Ir para conteúdo

Foto

Computador lento e travando


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
16 respostas neste tópico

#1
LUCILIO

LUCILIO

    Membro

  • Membro
  • PipPip
  • 135 posts
boa noite!
Meu computador desde ontem começou a ficar lento e quando abro meu eset smart 5 para verificar se há vírus o micro fica mais lento e começa travar e a partir daí as pastas da aréa de trabalho demoram ou travam ao abrir. Segue abaixo o log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:28:08, on 19/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\LUCILIO\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=14784
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [BankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6325 bytes
Aguardando.
Obrigado.

#2
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.827 posts
- Faça o download do Malwarebytes Anti-Malware
http://www.malwareby...am-download.php
  • Desative o antivírus;
  • Faça a instalação dando um duplo clique em "mbam-setup.exe";
  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
  • Marque "Verificação Completa" e depois clique em Verificar;
  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";
  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
  • Copie e cole o conteúdo desse log na sua próxima resposta.
- Poste novo log do HijackThis.

#3
LUCILIO

LUCILIO

    Membro

  • Membro
  • PipPip
  • 135 posts
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Versão da Base de Dados: v2012.04.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
LUCILIO :: LUCILIO-PC [administrador]

Proteção: Permitir

20/04/2012 21:38:04
mbam-log-2012-04-20 (21-38-04).txt

Tipo de Verificação: Verificação Completa
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 339269
Tempo decorrido: 42 minuto(s), 11 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

#4
LUCILIO

LUCILIO

    Membro

  • Membro
  • PipPip
  • 135 posts
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:22:03, on 21/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\LUCILIO\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=14784
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [BankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6518 bytes

#5
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.827 posts
- Faça o download do ComboFix de sUBs e salve-o no desktop;
OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)
  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo clique no ComboFix;
  • Na próxima janela clique em Executar, aceite o contrato e aguarde até que o relatório seja gerado;
    OBS: Caso não queira que seja instalado o console de recuperação do Windows, clique em "Não" e depois concorde que a verificação prossiga.
    Ao ser instalado o console, na inicialização do sistema será apresentada a tela para seleção dos sistemas operacionais.

    Mais informações sobre o Console: http://support.micro...kb/307654/pt-br
  • Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento;
  • O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";
  • Anexe o ComboFix.txt à sua resposta conforme as instruções abaixo
    http://www.linhadefe...p?showtopic=595


#6
LUCILIO

LUCILIO

    Membro

  • Membro
  • PipPip
  • 135 posts
Prezado José Melo,
boa noite!
Estive viajando e somente hoje que pude usar o computador. Ao executar o combofix apareceu a seguinte mensagem: "WARNING. Do not run combofix in compatibility Mode. Doing so may damage the machine". Diante disso, tive que executá-lo em modo de segurança. Segue, em anexo, o relatório do combofix. E como faço para desinstalar o combofix?

#7
LUCILIO

LUCILIO

    Membro

  • Membro
  • PipPip
  • 135 posts
ComboFix 12-04-22.02 - LUCILIO 22/04/2012 23:02:17.3.2 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.2010.1231 [GMT -3:00]
Executando de: c:\users\LUCILIO\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Firewall pessoal do ESET *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\LUCILIO\AppData\Roaming\Mozilla\Firefox\Profiles\5hzshg9g.default\weave\toFetch
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-03-23 to 2012-04-23 ))))))))))))))))))))))))))))
.
.
2012-04-23 02:07 . 2012-04-23 02:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-23 02:07 . 2012-04-23 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-21 06:10 . 2012-04-23 01:50 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-21 06:08 . 2009-10-22 16:54 40464 ----a-w- c:\windows\system32\drivers\96847672.sys
2012-04-21 06:08 . 2009-10-10 02:30 352784 ----a-w- c:\windows\system32\drivers\9684767.sys
2012-04-21 06:08 . 2009-09-25 20:59 157712 ----a-w- c:\windows\system32\drivers\96847671.sys
2012-04-21 06:07 . 2012-04-21 06:07 -------- d-----w- c:\users\LUCILIO\AppData\Local\BlueZap
2012-04-21 06:06 . 2012-04-21 06:06 -------- d-----w- c:\program files (x86)\BlueZap
2012-04-21 00:46 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44AD0580-B21D-4285-B566-468B261F35F2}\mpengine.dll
2012-04-20 01:45 . 2012-04-20 01:45 -------- d-----w- c:\users\LUCILIO\AppData\Local\Diagnostics
2012-04-18 02:53 . 2012-04-19 22:28 -------- d-----w- C:\60329_combofix_123123
2012-04-17 14:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-17 14:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-17 14:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-17 14:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-17 14:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-17 14:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-17 14:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-16 04:59 . 2012-04-19 22:28 -------- d-----w- c:\program files (x86)\CCleaner
2012-04-10 01:07 . 2007-09-10 16:24 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx
2012-04-10 01:07 . 2007-08-31 15:52 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll
2012-04-10 01:07 . 2007-08-31 15:52 33968 ----a-w- c:\windows\SysWow64\anim.dll
2012-04-10 01:07 . 2004-12-07 13:11 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-04-10 01:07 . 2001-08-24 11:25 1706800 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-04-10 01:07 . 1999-11-22 18:50 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL
2012-04-10 01:07 . 1999-11-22 18:50 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL
2012-04-09 23:33 . 2012-04-19 22:28 -------- d-----w- c:\program files\Recuva
2012-04-09 22:47 . 2012-04-09 22:47 -------- d-----w- c:\programdata\Uniblue
2012-04-09 22:41 . 2012-04-09 23:03 -------- d-----w- c:\users\LUCILIO\AppData\Local\VDownloader
2012-04-09 22:41 . 2012-04-09 22:43 -------- d-----w- c:\users\LUCILIO\AppData\Roaming\VDownloader
2012-04-09 22:40 . 2010-01-26 14:11 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
2012-04-09 22:40 . 2011-09-16 18:12 3623592 ----a-w- c:\program files (x86)\Common Files\ApnToolbarInstaller.exe
2012-04-09 22:40 . 2011-09-16 18:12 143240 ----a-w- c:\program files (x86)\Common Files\ApnStub.exe
2012-04-09 22:40 . 2012-04-19 22:28 -------- d-----w- c:\users\LUCILIO\AppData\Roaming\OpenCandy
2012-04-09 22:40 . 2012-04-19 22:28 -------- d-----w- c:\program files (x86)\VDownloader
2012-04-03 23:27 . 2012-04-19 22:26 -------- d-----w- c:\program files\ESET
2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\programdata\Zbshareware Lab
2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\program files (x86)\USB Disk Security
2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-03-26 11:51 . 2012-03-26 11:51 -------- d-----w- c:\users\LUCILIO\AppData\Local\ElevatedDiagnostics
2012-03-26 02:28 . 2008-04-23 11:45 393216 ----a-w- c:\windows\SysWow64\GDS32.DLL
2012-03-26 02:28 . 2012-03-26 02:28 -------- d-----w- c:\program files (x86)\Firebird
2012-03-26 02:27 . 2012-04-19 22:28 -------- d-----w- C:\RegraEmpresarial
2012-03-24 02:56 . 2004-03-09 03:00 662288 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2012-03-24 02:56 . 2003-07-06 16:07 372736 ----a-w- c:\windows\SysWow64\ijl15.dll
2012-03-24 02:56 . 2000-05-22 02:00 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx
2012-03-24 02:56 . 2000-05-22 02:00 115920 ----a-w- c:\windows\SysWow64\msinet.ocx
2012-03-24 02:56 . 1999-11-21 16:11 372736 ----a-w- c:\windows\SysWow64\wintbr.ocx
2012-03-24 02:56 . 1999-05-07 02:00 140288 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2012-03-24 02:56 . 1998-06-24 03:00 166200 ----a-w- c:\windows\SysWow64\msmask32.ocx
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 18:56 . 2011-12-29 23:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 00:14 . 2012-03-24 00:14 3993600 ----a-w- c:\program files (x86)\GUT5BA8.tmp
2012-03-20 00:42 . 2012-01-02 03:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18 . 2012-01-04 20:42 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-19 21:57 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-19 21:57 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-19 21:57 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-19 21:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-19 21:57 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-19 21:57 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-19 21:58 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-19 21:58 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-19 21:58 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-19 21:58 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-19_23.42.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-30 14:29 . 2012-04-23 01:51 38568 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-23 01:51 44708 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-29 22:51 . 2012-04-23 01:51 11926 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1735432821-3104667450-3421234579-1001_UserData.bin
+ 2012-04-21 06:06 . 2012-04-21 06:06 32038 c:\windows\Installer\{8D6956F9-0DDB-4F1A-9131-5821CA17C92F}\ICON.exe
+ 2012-01-04 22:28 . 2012-04-19 23:53 3338 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-23 02:08 . 2012-04-23 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-19 23:42 . 2012-04-19 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-23 02:08 . 2012-04-23 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-19 23:42 . 2012-04-19 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 17:55 . 2012-04-19 23:00 703370 c:\windows\system32\prfh0416.dat
+ 2009-07-14 17:55 . 2012-04-23 01:54 703370 c:\windows\system32\prfh0416.dat
+ 2009-07-14 17:55 . 2012-04-23 01:54 146156 c:\windows\system32\prfc0416.dat
- 2009-07-14 17:55 . 2012-04-19 23:00 146156 c:\windows\system32\prfc0416.dat
+ 2009-07-14 02:36 . 2012-04-23 01:54 651938 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-19 23:00 651938 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-23 01:54 120870 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-19 23:00 120870 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-23 01:56 388392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-19 23:15 388392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-30 02:33 . 2012-04-23 01:56 9397096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1735432821-3104667450-3421234579-1001-8192.dat
- 2011-12-30 02:33 . 2012-04-19 23:15 9397096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1735432821-3104667450-3421234579-1001-8192.dat
+ 2012-04-21 06:05 . 2012-04-21 06:05 1051136 c:\windows\Installer\2e783e.msi
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"USB Antivirus"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2010-07-17 824224]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\LUCILIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_20.04.2012_11-19.lnk - c:\users\LUCILIO\Desktop\Virus Removal Tool\setup_9.0.0.722_20.04.2012_11-19\startup.exe [2012-4-21 72208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinLockPro.lnk - c:\program files (x86)\BlueZap\WinLockPRO\WinLockPro.exe [2012-2-28 36862976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Serviço do Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 136176]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 136176]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S0 96847672;96847672 Boot Guard Driver;c:\windows\system32\DRIVERS\96847672.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 96847671;96847671;c:\windows\system32\DRIVERS\96847671.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 setup_9.0.0.722_20.04.2012_11-19drv;setup_9.0.0.722_20.04.2012_11-19drv;c:\windows\system32\DRIVERS\9684767.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [2008-04-23 81920]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2008-04-23 2015232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 23:36]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 23:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://br.ask.com/?l=diz&o=14784
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\LUCILIO\AppData\Roaming\Mozilla\Firefox\Profiles\5hzshg9g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.br
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-{742E70CF-7770-412d-86CB-230B322E807C} - (no file)
Wow6432Node-HKLM-Run-BankerFixV3 - \LinhaDefensiva\rotinas\postreboot.bat
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2012-04-22 23:12:40 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-04-23 02:12
.
Pré-execução: 139.843.076.096 bytes disponíveis
Pós execução: 139.514.400.768 bytes disponíveis
.
- - End Of File - - A1722AD9E00C0F3201F42BCD14643F00

#8
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.827 posts
- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

File::
c:\users\LUCILIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_20.04.2012_11-19.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinLockPro.lnk
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-
- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

Imagem Postada

Se solicitado pressione "Enter" para iniciar o processo de remoção;

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

#9
LUCILIO

LUCILIO

    Membro

  • Membro
  • PipPip
  • 135 posts
Senhor José Melo,
boa noite!
Arrastei o arquivo como informado para dentro do combofix, porém, apareceu a seguinte mensagem: "WARNING. Do not run combofix in Compatibility Mode. Doing so may damage the machine. "
Vou tentar no modo de segurança e posto o resultado.

#10
LUCILIO

LUCILIO

    Membro

  • Membro
  • PipPip
  • 135 posts
ComboFix 12-04-22.02 - LUCILIO 23/04/2012 23:24:56.4.2 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.2010.1241 [GMT -3:00]
Executando de: c:\users\LUCILIO\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\LUCILIO\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Firewall pessoal do ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinLockPro.lnk"
"c:\users\LUCILIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_20.04.2012_11-19.lnk"
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinLockPro.lnk
c:\users\LUCILIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_20.04.2012_11-19.lnk
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-03-24 to 2012-04-24 ))))))))))))))))))))))))))))
.
.
2012-04-24 02:29 . 2012-04-24 02:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-24 02:29 . 2012-04-24 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 03:05 . 2009-10-22 16:54 40464 ----a-w- c:\windows\system32\drivers\83399052.sys
2012-04-23 03:05 . 2009-09-25 20:59 157712 ----a-w- c:\windows\system32\drivers\83399051.sys
2012-04-23 03:05 . 2009-10-10 02:30 352784 ----a-w- c:\windows\system32\drivers\8339905.sys
2012-04-21 06:10 . 2012-04-24 02:08 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-21 06:08 . 2009-10-22 16:54 40464 ----a-w- c:\windows\system32\drivers\96847672.sys
2012-04-21 06:08 . 2009-10-10 02:30 352784 ----a-w- c:\windows\system32\drivers\9684767.sys
2012-04-21 06:08 . 2009-09-25 20:59 157712 ----a-w- c:\windows\system32\drivers\96847671.sys
2012-04-21 06:07 . 2012-04-21 06:07 -------- d-----w- c:\users\LUCILIO\AppData\Local\BlueZap
2012-04-21 06:06 . 2012-04-21 06:06 -------- d-----w- c:\program files (x86)\BlueZap
2012-04-21 00:46 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44AD0580-B21D-4285-B566-468B261F35F2}\mpengine.dll
2012-04-20 01:45 . 2012-04-20 01:45 -------- d-----w- c:\users\LUCILIO\AppData\Local\Diagnostics
2012-04-18 02:53 . 2012-04-19 22:28 -------- d-----w- C:\60329_combofix_123123
2012-04-17 14:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-17 14:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-17 14:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-17 14:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-17 14:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-17 14:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-17 14:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-16 04:59 . 2012-04-19 22:28 -------- d-----w- c:\program files (x86)\CCleaner
2012-04-10 01:07 . 2007-09-10 16:24 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx
2012-04-10 01:07 . 2007-08-31 15:52 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll
2012-04-10 01:07 . 2007-08-31 15:52 33968 ----a-w- c:\windows\SysWow64\anim.dll
2012-04-10 01:07 . 2004-12-07 13:11 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-04-10 01:07 . 2001-08-24 11:25 1706800 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-04-10 01:07 . 1999-11-22 18:50 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL
2012-04-10 01:07 . 1999-11-22 18:50 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL
2012-04-09 23:33 . 2012-04-19 22:28 -------- d-----w- c:\program files\Recuva
2012-04-09 22:47 . 2012-04-09 22:47 -------- d-----w- c:\programdata\Uniblue
2012-04-09 22:41 . 2012-04-09 23:03 -------- d-----w- c:\users\LUCILIO\AppData\Local\VDownloader
2012-04-09 22:41 . 2012-04-09 22:43 -------- d-----w- c:\users\LUCILIO\AppData\Roaming\VDownloader
2012-04-09 22:40 . 2010-01-26 14:11 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
2012-04-09 22:40 . 2011-09-16 18:12 3623592 ----a-w- c:\program files (x86)\Common Files\ApnToolbarInstaller.exe
2012-04-09 22:40 . 2011-09-16 18:12 143240 ----a-w- c:\program files (x86)\Common Files\ApnStub.exe
2012-04-09 22:40 . 2012-04-19 22:28 -------- d-----w- c:\users\LUCILIO\AppData\Roaming\OpenCandy
2012-04-09 22:40 . 2012-04-19 22:28 -------- d-----w- c:\program files (x86)\VDownloader
2012-04-03 23:27 . 2012-04-19 22:26 -------- d-----w- c:\program files\ESET
2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\programdata\Zbshareware Lab
2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\program files (x86)\USB Disk Security
2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-03-26 11:51 . 2012-03-26 11:51 -------- d-----w- c:\users\LUCILIO\AppData\Local\ElevatedDiagnostics
2012-03-26 02:28 . 2008-04-23 11:45 393216 ----a-w- c:\windows\SysWow64\GDS32.DLL
2012-03-26 02:28 . 2012-03-26 02:28 -------- d-----w- c:\program files (x86)\Firebird
2012-03-26 02:27 . 2012-04-19 22:28 -------- d-----w- C:\RegraEmpresarial
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 18:56 . 2011-12-29 23:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 00:14 . 2012-03-24 00:14 3993600 ----a-w- c:\program files (x86)\GUT5BA8.tmp
2012-03-20 00:42 . 2012-01-02 03:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18 . 2012-01-04 20:42 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-19 21:57 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-19 21:57 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-19 21:57 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-19 21:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-19 21:57 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-19 21:57 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-19 21:58 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-19 21:58 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-19 21:58 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-19 21:58 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-19_23.42.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-30 14:29 . 2012-04-24 02:08 38792 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-24 02:08 45800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-29 22:51 . 2012-04-24 02:08 12338 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1735432821-3104667450-3421234579-1001_UserData.bin
+ 2012-04-21 06:06 . 2012-04-21 06:06 32038 c:\windows\Installer\{8D6956F9-0DDB-4F1A-9131-5821CA17C92F}\ICON.exe
+ 2012-01-04 22:28 . 2012-04-24 02:22 3592 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-24 02:30 . 2012-04-24 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-19 23:42 . 2012-04-19 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 17:55 . 2012-04-24 02:14 703370 c:\windows\system32\prfh0416.dat
- 2009-07-14 17:55 . 2012-04-19 23:00 703370 c:\windows\system32\prfh0416.dat
- 2009-07-14 17:55 . 2012-04-19 23:00 146156 c:\windows\system32\prfc0416.dat
+ 2009-07-14 17:55 . 2012-04-24 02:14 146156 c:\windows\system32\prfc0416.dat
- 2009-07-14 02:36 . 2012-04-19 23:00 651938 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-24 02:14 651938 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-24 02:14 120870 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-19 23:00 120870 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-04-24 02:09 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-04-24 02:22 388392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-19 23:15 388392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-30 02:33 . 2012-04-19 23:15 9397096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1735432821-3104667450-3421234579-1001-8192.dat
+ 2011-12-30 02:33 . 2012-04-24 02:22 9397096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1735432821-3104667450-3421234579-1001-8192.dat
+ 2012-04-21 06:05 . 2012-04-21 06:05 1051136 c:\windows\Installer\2e783e.msi
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2010-07-17 824224]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
R1 83399051;83399051;c:\windows\system32\DRIVERS\83399051.sys [x]
R1 96847671;96847671;c:\windows\system32\DRIVERS\96847671.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
R1 setup_9.0.0.722_20.04.2012_11-19drv;setup_9.0.0.722_20.04.2012_11-19drv;c:\windows\system32\DRIVERS\8339905.sys [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [2008-04-23 81920]
R2 gupdate;Serviço do Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2008-04-23 2015232]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S0 83399052;83399052 Boot Guard Driver;c:\windows\system32\DRIVERS\83399052.sys [x]
S0 96847672;96847672 Boot Guard Driver;c:\windows\system32\DRIVERS\96847672.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 23:36]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 23:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://br.ask.com/?l=diz&o=14784
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\LUCILIO\AppData\Roaming\Mozilla\Firefox\Profiles\5hzshg9g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.br
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-{742E70CF-7770-412d-86CB-230B322E807C} - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2012-04-23 23:33:48 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-04-24 02:33
ComboFix2.txt 2012-04-23 02:12
.
Pré-execução: 139.175.280.640 bytes disponíveis
Pós execução: 139.085.615.104 bytes disponíveis
.
- - End Of File - - 1C619FEB9E6C6F5612632B3133262EC8

LOG do hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:37:02, on 23/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\LUCILIO\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=14784
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6182 bytes

#11
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.827 posts
Faça o download do Kaspersky Virus Removal Tool de um desses 2 links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

Salve-o em sua área de trabalho.

- Duplo clique no arquivo "setup" e aguarde a instalação;
- Na próxima tela marque I accept the licence agreement e clique em Start
- Clique no botão
Imagem Postada
e marque:
  • Meu computador
  • Disco local (C:) (a letra do disco local pode variar)
- Clique em Actions e desmarque os dois quadros:
Imagem Postada
- Clique na aba Automatic Scan e aguarde o término da verificação.

- Clique no botão
Imagem Postada
, em Detected threats e no botão "Save".
- Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.

#12
LUCILIO

LUCILIO

    Membro

  • Membro
  • PipPip
  • 135 posts
José Melo, bom dia!

BAixei o Kaspersky Virus Removal Tool 2010, mas não consegui encontrar o relatório ou log para postar. O que fazer?

#13
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.827 posts
Houve alguma detecção durante o scan?

#14
LUCILIO

LUCILIO

    Membro

  • Membro
  • PipPip
  • 135 posts
boa noite!
Observei e não detectou nada.

#15
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.827 posts
- Ok, o log está limpo :)

- Renomeie o ComboFix para Uninstall, execute-o e aguarde a sua remoção;

- Faça o download do CCleaner:
  • Clique em Salvar e quando terminado o download, faça a instalação;
  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados
- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

- Se não tiver mais problema, clique no botão
Imagem Postada
e diga que o seu caso foi resolvido.

#16
LUCILIO

LUCILIO

    Membro

  • Membro
  • PipPip
  • 135 posts
José Melo,
boa noite!
Realizei o procedimento.
Muito obrigado pela ajuda.

#17
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 128.827 posts
Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.