job

- c:\users\Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 22:32]

.

2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3586451016-1755823497-4040945707-1000UA.job

- c:\users\Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 22:32]

.

2013-01-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0f7bda08-4714-41fe-a0ba-821671a73e0b.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2013-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ae8696aa-1838-4e2f-8270-72947e3cc6c5.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"VDownloader"="c:\program files\VDownloader\VDownloader.exe" [2012-09-27 881664]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{B7CE76B9-DCF3-A6F7-C7EE-74F8A6DDA700} - c:\programdata\continuetosave\50e4d7402926c.dll

AddRemove-FoxTab FLV Converter - c:\program files (x86)\FoxTabFLVConverter\Uninstall\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Computer\AppData\Local\Google\Chrome\Application\chrome.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-01-03 22:54:11 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-01-04 00:54

.

Pré-execução: 163.922.325.504 bytes disponíveis

Pós execução: 164.014.055.424 bytes disponíveis

.

- - End Of File - - 2C296CFA8F763F02DCBE24EAC1915C9F

[DigRam 144]

Boa Noite! Rapha Lemos

 

|- O problema continua?

 

-/-

 

|- Baixe: < > ( ... by Old Timer )

 

|- Salve-o no desktop ou C:\.

|- Duplo-clique em OTS.exe.

|- Ps: Para Windows Vista ou 7,dê clique direito e execute OTS.exe como administrador.

 

 

|- Na opção "Additional Scans",clique em "Extras".

|- Marque as caixinhas:

 

[] Reg - NetSvcs

[] File - Lop Check

 

 

|- Para SO 64 bits,marque a caixinha!

 

|- Em "Basic Scans",marque as caixinhas:

 

[] Use Company Name Whitelist

[] Skip Microsoft Files

 

|- Verifique: &

 

%systemdrive%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%programfiles%\*.*
%localappdata%\*.exe
%localappdata%\*.txt
%localappdata%\*.ini
%localappdata%\*.dll
%localappdata%\*.dat
%userprofile%\*.exe
%userprofile%\*.txt
%userprofile%\*.ini
%userprofile%\*.dll
%userprofile%\*.dat /30
%appdata%\*.*
%systemroot%\system32\tasks\*.*
%windir%\tasks\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT

 

 

|- Copie e cole estas informações que estão no Code,para o campo "Custom Scans".

|- À seguir,clique em

 

|- Ao concluir,abrir-se-á o Bloco de Notas,com o relatório. ( OTS.txt )

|- Poste-o em sua resposta!

|- Acesse para isso! ( cjoint.com ou myfile.tk )

 

Abs!

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.