Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Bruno Carazato

[Resolvido] &nbspAnálise de Log

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Bruno Carazato    0

Bruno Carazato
Postado

Bom, as pastas dos meus pendrives, cartões de memorias estão se tornando arquivos executaveis....

outros probleminhas acontecem como navegador fechar de repente e meu ant virus acusa alguns virus...

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:35:11, on 9/1/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Win\lsass.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

D:\Meus documentos\Downloads\Pazera_Free_MOV_to_AVI_Converter.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\is-CGBRA.tmp\Pazera_Free_MOV_to_AVI_Converter.tmp

C:\Hijhackthis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\nsr19.tmp\dpactrlr.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: G-Buster Browser Defense BMB - {C41A1C0E-EA6C-11D4-B1B8-444553540001} - C:\ARQUIV~1\GbPlugin\gbiehbmb.dll

O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Arquivos de programas\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399001} (GbPluginObj Class) - https://bdu.bmb.com.br/plugin/GbPluginBmb.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: GbPluginBmb - C:\ARQUIV~1\GbPlugin\gbiehBmb.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 10436 bytes

 

obrigado!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! furiosb

 

|- < mgasparin >

 

|- Para limpar o pendrive,siga estas orientações que estão em mgasparin.com.

|- Desabilite a autoinicialização no seu XP,ou aperte a tecla Shift ao inserir o pendrive e execute os comandos ali propostos.

|- Vá em "Iniciar" -> "Painel de Controle" -> "Hardware e Sons" -> "Reprodução Automática".

|- Desmarque a caixa ao lado de: "Usar Reprodução Automática em todas as mídias e dispositivos"

|- Clique "Salvar".

 

-/-

 

|- Baixe: < UsbFix > ( ...de C_XX & El Desaparecido )

 

UsbFix_Telecharge.jpg

 

|- Salve-o no desktop!

|- Siga com sua instalação.

|- Desmarque: "Desativar Autorun/AutoPlay automaticamente" -> OK

|- Conecte seu pendrive ao computador!

|- Execute o arquivo UsbFix.exe,com um duplo clique.

 

UsbFix_Supprssion.jpg

 

|- Escolha a opção "Suppression".

|- Aguarde a conclusão e poste o relatório. ( C:\UsbFix.txt )

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bruno Carazato    0

Bruno Carazato
Postado 
############################## | UsbFix V 7.102 | [supressão]

Usuário: Administrador (Administrador) # OLIVEIRA-FD9F09
Atualizado em 20/12/2012 por El Desaparecido
Começou em 16:25:11 | 10/01/2013

Site: http://sosvirus.org
Contato: contact@eldesaparecido.com

PC: System manufacturer (System Product Name) (X86-based PC
CPU: Intel(R) Core(TM)2 Duo CPU     E4600  @ 2.40GHz (2400)
RAM -> [Total : 2038 | Free : 1518]
BIOS: BIOS Date: 12/12/07 14:03:27 Ver: 08.00.12
BOOT: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disco fixo # 78 Gb (41 Mb livre - 53%) [] # NTFS
D:\ -> Disco fixo # 220 Gb (163 Mb livre - 74%) [Dados] # NTFS
E:\ -> CD-ROM
L:\ -> Disco removível # 2 Gb (466 Mb livre - 25%) [] # FAT

################## | Processos Ativos |

C:\WINDOWS\System32\smss.exe (632)
C:\WINDOWS\system32\csrss.exe (684)
C:\WINDOWS\system32\winlogon.exe (712)
C:\WINDOWS\system32\services.exe (756)
C:\WINDOWS\system32\lsass.exe (768)
C:\ARQUIV~1\GbPlugin\GbpSv.exe (948)
C:\WINDOWS\system32\svchost.exe (976)
C:\WINDOWS\system32\svchost.exe (1084)
C:\WINDOWS\System32\svchost.exe (1180)
C:\WINDOWS\system32\svchost.exe (1240)
C:\WINDOWS\system32\svchost.exe (1392)
C:\WINDOWS\system32\spoolsv.exe (1504)
C:\WINDOWS\Explorer.EXE (1672)
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (1692)
C:\WINDOWS\system32\svchost.exe (1840)
C:\WINDOWS\system32\igfxtray.exe (200)
C:\WINDOWS\system32\hkcmd.exe (208)
C:\WINDOWS\system32\igfxpers.exe (232)
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (248)
C:\WINDOWS\system32\igfxsrvc.exe (272)
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe (360)
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe (276)
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (440)
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe (456)
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe (480)
C:\WINDOWS\RTHDCPL.EXE (504)
C:\WINDOWS\system32\ctfmon.exe (540)
C:\Arquivos de programas\Messenger\msmsgs.exe (556)
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe (908)
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (1044)
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe (1056)
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe (1956)
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (2008)
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe (1740)
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe (1324)
C:\Arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (2280)
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe (2368)
C:\WINDOWS\system32\svchost.exe (2452)
C:\WINDOWS\system32\wdfmgr.exe (2488)
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe (2756)
C:\WINDOWS\System32\alg.exe (3492)
C:\WINDOWS\system32\wscntfy.exe (3592)
C:\Arquivos de programas\Windows Media Player\wmplayer.exe (2068)
C:\UsbFix\Go.exe (1636)
C:\WINDOWS\system32\wbem\wmiprvse.exe (2056)

################## | Processos parados |

Parado! C:\ARQUIV~1\GbPlugin\GbpSv.exe (948)
Parado! C:\WINDOWS\system32\spoolsv.exe (1504)
Parado! C:\WINDOWS\Explorer.EXE (1672)
Parado! C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (1692)
Parado! C:\WINDOWS\system32\igfxtray.exe (200)
Parado! C:\WINDOWS\system32\hkcmd.exe (208)
Parado! C:\WINDOWS\system32\igfxpers.exe (232)
Parado! C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (248)
Parado! C:\WINDOWS\system32\igfxsrvc.exe (272)
Parado! C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe (360)
Parado! C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe (276)
Parado! C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (440)
Parado! C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe (456)
Parado! C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe (480)
Parado! C:\WINDOWS\RTHDCPL.EXE (504)
Parado! C:\WINDOWS\system32\ctfmon.exe (540)
Parado! C:\Arquivos de programas\Messenger\msmsgs.exe (556)
Parado! C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe (908)
Parado! C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (1044)
Parado! C:\Arquivos de programas\Orbitdownloader\orbitnet.exe (1056)
Parado! C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe (1956)
Parado! C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (2008)
Parado! C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe (1740)
Parado! C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe (1324)
Parado! C:\Arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (2280)
Parado! C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe (2368)
Parado! C:\WINDOWS\system32\wdfmgr.exe (2488)
Parado! C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe (2756)
Parado! C:\WINDOWS\System32\alg.exe (3492)
Parado! C:\WINDOWS\system32\wscntfy.exe (3592)
Parado! C:\Arquivos de programas\Windows Media Player\wmplayer.exe (2068)

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\Recycler\S-1-5-21-842925246-746137067-682003330-500
Supprimido ! D:\Recycler\S-1-5-21-842925246-746137067-682003330-500
Supprimido ! L:\Recycler\S-1-5-21-1482476501-3352491937-682996330-1013\sys32.exe
Supprimido ! L:\Recycler\S-1-5-21-1482476501-3352491937-682996330-1013
Supprimido ! C:\Win
Supprimido ! L:\DCIM.exe
Supprimido ! L:\Images.exe
Supprimido ! L:\Notepad.exe
Supprimido ! L:\PhotoEditor.exe
Supprimido ! L:\pictures.exe
Supprimido ! L:\RECYCLER.exe
Supprimido ! L:\Videos.exe
Supprimido ! L:\download.exe
Supprimido ! L:\.android_secure.exe
Supprimido ! L:\Android.exe
Supprimido ! L:\WhatsApp.exe
Supprimido ! L:\Voxer.exe
Supprimido ! L:\albumart.exe
Supprimido ! L:\.quickoffice.exe
Supprimido ! L:\cmp.exe
Supprimido ! L:\voice.exe
Supprimido ! L:\Music.exe
Supprimido ! L:\bugreports.exe
Supprimido ! L:\media.exe
Supprimido ! L:\bluetooth.exe
Supprimido ! L:\cardiotrainer.exe
Supprimido ! L:\albumthumbs.exe
Supprimido ! L:\viber.exe
Supprimido ! L:\Sounds.exe
Supprimido ! L:\Other files.exe
Supprimido ! L:\GFS_TMP.exe

(!) Ficheiros temporários suprimido.

################## | Registro |

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|run32

################## | Mountpoints2 |


################## | Listing |

[10/01/2013 - 00:27:26 | D ] 	C:\Arquivos de programas
[02/12/2012 - 16:57:48 | N | 0] 	C:\AUTOEXEC.BAT
[10/01/2013 - 00:10:13 | RASHD ] 	C:\Autorun.inf
[02/12/2012 - 16:53:01 | N | 211] 	C:\boot.ini
[06/09/2001 - 12:00:00 | N | 4952] 	C:\Bootfont.bin
[10/01/2013 - 00:27:37 | D ] 	C:\Config.Msi
[02/12/2012 - 16:57:48 | N | 0] 	C:\CONFIG.SYS
[02/12/2012 - 17:06:13 | D ] 	C:\Documents and Settings
[10/01/2013 - 16:24:26 | D ] 	C:\downloads
[13/12/2012 - 23:49:14 | D ] 	C:\Fraps
[09/12/2012 - 09:17:53 | D ] 	C:\HijackThis
[09/01/2013 - 20:34:57 | D ] 	C:\Hijhackthis
[02/12/2012 - 17:13:04 | D ] 	C:\Intel
[02/12/2012 - 16:57:48 | N | 0] 	C:\IO.SYS
[09/12/2012 - 13:41:26 | D ] 	C:\Level Up! Games
[02/12/2012 - 16:57:48 | N | 0] 	C:\MSDOS.SYS
[04/12/2012 - 15:29:53 | RHD ] 	C:\MSOCache
[03/08/2004 - 22:38:34 | N | 47564] 	C:\NTDETECT.COM
[02/12/2012 - 23:58:00 | N | 251696] 	C:\ntldr
[10/01/2013 - 13:59:18 | ASH | 2145386496] 	C:\pagefile.sys
[08/12/2012 - 21:00:48 | D ] 	C:\ProgramData
[10/01/2013 - 16:29:59 | SHD ] 	C:\RECYCLER
[02/12/2012 - 17:18:40 | N | 589] 	C:\RHDSetup.log
[03/12/2012 - 19:52:07 | D ] 	C:\Riot Games
[02/12/2012 - 17:06:07 | SHD ] 	C:\System Volume Information
[25/12/2012 - 20:11:43 | D ] 	C:\temp
[10/01/2013 - 16:29:59 | D ] 	C:\UsbFix
[10/01/2013 - 16:31:25 | A | 6588] 	C:\UsbFix.txt
[10/01/2013 - 00:10:36 | N | 220419391] 	C:\UsbFix_Upload_Me_OLIVEIRA-FD9F09.zip
[10/01/2013 - 13:59:53 | D ] 	C:\WINDOWS
[12/12/2012 - 10:24:36 | N | 1183] 	C:\_Sid.txt
[09/01/2013 - 23:05:01 | D ] 	D:\36482f4f5694d46e1943c938a0dfe3
[09/01/2013 - 23:05:01 | D ] 	D:\453fd1bdceb81357ea0e50f051a0
[05/12/2012 - 13:05:57 | D ] 	D:\6dff6f8ac4d7538ebbdd3786dd93
[10/01/2013 - 00:10:13 | RASHD ] 	D:\Autorun.inf
[03/12/2012 - 15:00:58 | D ] 	D:\f878c9ddcdf22a983c
[09/01/2013 - 23:05:00 | D ] 	D:\Meus Documentos
[10/01/2013 - 16:29:59 | SHD ] 	D:\RECYCLER
[02/12/2012 - 19:46:51 | SHD ] 	D:\System Volume Information
[28/10/2012 - 17:48:06 | D ] 	L:\LOST.DIR
[06/12/2012 - 13:19:04 | D ] 	L:\download
[08/12/2012 - 22:40:10 | D ] 	L:\.android_secure
[03/11/2012 - 21:03:30 | D ] 	L:\Android
[10/01/2013 - 02:43:18 | D ] 	L:\DCIM
[28/10/2012 - 18:29:24 | N | 36] 	L:\.profig.os
[05/11/2012 - 06:00:00 | D ] 	L:\WhatsApp
[03/11/2012 - 20:57:38 | D ] 	L:\Pictures
[30/10/2012 - 12:53:20 | D ] 	L:\Voxer
[09/12/2012 - 01:18:30 | D ] 	L:\albumart
[29/11/2012 - 09:23:26 | D ] 	L:\.quickoffice
[29/10/2012 - 07:48:02 | D ] 	L:\cmp
[11/11/2012 - 15:41:40 | D ] 	L:\voice
[20/11/2012 - 06:32:36 | D ] 	L:\Music
[09/11/2012 - 19:34:28 | D ] 	L:\bugreports
[31/10/2012 - 00:08:28 | D ] 	L:\media
[03/12/2012 - 23:39:24 | D ] 	L:\bluetooth
[16/11/2012 - 11:54:46 | D ] 	L:\Notepad
[05/11/2012 - 16:45:22 | D ] 	L:\cardiotrainer
[15/11/2012 - 11:27:42 | N | 7715] 	L:\default-capability.xml
[15/11/2012 - 11:29:30 | D ] 	L:\albumthumbs
[20/11/2012 - 23:25:28 | D ] 	L:\PhotoEditor
[08/12/2012 - 22:25:38 | D ] 	L:\viber
[08/12/2012 - 19:45:12 | RSHD ] 	L:\RECYCLER
[31888/141/63364 - 552:31889:65535 | D ] 	L:\Images
[31888/141/63364 - 552:31889:65535 | D ] 	L:\Videos
[31888/141/63364 - 552:31889:65535 | D ] 	L:\Sounds
[31888/141/63364 - 552:31889:65535 | D ] 	L:\Other files
[13/12/2012 - 23:09:00 | D ] 	L:\GFS_TMP
[14/12/2012 - 23:59:58 | N | 20] 	L:\mm_sec.dat

################## | Vaccin |

C:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
D:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
L:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! furiosb

 

|- Baixe: < desktopicon.png > ( ... by sUBs )

|- Salve-o no desktop! ( Área de trabalho! )

|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )

|- Feche algum programa/arquivo que esteja aberto.

|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )

|- Ps: Esteja conectado(a) à Internet. <- Importante!

|- Execute ComboFix.exe,com um duplo clique.

|- Para Windows Vista e/ou 7,dê clique direito em ComboFix.exe e execute-o como administrador. <- Importante!

|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!

|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

 

Safe-Mode.jpg

 

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.

|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.

|- Abrir-se-á a janela Auto Scan.

 

etapas.jpg

 

|- Aguarde a finalização de todas as Etapas.

|- Durante o scan,evite utilizar o mouse ou teclado!

|- Concluindo,poste: C:\ComboFix.txt

|- Poste,também,HijackThis atualizado!

 

"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."

|- Ao ocorrer este erro,basta reiniciar o computador!

|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bruno Carazato    0

Bruno Carazato
Postado

Combofix

 

ComboFix 13-01-16.01 - Administrador 16/01/2013 18:22:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1138 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - system32: deleted 2 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\RelevantKnowledge
c:\arquivos de programas\RelevantKnowledge\chrome.manifest
c:\arquivos de programas\RelevantKnowledge\components\rlxg.dll
c:\arquivos de programas\RelevantKnowledge\firefox\bootstrap.js
c:\arquivos de programas\RelevantKnowledge\firefox\defaults\preferences\prefs.js
c:\arquivos de programas\RelevantKnowledge\firefox\harness-options.json
c:\arquivos de programas\RelevantKnowledge\firefox\install.rdf
c:\arquivos de programas\RelevantKnowledge\firefox\locale\en-GB.json
c:\arquivos de programas\RelevantKnowledge\firefox\locale\eo.json
c:\arquivos de programas\RelevantKnowledge\firefox\locale\fr-FR.json
c:\arquivos de programas\RelevantKnowledge\firefox\locales.json
c:\arquivos de programas\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\content.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\events.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\file.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\list.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\process.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\system.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\url.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\chrome.manifest
c:\arquivos de programas\RelevantKnowledge\firefox\resources\dpjs\data\content.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js
c:\arquivos de programas\RelevantKnowledge\firefox\resources\dpjs\lib\main.js
c:\arquivos de programas\RelevantKnowledge\firefox\rlnx.dll
c:\arquivos de programas\RelevantKnowledge\install.rdf
c:\arquivos de programas\RelevantKnowledge\rlcm.crx
c:\arquivos de programas\RelevantKnowledge\rlcm.txt
c:\arquivos de programas\RelevantKnowledge\rlls.dll
c:\arquivos de programas\RelevantKnowledge\rlls64.dll
c:\arquivos de programas\RelevantKnowledge\rloci.bin
c:\arquivos de programas\RelevantKnowledge\rlph.dll
c:\arquivos de programas\RelevantKnowledge\rlservice.exe
c:\arquivos de programas\RelevantKnowledge\rlvknlg64.exe
c:\arquivos de programas\RelevantKnowledge\rlxf.dll
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\documents and settings\All Users\Menu Iniciar\Programas\RelevantKnowledge
c:\documents and settings\All Users\Menu Iniciar\Programas\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Menu Iniciar\Programas\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk
c:\documents and settings\All Users\Menu Iniciar\Programas\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Menu Iniciar\Programas\RelevantKnowledge\Support.lnk
c:\documents and settings\All Users\Menu Iniciar\Programas\RelevantKnowledge\Uninstall Instructions.lnk
c:\windows\IsUn0416.exe
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-12-16 to 2013-01-16 ))))))))))))))))))))))))))))
.
.
2013-01-16 20:08 . 2013-01-16 20:10 -------- d-----w- c:\windows\system32\NtmsData
2013-01-16 19:28 . 2013-01-16 19:28 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\MP3 Karaoke
2013-01-16 19:27 . 2013-01-16 19:27 -------- d-----w- c:\arquivos de programas\MP3 Karaoke
2013-01-16 17:12 . 2013-01-16 17:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\LolClient
2013-01-15 23:35 . 2008-04-13 21:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-01-15 23:35 . 2008-04-13 21:20 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-01-15 23:35 . 2008-04-13 20:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-01-15 23:35 . 2008-04-13 20:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-01-15 00:05 . 2013-01-15 00:05 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\SKIDROW
2013-01-14 23:51 . 2013-01-14 23:51 -------- d-----w- c:\arquivos de programas\2K Games
2013-01-14 23:49 . 2013-01-14 23:50 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-14 23:49 . 2013-01-14 23:51 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools Lite
2013-01-14 23:49 . 2013-01-14 23:49 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite
2013-01-14 23:48 . 2013-01-14 23:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite
2013-01-14 00:35 . 2013-01-14 00:35 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\assembly
2013-01-12 14:33 . 2013-01-12 14:33 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic
2013-01-12 05:21 . 2013-01-12 05:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
2013-01-12 05:19 . 2011-12-21 18:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2013-01-12 05:19 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2013-01-12 05:19 . 2012-11-25 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-01-12 05:19 . 2013-01-12 05:20 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2013-01-12 03:43 . 2013-01-12 03:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM
2013-01-12 03:35 . 2013-01-16 19:03 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype
2013-01-12 03:35 . 2013-01-12 05:21 -------- d-----r- c:\arquivos de programas\Skype
2013-01-12 03:34 . 2013-01-12 05:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
2013-01-11 22:20 . 2013-01-11 22:20 -------- d-----w- c:\windows\element
2013-01-10 02:01 . 2013-01-10 18:32 -------- d-----w- C:\UsbFix
2013-01-10 01:22 . 2013-01-10 02:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\systweak
2013-01-09 22:44 . 2013-01-09 22:44 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\TuneUp Software
2013-01-09 22:38 . 2013-01-09 22:38 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TuneUp Software
2013-01-09 22:38 . 2013-01-09 22:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software
2013-01-09 22:38 . 2013-01-09 22:38 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-09 22:38 . 2013-01-09 22:38 -------- d--h--w- c:\documents and settings\All Users\Dados de aplicativos\Common Files
2013-01-09 22:35 . 2013-01-09 22:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon
2013-01-09 22:35 . 2013-01-09 22:35 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Babylon
2013-01-09 22:34 . 2013-01-09 22:34 -------- d-----w- C:\Hijhackthis
2013-01-09 22:31 . 2013-01-10 01:22 -------- d-----w- c:\arquivos de programas\pazera-software
2013-01-09 13:37 . 2013-01-09 13:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ProgSense
2013-01-09 13:37 . 2013-01-16 20:14 -------- d-----w- C:\downloads
2013-01-09 13:37 . 2013-01-09 13:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GrabPro
2013-01-09 13:37 . 2013-01-09 13:37 -------- d-----w- c:\arquivos de programas\Orbitdownloader
2013-01-09 13:37 . 2013-01-16 20:30 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit
2013-01-08 01:03 . 2013-01-08 01:03 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\TechSmith
2012-12-23 21:28 . 2012-12-23 21:28 -------- d-----w- c:\arquivos de programas\uTorrent
2012-12-23 21:28 . 2013-01-14 23:36 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent
2012-12-23 21:19 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 18:31 . 2013-01-10 18:31 233270165 ----a-w- C:\UsbFix_Upload_Me_OLIVEIRA-FD9F09.zip
2013-01-09 00:09 . 2012-12-05 14:04 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 00:09 . 2012-12-05 14:04 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 12:09 . 2012-12-12 12:09 45056 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2012-12-10 02:19 . 2012-12-10 02:00 2478272 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-12-10 02:00 . 2012-12-10 02:00 18368 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VSA\9.0\1033\ResourceCache.dll
2012-12-09 23:41 . 2012-12-08 22:55 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-09 23:41 . 2012-12-08 22:55 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-02 19:17 . 2012-12-02 19:17 315392 ----a-w- c:\windows\HideWin.exe
2012-10-22 19:56 . 2004-08-04 02:38 1866496 ----a-w- c:\windows\system32\win32k.sys
2012-11-29 08:26 . 2012-12-02 22:37 262112 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2012-12-09 348664]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2012-12-4 110592]
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Inicialização rápida do HP Image Zone.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2013-1-9 2637608]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399001}"= "c:\arquiv~1\GbPlugin\gbiehbmb.dll" [2012-06-19 603888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBmb]
2012-06-19 11:25 603888 ----a-w- c:\arquiv~1\GbPlugin\gbiehbmb.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Administrador\\Configurações locais\\Apps\\2.0\\6N3MYL6R.8AE\\ERYYJZ9D.13Y\\leve..tion_b598c967a14cb714_0000.0009_a599f96bbbb0cd9a\\LevelUp.DownloaderClient.exe"=
"c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Level Up! Games\\Combat Arms\\NMService.exe"=
"c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [8/12/2012 19:06 45648]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [8/12/2012 20:55 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14/1/2013 21:49 242240]
R2 AntiVirSchedulerService;Avira Programador;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [8/12/2012 20:55 86224]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [8/12/2012 19:06 212848]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 09:28 399432]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2/12/2012 17:19 36864]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/12/2012 09:28 22856]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [9/12/2012 09:28 676936]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [8/1/2013 12:55 161536]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 extrem.sys;extrem;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\extrem.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\extrem.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\arquivos de programas\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [8/12/2009 21:24 48128]
S3 XDva401;XDva401;\??\c:\windows\system32\XDva401.sys --> c:\windows\system32\XDva401.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\arquivos de programas\Microsoft SQL Server\100\Shared\sqladhlp.exe [23/7/2009 01:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/3/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/3/2009 03:23 366936]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 05:36 1606760 ----a-w- c:\arquivos de programas\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-05 00:09]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-12-12 23:25]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-12-12 23:25]
.
2013-01-16 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2012-12-05 00:18]
.
.
------- Scan Suplementar -------
.
IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bmb.com.br\bdu
Trusted Zone: mercantildobrasil.com.br\www
Trusted Zone: mercantildobrasil.com.br\www2
TCP: DhcpNameServer = 200.204.0.10
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399001} - hxxps://bdu.bmb.com.br/plugin/GbPluginBmb.cab
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\38ox7ozl.default\
FF - ExtSQL: 2012-12-05 13:06; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-01-09 11:37; {35379F86-8CCB-4724-AE33-4278DE266C70}; c:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDownloader
FF - ExtSQL: 2013-01-09 20:35; ffxtlbr@claro.com; c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\38ox7ozl.default\extensions\ffxtlbr@claro.com
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - e810863b000000000000001e8ca9c9d9
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15714
FF - user.js: extensions.claro.vrsn - 1.8.8.5
FF - user.js: extensions.claro.vrsni - 1.8.8.5
FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.520:35
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - base
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro_i.excTlbr - false
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0416.EXE
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\arquivos de programas\relevantknowledge\rlvknlg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-16 18:31
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-842925246-746137067-682003330-500\Software\DataMngr_Toolbar]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-842925246-746137067-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\arquiv~1\GbPlugin\gbiehbmb.dll
.
- - - - - - - > 'explorer.exe'(4068)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\arquiv~1\GbPlugin\gbiehbmb.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
c:\arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\Orbitdownloader\orbitnet.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe
c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Tempo para conclusão: 2013-01-16 18:34:41 - Máquina reiniciou
ComboFix-quarantined-files.txt 2013-01-16 20:34
.
Pré-execução: 16 pasta(s) 36.746.895.360 bytes disponíveis
Pós execução: 18 pasta(s) 37.113.114.624 bytes disponíveis
.
- - End Of File - - 1AA9243238FB98AB0BD84284B61C7714

 

Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:18, on 16/1/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: G-Buster Browser Defense BMB - {C41A1C0E-EA6C-11D4-B1B8-444553540001} - C:\ARQUIV~1\GbPlugin\gbiehbmb.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Arquivos de programas\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399001} (GbPluginObj Class) - https://bdu.bmb.com.br/plugin/GbPluginBmb.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBmb - C:\ARQUIV~1\GbPlugin\gbiehBmb.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
--
End of file - 9792 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! furiosb

 

|- Seus logs estão limpos!

 

-/-

 

|- Baixe: |DelFix| ( ... de Xplode )

DelFix_SetaVerde.jpg

|- Estando na página,clique na seta verde para o download. ( Seta verde! )
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

abcgIEZi.jpg

|- Com a checkbox marcada! ( Remove disinfection tools )
|- Clique "Run".

|- Tudo Ok?

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito