Ir para conteúdo

Tópicos Resolvidos (Seguranca & Malwares)

Entrar
Entrar

Lembrar dados Não recomendado para computadores públicos

Entrar anonimamente

Esqueceu sua senha?
Cadastre-se

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Edvan

[Resolvido] &nbspProblema ao ligar o pc.

Por Edvan, Janeiro 4, 2013 em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Edvan 30

Edvan

Denunciar post

Postado Janeiro 4, 2013

Bom dia Equipe Imasters! :grin:

Quando ligo a maquina, antes de mostrar a área de trabalho o pc reinicia, faz isso varias vezes para poder carregar normalmente meu desktop.

Link: http://pjjoint.malekal.com/files.php?read=ZHPDiag_20130104_g10i11q9d15h10

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2013.01.03.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f003589 :: SUPORTE [administrator]

03/01/2013 15:26:25

mbar-log-2013-01-03 (15-26-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 27016

Time elapsed: 13 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\RECYCLER\S-1-5-21-2586132527-314635491-3328972525-21404\Dc34.exe (Trojan.Arqudrop) -> Delete on reboot.

C:\RECYCLER\S-1-5-21-2586132527-314635491-3328972525-21404\Dc35.exe (Trojan.Arqudrop) -> Delete on reboot.

(end)

------------------------xxx--------------------------------------------

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Versão da Base de Dados: v2013.01.03.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f003589 :: SUPORTE [administrador]

03/01/2013 17:30:02

mbam-log-2013-01-03 (17-30-02).txt

Tipo de Verificação: Verificação Completa (C:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 354355

Tempo decorrido: 51 minuto(s), 40 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

----------------------xx---------------------------

# AdwCleaner v2.007 - Logfile created 12/20/2012 at 09:41:58

# Updated 06/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : f003589 - SUPORTE

# Boot Mode : Normal

# Running from : C:\Documents and Settings\f003589.FUNPEC.BR\Desktop\Lista de Programas para maquinas infectadas\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Arquivos de programas\Iminent

Folder Deleted : C:\DOCUME~1\F00358~1.BR\CONFIG~1\Temp\Iminent

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Iminent

Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Iminent

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Iminent

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}

Key Deleted : HKLM\SOFTWARE\Classes\Iminent

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\Software\PIP

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [iminent]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [iminentMessenger]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[s1].txt - [1161 octets] - [08/11/2012 11:26:37]

AdwCleaner[s2].txt - [14826 octets] - [20/12/2012 09:41:58]

########## EOF - C:\AdwCleaner[s2].txt - [14887 octets] ##########

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Janeiro 4, 2013

Boa Tarde! Edvan

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

[MD5.F5005745A89525BE9A3B314D1DC111C0] - (.Iminent - Iminent Protection.) -- C:\Arquivos de programas\Arquivos comuns\Umbrella\Umbrella.exe   [2612336] [PID.]    => Infection PUP (Adware.IMBooster)
SR - | Auto 20/12/2012 2612336 |  (SProtection) . (.Iminent.) - C:\Arquivos de programas\Arquivos comuns\Umbrella\Umbrella.exe    => Infection PUP (Adware.IMBooster)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com 
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com 
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com 
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com 
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.) 
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key     
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key     
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key     
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} Orphean Key     
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key     
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) --  (.not file.)     
O3 - Toolbar: (no name) - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (...) --  (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
O4 - HKCU\..\Run: [AdobeBridge] Orphean Key
O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21404\..\Run: [AdobeBridge] Orphean Key
O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\InterApp Control.lnk . (...)  -- C:\Arquivos de programas\qubnfe\qubnfe.exe (.not file.)
O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\InterApp Control.lnk . (...)  -- C:\Arquivos de programas\qubnfe\qubnfe.exe (.not file.)
O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Arquivos de programas\Arquivos comuns\Umbrella\Umbrella.exe    => Infection PUP (Adware.IMBooster)
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {58BC9E49-2867-4153-A23F-6D62A3572599}    => Infection PUP (Adware.IMBooster)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Iminent\Iminent.exe" [Enabled] .(...) -- C:\Arquivos de programas\Iminent\Iminent.exe (.not file.)    => Infection PUP (Adware.IMBooster)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Iminent\Iminent.Messengers.exe" [Enabled] .(...) -- C:\Arquivos de programas\Iminent\Iminent.Messengers.exe (.not file.)    => Infection PUP (Adware.IMBooster)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\ControlCenter\controlcenter.exe" [Enabled] .(...) -- C:\Arquivos de programas\ControlCenter\controlcenter.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\ControlCenter\iptool.exe" [Enabled] .(...) -- C:\Arquivos de programas\ControlCenter\iptool.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Megacubo\megacubo.exe" [Enabled] .(...) -- C:\Arquivos de programas\Megacubo\megacubo.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\ZyngaGamesAgent  [Key] . (...) -- C:\Arquivos de programas\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (.not file.)
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (v9) - http://search.v9.com
O69 - SBI: SearchScopes [HKCU] {3AA0F31D-D21E-40D4-8E3B-636F4464CFC6} - (Ask Search) - http://websearch.ask.com

[HKCU\Software\Iminent]    => Infection PUP (Adware.IMBooster)

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

|- Clique no menu,"Paste ClipBoard".

|- Clique "GO" -> Oui.

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

Compartilhar este post

Link para o post

Compartilhar em outros sites

Edvan 30

Edvan

Denunciar post

Postado Janeiro 4, 2013

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012

Fichier d'export Registre :

Run by f003589 at 04/01/2013 15:07:54

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://nicolascoolman.skyrock.com/

========== Software ==========

DELETED Iminent

========== Registry Key ==========

NOT FOUND Key: Service: SProtection

DELETED Key: CLSID BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED Key: CLSID BHO: {AE7CD045-E861-484f-8273-0445EE161910}

DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}

DELETED Key: StartupReg: ZyngaGamesAgent

DELETED Key: SearchScopes :{33BB0A4E-99AF-4226-BDF6-49120163DE86}

DELETED Key: SearchScopes :{3AA0F31D-D21E-40D4-8E3B-636F4464CFC6}

DELETED Key: HKCU\Software\Iminent

========== Registry Value ==========

DELETED URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}

DELETED RunValue: CTFMON.EXE

DELETED RunValue: AdobeBridge

NOT FOUND RunValue: AdobeBridge

NOT FOUND AAKE KeyValue: C:\Arquivos de programas\Iminent\Iminent.exe

NOT FOUND AAKE KeyValue: C:\Arquivos de programas\Iminent\Iminent.Messengers.exe

DELETED AAKE KeyValue: C:\Arquivos de programas\ControlCenter\controlcenter.exe

DELETED AAKE KeyValue: C:\Arquivos de programas\ControlCenter\iptool.exe

DELETED AAKE KeyValue: C:\Arquivos de programas\Megacubo\megacubo.exe

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe

No Value in Firewall Exception Register Key (FirewallRaz)

========== Registry Data Items ==========

REMOVED R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

REMOVED R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page

REMOVED R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL

REMOVED R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant

========== Repertory ==========

DELETED Window Temporary:

DELETED Flash Cookies:

========== File ==========

NOT FOUND Folder/File: c:\arquivos de programas\arquivos comuns\umbrella\umbrella.exe

NOT FOUND File: c:\arquivos de programas\arquivos comuns\umbrella\umbrella.exe

DELETE on Reboot c:\windows\system32\ctfmon.exe

DELETED File: c:\documents and settings\administrador\desktop\interapp control.lnk

NOT FOUND File: c:\arquivos de programas\qubnfe\qubnfe.exe

NOT FOUND File: c:\arquivos de programas\controlcenter\controlcenter.exe

NOT FOUND File: c:\arquivos de programas\controlcenter\iptool.exe

NOT FOUND File: c:\arquivos de programas\megacubo\megacubo.exe

NOT FOUND File: c:\arquivos de programas\splashtop\splashtop connect\zyngagamesagent.exe

DELETED Window Temporary:

DELETED Flash Cookies:

========== Restoration ==========

Restore System Point created succefully

========== Summary ==========

10 : Registry Key

22 : Registry Value

4 : Registry Data Items

2 : Repertory

11 : File

1 : Software

1 : Restoration

End of clean in 00mn 39s

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 04/01/2013 15:08:03 [3554]

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Janeiro 5, 2013

Bom Dia! Edvan

|- Baixe: < > ( ... by sUBs )

|- Salve-o no desktop! ( Área de trabalho! )

|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )

|- Feche algum programa/arquivo que esteja aberto.

|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )

|- Ps: Esteja conectado(a) à Internet. <- Importante!

|- Execute ComboFix.exe,com um duplo clique.

|- Para Windows Vista e/ou 7,dê clique direito em ComboFix.exe e execute-o como administrador. <- Importante!

|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!

|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.

|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.

|- Abrir-se-á a janela Auto Scan.

|- Aguarde a finalização de todas as Etapas.

|- Durante o scan,evite utilizar o mouse ou teclado!

|- Concluindo,poste: C:\ComboFix.txt

"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."

|- Ao ocorrer este erro,basta reiniciar o computador!

|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

Abraços!

Compartilhar este post

Link para o post

Compartilhar em outros sites

Edvan 30

Edvan

Denunciar post

Postado Janeiro 7, 2013

Concluindo,poste: C:\ComboFix.txt

Bom dia amigo!.

Quando estava concluindo as etapas,a maquina reiniciou, mais nao foi gerado nenhum log, seria interessante rodar novamente o combofix?

Novo log: http://pjjoint.malekal.com/files.php?read=ZHPDiag_20130107_z15x10v10d10o7

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Janeiro 7, 2013

Olá! Edvan

|- Tentou executar o ComboFix em Modo de Segurança?

Abs!

Compartilhar este post

Link para o post

Compartilhar em outros sites

Edvan 30

Edvan

Denunciar post

Postado Janeiro 7, 2013

Não conseguir passar em modo de segurança, daí reiniciei e tentei passar em modo normal novamente e dessa vez tive sucesso. :grin:

ComboFix 13-01-06.01 - f003589 07/01/2013 14:15:07.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1959.1528 [GMT -3:00]

Executando de: c:\documents and settings\f003589.FUNPEC.BR\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\inst.exe

c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\vso_ts_preview.xml

c:\windows\IsUn0416.exe

c:\windows\system\chron32.dll

c:\windows\system\libeay32.dll

c:\windows\system\ssleay32.dll

c:\windows\System32\sbfiv.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-12-07 to 2013-01-07 ))))))))))))))))))))))))))))

.

.

2013-01-04 18:53 . 2013-01-04 18:53 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\VirtualBox VMs

2013-01-04 11:36 . 2013-01-07 12:42 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2013-01-04 11:35 . 2013-01-07 12:42 -------- d-----w- c:\arquivos de programas\ZHPDiag

2012-12-27 13:37 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2012-12-27 13:37 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll

2012-12-27 13:37 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2012-12-27 13:37 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2012-12-27 13:37 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2012-12-27 13:37 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-12-26 14:37 . 2012-12-26 14:37 -------- d-----w- C:\My Documents

2012-12-26 14:37 . 2001-01-16 18:46 50576 ------w- c:\windows\system32\drivers\hppadt40.sys

2012-12-26 14:37 . 2001-01-16 18:44 17872 ------w- c:\windows\system32\drivers\hppausb0.sys

2012-12-26 14:37 . 2001-01-16 18:21 53248 ------w- c:\windows\system32\hppapml0.dll

2012-12-26 14:37 . 2001-01-16 18:20 61440 ------w- c:\windows\system32\hppapml0.exe

2012-12-26 14:37 . 2001-01-16 18:11 94208 ------w- c:\windows\system32\hppapts0.dll

2012-12-26 14:37 . 2001-01-16 18:10 61440 ------w- c:\windows\system32\hppanet0.exe

2012-12-26 14:37 . 2001-01-16 17:43 15792 ------w- c:\windows\system32\drivers\hppaprt0.sys

2012-12-26 14:37 . 2001-01-08 17:26 73728 ------w- c:\windows\system32\hppadt40.dll

2012-12-26 14:36 . 2001-01-17 15:38 40960 ------w- c:\windows\system32\hppamon0.dll

2012-12-26 14:36 . 2001-01-05 11:38 58880 ------w- c:\windows\system32\hpdcmon.dll

2012-12-26 14:36 . 2000-07-31 15:00 317952 ------w- c:\windows\system32\roboex32.dll

2012-12-26 14:36 . 2012-12-26 14:36 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2012-12-26 14:35 . 2001-08-18 00:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys

2012-12-26 14:35 . 2001-08-18 00:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys

2012-12-26 14:35 . 2008-04-13 14:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys

2012-12-26 14:35 . 2008-04-13 14:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys

2012-12-26 14:35 . 2001-09-06 02:06 24064 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys

2012-12-26 14:35 . 2001-09-06 02:06 24064 ----a-w- c:\windows\system32\drivers\Dot4usb.sys

2012-12-21 18:36 . 2012-12-21 18:36 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Configurações locais\Dados de aplicativos\Sun

2012-12-21 17:09 . 2012-12-21 17:09 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\Malwarebytes

2012-12-21 17:09 . 2012-12-21 17:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2012-12-21 17:09 . 2013-01-03 19:51 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2012-12-21 17:09 . 2012-12-14 19:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-20 13:57 . 2012-12-20 13:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2012-12-20 13:57 . 2012-12-20 13:56 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-12-20 13:57 . 2012-12-20 13:56 779704 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-20 13:57 . 2012-12-20 13:56 859072 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-20 13:56 . 2012-12-20 13:56 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-20 13:56 . 2012-12-20 13:56 -------- d-----w- c:\arquivos de programas\Java

2012-12-18 20:18 . 2012-12-20 12:42 -------- d-----w- c:\arquivos de programas\uTorrent

2012-12-18 20:17 . 2013-01-07 17:17 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\uTorrent

2012-12-18 14:19 . 2012-06-09 18:21 178688 ----a-w- c:\windows\system32\unrar.dll

2012-12-18 14:18 . 2012-12-18 14:19 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2012-12-13 19:46 . 2012-12-17 12:29 -------- d-----w- c:\arquivos de programas\Cobian Backup 11

2012-12-10 20:20 . 2012-12-17 12:33 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\FileZilla

2012-12-10 20:17 . 2012-12-10 20:17 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\GlobalSCAPE

2012-12-10 11:46 . 2012-12-10 11:46 -------- d-----w- c:\windows\system32\wbem\Repository

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 20:33 . 2012-10-19 11:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-12 20:33 . 2012-10-19 11:32 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-03 19:29 . 2012-12-03 17:13 344 ---h--w- c:\documents and settings\All Users\gwp2.sys

2012-11-16 13:08 . 2012-11-16 13:08 47360 ----a-w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\pcouffin.sys

2012-10-30 22:51 . 2012-10-05 14:08 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2012-10-05 14:08 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-30 22:51 . 2012-10-05 14:08 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2012-10-05 14:08 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2012-10-05 14:08 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-30 22:51 . 2012-10-05 14:08 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-30 22:51 . 2012-10-05 14:08 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2012-10-05 14:08 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-30 22:51 . 2012-10-05 14:08 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2012-10-05 14:08 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-26 23:03 . 2012-12-05 11:00 187736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-10-26 23:03 . 2012-10-26 23:03 104280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-10-26 23:02 . 2012-12-05 11:00 84312 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys

2012-10-26 23:02 . 2012-12-05 11:00 94040 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-10-26 23:02 . 2012-10-26 23:02 115544 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-10-26 23:02 . 2012-10-26 23:02 174424 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

2012-10-10 18:40 . 2012-10-05 13:39 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys

2012-10-10 18:40 . 2012-10-05 13:45 17488 ----a-w- c:\windows\gdrv.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"abfiv"="c:\arquivos de programas\blok free 4\abfiv.exe" [2012-05-29 709120]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2012-12-18 969104]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-06 142616]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-06 182552]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-06 166680]

"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Blok Free 4"="c:\arquivos de programas\Blok Free 4\abfiv.exe" [2012-05-29 709120]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\documents and settings\f003589.FUNPEC.BR\Menu Iniciar\Programas\Inicializar\

Stardock ObjectDock.lnk - c:\arquivos de programas\Stardock\ObjectDockFree\ObjectDock.exe [2012-8-28 3768688]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acrobat Assistant.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Acrobat Assistant.lnk

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2012-04-04 09:09 446392 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]

2012-03-09 19:26 1073312 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2011-05-12 06:10 20053608 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 16:37 517096 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

.

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [05/10/2012 10:27 18544]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/10/2012 11:08 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/10/2012 11:08 361032]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [05/12/2012 08:00 187736]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [05/12/2012 08:00 94040]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/10/2012 11:08 21256]

R2 Smart TimeLock;Smart TimeLock Service;c:\arquivos de programas\Gigabyte\SMART6\timelock\TimeMgmtDaemon.exe [05/10/2012 10:30 114688]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe [05/10/2012 10:27 2655768]

R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [13/07/2009 01:07 21096]

R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [13/07/2009 01:07 25448]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [05/10/2012 10:17 65136]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [05/10/2012 10:27 41088]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [26/10/2012 20:02 115544]

S2 Syslogon;System logon;c:\windows\system32\1052\lsass.exe [03/12/2012 14:13 471552]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/10/2012 10:27 1691480]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [29/11/2012 15:55 13192]

S3 etdrv;etdrv;c:\windows\etdrv.sys [05/10/2012 10:46 17488]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [29/11/2012 15:55 8456]

S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [05/10/2012 10:39 24944]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 17:22 34064]

S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [26/10/2012 20:03 104280]

S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [05/12/2012 08:00 84312]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 20:33]

.

2013-01-07 c:\windows\Tasks\avast! Emergency Update.job

- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-16 22:50]

.

2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-10-05 13:56]

.

2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-10-05 13:56]

.

2013-01-07 c:\windows\Tasks\PandaUSBVaccine.job

- c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2012-10-11 19:45]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.funpec.br/ponto_online/

mStart Page = hxxp://www.google.fr/

uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.4.65.16

.

- - - - ORFÃOS REMOVIDOS - - - -

.

HKCU-Run-sbfiv - c:\windows\System32\sbfiv.exe

HKLM-Run-sbfiv - c:\windows\System32\sbfiv.exe

MSConfigStartUp-TkBellExe - c:\arquivos de programas\Real\RealPlayer\update\realsched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-07 14:19

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Tempo para conclusão: 2013-01-07 14:20:05

ComboFix-quarantined-files.txt 2013-01-07 17:20

.

Pré-execução: 13 pasta(s) 398.008.037.376 bytes disponíveis

Pós execução: 15 pasta(s) 398.209.159.168 bytes disponíveis

.

- - End Of File - - 03180DC2D6F0FBEF22AAE351FAEEBB7A

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Janeiro 7, 2013

Boa Tarde! Edvan

|- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.

|- Salve-o,no desktop,com o nome: CFScript <-- Texto!

KillAll::
Registry::

[-HKLM\SOFTWARE\Classes\.vzs2]

File::

c:\documents and settings\All Users\gwp2.sys

c:\windows\system32\1052\lsass.exe

Driver::

Syslogon

ClearJavaCache::

|- Ps: Desabilite,temporariamente,seu antivírus.

|- Ps: Não utilizem este script em outra máquina!

|- Arraste,o CFScript.txt para o ícone/interior do ComboFix.

|- Veja a demonstração!

|- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

|- Ps: Faça o arraste,até surgir essa solicitação! ( janela )

|- Ao surgir solicitação para atualizar a ferramenta,clique Sim!

|- Concluindo,poste: C:\ComboFix.txt

A+

Compartilhar este post

Link para o post

Compartilhar em outros sites

Edvan 30

Edvan

Denunciar post

Postado Janeiro 7, 2013

ComboFix 13-01-06.01 - f003589 07/01/2013 15:37:15.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1959.1396 [GMT -3:00]

Executando de: c:\documents and settings\f003589.FUNPEC.BR\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\f003589.FUNPEC.BR\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

FILE ::

"c:\documents and settings\All Users\gwp2.sys"

"c:\windows\system32\1052\lsass.exe"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\gwp2.sys

c:\windows\system32\1052\lsass.exe

c:\windows\System32\sbfiv.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_SYSLOGON

-------\Service_Syslogon

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-12-07 to 2013-01-07 ))))))))))))))))))))))))))))

.

.

2013-01-04 18:53 . 2013-01-04 18:53 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\VirtualBox VMs

2013-01-04 11:36 . 2013-01-07 12:42 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2013-01-04 11:35 . 2013-01-07 12:42 -------- d-----w- c:\arquivos de programas\ZHPDiag

2012-12-27 13:37 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2012-12-27 13:37 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll

2012-12-27 13:37 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2012-12-27 13:37 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2012-12-27 13:37 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2012-12-27 13:37 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-12-26 14:37 . 2012-12-26 14:37 -------- d-----w- C:\My Documents

2012-12-26 14:37 . 2001-01-16 18:46 50576 ------w- c:\windows\system32\drivers\hppadt40.sys

2012-12-26 14:37 . 2001-01-16 18:44 17872 ------w- c:\windows\system32\drivers\hppausb0.sys

2012-12-26 14:37 . 2001-01-16 18:21 53248 ------w- c:\windows\system32\hppapml0.dll

2012-12-26 14:37 . 2001-01-16 18:20 61440 ------w- c:\windows\system32\hppapml0.exe

2012-12-26 14:37 . 2001-01-16 18:11 94208 ------w- c:\windows\system32\hppapts0.dll

2012-12-26 14:37 . 2001-01-16 18:10 61440 ------w- c:\windows\system32\hppanet0.exe

2012-12-26 14:37 . 2001-01-16 17:43 15792 ------w- c:\windows\system32\drivers\hppaprt0.sys

2012-12-26 14:37 . 2001-01-08 17:26 73728 ------w- c:\windows\system32\hppadt40.dll

2012-12-26 14:36 . 2001-01-17 15:38 40960 ------w- c:\windows\system32\hppamon0.dll

2012-12-26 14:36 . 2001-01-05 11:38 58880 ------w- c:\windows\system32\hpdcmon.dll

2012-12-26 14:36 . 2000-07-31 15:00 317952 ------w- c:\windows\system32\roboex32.dll

2012-12-26 14:36 . 2012-12-26 14:36 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2012-12-26 14:35 . 2001-08-18 00:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys

2012-12-26 14:35 . 2001-08-18 00:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys

2012-12-26 14:35 . 2008-04-13 14:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys

2012-12-26 14:35 . 2008-04-13 14:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys

2012-12-26 14:35 . 2001-09-06 02:06 24064 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys

2012-12-26 14:35 . 2001-09-06 02:06 24064 ----a-w- c:\windows\system32\drivers\Dot4usb.sys

2012-12-21 18:36 . 2012-12-21 18:36 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Configurações locais\Dados de aplicativos\Sun

2012-12-21 17:09 . 2012-12-21 17:09 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\Malwarebytes

2012-12-21 17:09 . 2012-12-21 17:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2012-12-21 17:09 . 2013-01-03 19:51 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2012-12-21 17:09 . 2012-12-14 19:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-20 13:57 . 2012-12-20 13:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2012-12-20 13:57 . 2012-12-20 13:56 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-12-20 13:57 . 2012-12-20 13:56 779704 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-20 13:57 . 2012-12-20 13:56 859072 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-20 13:56 . 2012-12-20 13:56 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-20 13:56 . 2012-12-20 13:56 -------- d-----w- c:\arquivos de programas\Java

2012-12-18 20:18 . 2012-12-20 12:42 -------- d-----w- c:\arquivos de programas\uTorrent

2012-12-18 20:17 . 2013-01-07 18:46 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\uTorrent

2012-12-18 14:19 . 2012-06-09 18:21 178688 ----a-w- c:\windows\system32\unrar.dll

2012-12-18 14:18 . 2012-12-18 14:19 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2012-12-13 19:46 . 2012-12-17 12:29 -------- d-----w- c:\arquivos de programas\Cobian Backup 11

2012-12-10 20:20 . 2012-12-17 12:33 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\FileZilla

2012-12-10 20:17 . 2012-12-10 20:17 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\GlobalSCAPE

2012-12-10 11:46 . 2012-12-10 11:46 -------- d-----w- c:\windows\system32\wbem\Repository

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 20:33 . 2012-10-19 11:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-12 20:33 . 2012-10-19 11:32 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-16 13:08 . 2012-11-16 13:08 47360 ----a-w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\pcouffin.sys

2012-10-30 22:51 . 2012-10-05 14:08 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2012-10-05 14:08 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-30 22:51 . 2012-10-05 14:08 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2012-10-05 14:08 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2012-10-05 14:08 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-30 22:51 . 2012-10-05 14:08 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-30 22:51 . 2012-10-05 14:08 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2012-10-05 14:08 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-30 22:51 . 2012-10-05 14:08 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2012-10-05 14:08 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-26 23:03 . 2012-12-05 11:00 187736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-10-26 23:03 . 2012-10-26 23:03 104280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-10-26 23:02 . 2012-12-05 11:00 84312 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys

2012-10-26 23:02 . 2012-12-05 11:00 94040 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-10-26 23:02 . 2012-10-26 23:02 115544 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-10-26 23:02 . 2012-10-26 23:02 174424 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

2012-10-10 18:40 . 2012-10-05 13:39 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys

2012-10-10 18:40 . 2012-10-05 13:45 17488 ----a-w- c:\windows\gdrv.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"abfiv"="c:\arquivos de programas\blok free 4\abfiv.exe" [2012-05-29 709120]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2012-12-18 969104]

"sbfiv"="c:\windows\System32\sbfiv.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-06 142616]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-06 182552]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-06 166680]

"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Blok Free 4"="c:\arquivos de programas\Blok Free 4\abfiv.exe" [2012-05-29 709120]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-07-03 252848]

"sbfiv"="c:\windows\System32\sbfiv.exe" [bU]

.

c:\documents and settings\f003589.FUNPEC.BR\Menu Iniciar\Programas\Inicializar\

Stardock ObjectDock.lnk - c:\arquivos de programas\Stardock\ObjectDockFree\ObjectDock.exe [2012-8-28 3768688]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acrobat Assistant.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Acrobat Assistant.lnk

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2012-04-04 09:09 446392 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]

2012-03-09 19:26 1073312 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2011-05-12 06:10 20053608 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 16:37 517096 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

.

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [05/10/2012 10:27 18544]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/10/2012 11:08 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/10/2012 11:08 361032]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [05/12/2012 08:00 187736]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [05/12/2012 08:00 94040]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/10/2012 11:08 21256]

R2 Smart TimeLock;Smart TimeLock Service;c:\arquivos de programas\Gigabyte\SMART6\timelock\TimeMgmtDaemon.exe [05/10/2012 10:30 114688]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe [05/10/2012 10:27 2655768]

R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [13/07/2009 01:07 21096]

R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [13/07/2009 01:07 25448]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [05/10/2012 10:17 65136]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [05/10/2012 10:27 41088]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [26/10/2012 20:02 115544]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/10/2012 10:27 1691480]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [29/11/2012 15:55 13192]

S3 etdrv;etdrv;c:\windows\etdrv.sys [05/10/2012 10:46 17488]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [29/11/2012 15:55 8456]

S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [05/10/2012 10:39 24944]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 17:22 34064]

S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [26/10/2012 20:03 104280]

S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [05/12/2012 08:00 84312]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 20:33]

.

2013-01-07 c:\windows\Tasks\avast! Emergency Update.job

- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-16 22:50]

.

2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-10-05 13:56]

.

2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-10-05 13:56]

.

2013-01-07 c:\windows\Tasks\PandaUSBVaccine.job

- c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2012-10-11 19:45]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.funpec.br/ponto_online/

mStart Page = hxxp://www.google.fr/

uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.4.65.16

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-07 15:47

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'explorer.exe'(3996)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Stardock\ObjectDockFree\DockShellHook.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVAST Software\Avast\AvastSvc.exe

c:\arquivos de programas\Java\jre7\bin\jqs.exe

c:\arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\AVAST Software\Avast\setup\avast.setup

c:\arquivos de programas\Panda USB Vaccine\USBVaccine.exe

c:\arquivos de programas\GIGABYTE\Smart6\Timelock\AlarmClock.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-01-07 15:48:49 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-01-07 18:48

ComboFix2.txt 2013-01-07 17:20

.

Pré-execução: 14 pasta(s) 398.209.085.440 bytes disponíveis

Pós execução: 15 pasta(s) 398.125.776.896 bytes disponíveis

.

- - End Of File - - FC091AAD88A53F12B1F7BC2C0C37489B

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Janeiro 7, 2013

Boa Tarde! Edvan

|- As reinicializações permanecem?

-/-

|- Baixe: < > Link!

|- Salve-o no desktop ou Arquivos de programas.

|- Ao executar o Setup,clique "Next".

|- Aguarde a atualização da ferramenta!

|- Ao concluir,clique "Accept and Scan".

|- Finalizando o scan,clique "Clean".

|- Para ter maior domínio do que queira remover clique na seta,para selecionar o(s) ítens,já que alguns podem ser "falsos positivo".

A+

Compartilhar este post

Link para o post

Compartilhar em outros sites

Edvan 30

Edvan

Denunciar post

Postado Janeiro 8, 2013

Boa Tarde! Edvan

|- As reinicializações permanecem?

Não agora está tudo ok. :thumbsup:

P.S <> O panda pegou esses três aqui, você ainda está usando o panda como antivirus?

Rapaz estou com um note aqui que nao consigo nem a pau instalar o avast nele!.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\F003589.FUNPEC.BR\COOKIES\MQA0WVP9.TXT to be deleted.

Malware. FILE: C:\DOCUMENTS AND SETTINGS\F003589.FUNPEC.BR\COOKIES\HDC1BQYH.TXT to be deleted.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Janeiro 8, 2013

Bom Dia! Edvan

P.S <> O panda pegou esses três aqui, você ainda está usando o panda como antivirus?

Rapaz estou com um note aqui que nao consigo nem a pau instalar o avast nele!.

|- Não! Testei o Panda Cloud por um ano e o achei ótimo para quem,ainda,possui o Windows XP. Atualmente estou sem antivírus,pois optei por outra modalidade de proteção,dando ênfase aos navegadores. ( NoScript ;NotScripts ;WOT )

|- Complementei tudo isso,com o WinPatrol + Spyware Blaster,que utilizo há muitos anos.

#####

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

#####

|- Esta foi a única detecção relevante e que foi corrigida pela ferramenta.

|- Pode utilizar DelFix para remover ZHPDiag.

|- Caso queira,mantenha o Panda Cloud Cleaner,em seu PC.

Rapaz estou com um note aqui que nao consigo nem a pau instalar o avast nele!.

|- Abra um "Novo Tópico",referente ao seu Note,com o log de ZHPDiag e veremos o que pode ser feito.

Abs!

Compartilhar este post

Link para o post

Compartilhar em outros sites

Edvan 30

Edvan

Denunciar post

Postado Janeiro 8, 2013

OK amigo, pode fechar o tópico!. :grin:

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Janeiro 8, 2013

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post

Compartilhar em outros sites

Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)

- PHP+Codeigniter - Adicionar Registro Plano de Contas
  
  Por violin101, Wednesday às 16:11 em PHP
- Javascript - Passar Parâmetros para uma Função.
  
  Por violin101, Outubro 28 em Javascript
- PHP - Consulta MySql para prazo de dias
  
  Por violin101, Novembro 17 em PHP

×

Fóruns
Tempo Real

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

Aceito