LUCILIO

Computador lento e travando

17 posts neste tópico

boa noite!

Meu computador desde ontem começou a ficar lento e quando abro meu eset smart 5 para verificar se há vírus o micro fica mais lento e começa travar e a partir daí as pastas da aréa de trabalho demoram ou travam ao abrir. Segue abaixo o log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:28:08, on 19/04/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\USB Disk Security\USBGuard.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\LUCILIO\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=14784

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe

O4 - HKLM\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 6325 bytes

Aguardando.

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do Malwarebytes Anti-Malware

http://www.malwarebytes.org/mbam-download.php

  • Desative o antivírus;
  • Faça a instalação dando um duplo clique em "mbam-setup.exe";
  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
  • Marque "Verificação Completa" e depois clique em Verificar;
  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";
  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
  • Copie e cole o conteúdo desse log na sua próxima resposta.

- Poste novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Versão da Base de Dados: v2012.04.19.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

LUCILIO :: LUCILIO-PC [administrador]

Proteção: Permitir

20/04/2012 21:38:04

mbam-log-2012-04-20 (21-38-04).txt

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 339269

Tempo decorrido: 42 minuto(s), 11 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:22:03, on 21/04/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\USB Disk Security\USBGuard.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\LUCILIO\Desktop\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=14784

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe

O4 - HKLM\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 6518 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix de sUBs e salve-o no desktop;

OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo clique no ComboFix;
  • Na próxima janela clique em Executar, aceite o contrato e aguarde até que o relatório seja gerado;
    OBS: Caso não queira que seja instalado o console de recuperação do Windows, clique em "Não" e depois concorde que a verificação prossiga.
    Ao ser instalado o console, na inicialização do sistema será apresentada a tela para seleção dos sistemas operacionais.
    Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br
  • Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento;
  • O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";
  • Anexe o ComboFix.txt à sua resposta conforme as instruções abaixo
    http://www.linhadefensiva.org/forum/index.php?showtopic=595

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado José Melo,

boa noite!

Estive viajando e somente hoje que pude usar o computador. Ao executar o combofix apareceu a seguinte mensagem: "WARNING. Do not run combofix in compatibility Mode. Doing so may damage the machine". Diante disso, tive que executá-lo em modo de segurança. Segue, em anexo, o relatório do combofix. E como faço para desinstalar o combofix?

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-04-22.02 - LUCILIO 22/04/2012 23:02:17.3.2 - x64 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.2010.1231 [GMT -3:00]

Executando de: c:\users\LUCILIO\Desktop\ComboFix.exe

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: Firewall pessoal do ESET *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\LUCILIO\AppData\Roaming\Mozilla\Firefox\Profiles\5hzshg9g.default\weave\toFetch

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-03-23 to 2012-04-23 ))))))))))))))))))))))))))))

.

.

2012-04-23 02:07 . 2012-04-23 02:07 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-04-23 02:07 . 2012-04-23 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-21 06:10 . 2012-04-23 01:50 -------- d-----w- c:\programdata\Kaspersky Lab

2012-04-21 06:08 . 2009-10-22 16:54 40464 ----a-w- c:\windows\system32\drivers\96847672.sys

2012-04-21 06:08 . 2009-10-10 02:30 352784 ----a-w- c:\windows\system32\drivers\9684767.sys

2012-04-21 06:08 . 2009-09-25 20:59 157712 ----a-w- c:\windows\system32\drivers\96847671.sys

2012-04-21 06:07 . 2012-04-21 06:07 -------- d-----w- c:\users\LUCILIO\AppData\Local\BlueZap

2012-04-21 06:06 . 2012-04-21 06:06 -------- d-----w- c:\program files (x86)\BlueZap

2012-04-21 00:46 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44AD0580-B21D-4285-B566-468B261F35F2}\mpengine.dll

2012-04-20 01:45 . 2012-04-20 01:45 -------- d-----w- c:\users\LUCILIO\AppData\Local\Diagnostics

2012-04-18 02:53 . 2012-04-19 22:28 -------- d-----w- C:\60329_combofix_123123

2012-04-17 14:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-17 14:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-17 14:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-17 14:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-17 14:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-17 14:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-17 14:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-16 04:59 . 2012-04-19 22:28 -------- d-----w- c:\program files (x86)\CCleaner

2012-04-10 01:07 . 2007-09-10 16:24 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx

2012-04-10 01:07 . 2007-08-31 15:52 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll

2012-04-10 01:07 . 2007-08-31 15:52 33968 ----a-w- c:\windows\SysWow64\anim.dll

2012-04-10 01:07 . 2004-12-07 13:11 258352 ----a-w- c:\windows\SysWow64\unicows.dll

2012-04-10 01:07 . 2001-08-24 11:25 1706800 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-04-10 01:07 . 1999-11-22 18:50 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL

2012-04-10 01:07 . 1999-11-22 18:50 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL

2012-04-09 23:33 . 2012-04-19 22:28 -------- d-----w- c:\program files\Recuva

2012-04-09 22:47 . 2012-04-09 22:47 -------- d-----w- c:\programdata\Uniblue

2012-04-09 22:41 . 2012-04-09 23:03 -------- d-----w- c:\users\LUCILIO\AppData\Local\VDownloader

2012-04-09 22:41 . 2012-04-09 22:43 -------- d-----w- c:\users\LUCILIO\AppData\Roaming\VDownloader

2012-04-09 22:40 . 2010-01-26 14:11 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe

2012-04-09 22:40 . 2011-09-16 18:12 3623592 ----a-w- c:\program files (x86)\Common Files\ApnToolbarInstaller.exe

2012-04-09 22:40 . 2011-09-16 18:12 143240 ----a-w- c:\program files (x86)\Common Files\ApnStub.exe

2012-04-09 22:40 . 2012-04-19 22:28 -------- d-----w- c:\users\LUCILIO\AppData\Roaming\OpenCandy

2012-04-09 22:40 . 2012-04-19 22:28 -------- d-----w- c:\program files (x86)\VDownloader

2012-04-03 23:27 . 2012-04-19 22:26 -------- d-----w- c:\program files\ESET

2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\programdata\Zbshareware Lab

2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\program files (x86)\USB Disk Security

2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-03-26 11:51 . 2012-03-26 11:51 -------- d-----w- c:\users\LUCILIO\AppData\Local\ElevatedDiagnostics

2012-03-26 02:28 . 2008-04-23 11:45 393216 ----a-w- c:\windows\SysWow64\GDS32.DLL

2012-03-26 02:28 . 2012-03-26 02:28 -------- d-----w- c:\program files (x86)\Firebird

2012-03-26 02:27 . 2012-04-19 22:28 -------- d-----w- C:\RegraEmpresarial

2012-03-24 02:56 . 2004-03-09 03:00 662288 ----a-w- c:\windows\SysWow64\mscomct2.ocx

2012-03-24 02:56 . 2003-07-06 16:07 372736 ----a-w- c:\windows\SysWow64\ijl15.dll

2012-03-24 02:56 . 2000-05-22 02:00 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx

2012-03-24 02:56 . 2000-05-22 02:00 115920 ----a-w- c:\windows\SysWow64\msinet.ocx

2012-03-24 02:56 . 1999-11-21 16:11 372736 ----a-w- c:\windows\SysWow64\wintbr.ocx

2012-03-24 02:56 . 1999-05-07 02:00 140288 ----a-w- c:\windows\SysWow64\comdlg32.ocx

2012-03-24 02:56 . 1998-06-24 03:00 166200 ----a-w- c:\windows\SysWow64\msmask32.ocx

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 18:56 . 2011-12-29 23:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-24 00:14 . 2012-03-24 00:14 3993600 ----a-w- c:\program files (x86)\GUT5BA8.tmp

2012-03-20 00:42 . 2012-01-02 03:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 13:18 . 2012-01-04 20:42 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-19 21:57 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-19 21:57 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-19 21:57 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-19 21:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-19 21:57 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-19 21:57 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-19 21:58 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:38 . 2012-03-19 21:58 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-19 21:58 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-19 21:58 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-19_23.42.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-30 14:29 . 2012-04-23 01:51 38568 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-23 01:51 44708 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-12-29 22:51 . 2012-04-23 01:51 11926 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1735432821-3104667450-3421234579-1001_UserData.bin

+ 2012-04-21 06:06 . 2012-04-21 06:06 32038 c:\windows\Installer\{8D6956F9-0DDB-4F1A-9131-5821CA17C92F}\ICON.exe

+ 2012-01-04 22:28 . 2012-04-19 23:53 3338 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2012-04-23 02:08 . 2012-04-23 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-19 23:42 . 2012-04-19 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-23 02:08 . 2012-04-23 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-19 23:42 . 2012-04-19 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 17:55 . 2012-04-19 23:00 703370 c:\windows\system32\prfh0416.dat

+ 2009-07-14 17:55 . 2012-04-23 01:54 703370 c:\windows\system32\prfh0416.dat

+ 2009-07-14 17:55 . 2012-04-23 01:54 146156 c:\windows\system32\prfc0416.dat

- 2009-07-14 17:55 . 2012-04-19 23:00 146156 c:\windows\system32\prfc0416.dat

+ 2009-07-14 02:36 . 2012-04-23 01:54 651938 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-04-19 23:00 651938 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-23 01:54 120870 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-04-19 23:00 120870 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-04-23 01:56 388392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-04-19 23:15 388392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-12-30 02:33 . 2012-04-23 01:56 9397096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1735432821-3104667450-3421234579-1001-8192.dat

- 2011-12-30 02:33 . 2012-04-19 23:15 9397096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1735432821-3104667450-3421234579-1001-8192.dat

+ 2012-04-21 06:05 . 2012-04-21 06:05 1051136 c:\windows\Installer\2e783e.msi

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"USB Antivirus"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2010-07-17 824224]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\LUCILIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

setup_9.0.0.722_20.04.2012_11-19.lnk - c:\users\LUCILIO\Desktop\Virus Removal Tool\setup_9.0.0.722_20.04.2012_11-19\startup.exe [2012-4-21 72208]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WinLockPro.lnk - c:\program files (x86)\BlueZap\WinLockPRO\WinLockPro.exe [2012-2-28 36862976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Serviço do Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 136176]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 136176]

R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]

S0 96847672;96847672 Boot Guard Driver;c:\windows\system32\DRIVERS\96847672.sys [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S1 96847671;96847671;c:\windows\system32\DRIVERS\96847671.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]

S1 setup_9.0.0.722_20.04.2012_11-19drv;setup_9.0.0.722_20.04.2012_11-19drv;c:\windows\system32\DRIVERS\9684767.sys [x]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]

S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [2008-04-23 81920]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2008-04-23 2015232]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 23:36]

.

2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 23:36]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://br.ask.com/?l=diz&o=14784

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.10.1 8.8.8.8 8.8.4.4

FF - ProfilePath - c:\users\LUCILIO\AppData\Roaming\Mozilla\Firefox\Profiles\5hzshg9g.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com.br

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-{742E70CF-7770-412d-86CB-230B322E807C} - (no file)

Wow6432Node-HKLM-Run-BankerFixV3 - \LinhaDefensiva\rotinas\postreboot.bat

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-04-22 23:12:40 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-04-23 02:12

.

Pré-execução: 139.843.076.096 bytes disponíveis

Pós execução: 139.514.400.768 bytes disponíveis

.

- - End Of File - - A1722AD9E00C0F3201F42BCD14643F00

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

File::
c:\users\LUCILIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_20.04.2012_11-19.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinLockPro.lnk
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CFScript.gif

Se solicitado pressione "Enter" para iniciar o processo de remoção;

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Senhor José Melo,

boa noite!

Arrastei o arquivo como informado para dentro do combofix, porém, apareceu a seguinte mensagem: "WARNING. Do not run combofix in Compatibility Mode. Doing so may damage the machine. "

Vou tentar no modo de segurança e posto o resultado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-04-22.02 - LUCILIO 23/04/2012 23:24:56.4.2 - x64 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.2010.1241 [GMT -3:00]

Executando de: c:\users\LUCILIO\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\LUCILIO\Desktop\CFScript.txt

AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: Firewall pessoal do ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

FILE ::

"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinLockPro.lnk"

"c:\users\LUCILIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_20.04.2012_11-19.lnk"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinLockPro.lnk

c:\users\LUCILIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_20.04.2012_11-19.lnk

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-03-24 to 2012-04-24 ))))))))))))))))))))))))))))

.

.

2012-04-24 02:29 . 2012-04-24 02:29 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-04-24 02:29 . 2012-04-24 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-23 03:05 . 2009-10-22 16:54 40464 ----a-w- c:\windows\system32\drivers\83399052.sys

2012-04-23 03:05 . 2009-09-25 20:59 157712 ----a-w- c:\windows\system32\drivers\83399051.sys

2012-04-23 03:05 . 2009-10-10 02:30 352784 ----a-w- c:\windows\system32\drivers\8339905.sys

2012-04-21 06:10 . 2012-04-24 02:08 -------- d-----w- c:\programdata\Kaspersky Lab

2012-04-21 06:08 . 2009-10-22 16:54 40464 ----a-w- c:\windows\system32\drivers\96847672.sys

2012-04-21 06:08 . 2009-10-10 02:30 352784 ----a-w- c:\windows\system32\drivers\9684767.sys

2012-04-21 06:08 . 2009-09-25 20:59 157712 ----a-w- c:\windows\system32\drivers\96847671.sys

2012-04-21 06:07 . 2012-04-21 06:07 -------- d-----w- c:\users\LUCILIO\AppData\Local\BlueZap

2012-04-21 06:06 . 2012-04-21 06:06 -------- d-----w- c:\program files (x86)\BlueZap

2012-04-21 00:46 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44AD0580-B21D-4285-B566-468B261F35F2}\mpengine.dll

2012-04-20 01:45 . 2012-04-20 01:45 -------- d-----w- c:\users\LUCILIO\AppData\Local\Diagnostics

2012-04-18 02:53 . 2012-04-19 22:28 -------- d-----w- C:\60329_combofix_123123

2012-04-17 14:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-17 14:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-17 14:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-17 14:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-17 14:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-17 14:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-17 14:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-16 04:59 . 2012-04-19 22:28 -------- d-----w- c:\program files (x86)\CCleaner

2012-04-10 01:07 . 2007-09-10 16:24 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx

2012-04-10 01:07 . 2007-08-31 15:52 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll

2012-04-10 01:07 . 2007-08-31 15:52 33968 ----a-w- c:\windows\SysWow64\anim.dll

2012-04-10 01:07 . 2004-12-07 13:11 258352 ----a-w- c:\windows\SysWow64\unicows.dll

2012-04-10 01:07 . 2001-08-24 11:25 1706800 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-04-10 01:07 . 1999-11-22 18:50 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL

2012-04-10 01:07 . 1999-11-22 18:50 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL

2012-04-09 23:33 . 2012-04-19 22:28 -------- d-----w- c:\program files\Recuva

2012-04-09 22:47 . 2012-04-09 22:47 -------- d-----w- c:\programdata\Uniblue

2012-04-09 22:41 . 2012-04-09 23:03 -------- d-----w- c:\users\LUCILIO\AppData\Local\VDownloader

2012-04-09 22:41 . 2012-04-09 22:43 -------- d-----w- c:\users\LUCILIO\AppData\Roaming\VDownloader

2012-04-09 22:40 . 2010-01-26 14:11 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe

2012-04-09 22:40 . 2011-09-16 18:12 3623592 ----a-w- c:\program files (x86)\Common Files\ApnToolbarInstaller.exe

2012-04-09 22:40 . 2011-09-16 18:12 143240 ----a-w- c:\program files (x86)\Common Files\ApnStub.exe

2012-04-09 22:40 . 2012-04-19 22:28 -------- d-----w- c:\users\LUCILIO\AppData\Roaming\OpenCandy

2012-04-09 22:40 . 2012-04-19 22:28 -------- d-----w- c:\program files (x86)\VDownloader

2012-04-03 23:27 . 2012-04-19 22:26 -------- d-----w- c:\program files\ESET

2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\programdata\Zbshareware Lab

2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\program files (x86)\USB Disk Security

2012-04-03 21:33 . 2012-04-03 21:33 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-03-26 11:51 . 2012-03-26 11:51 -------- d-----w- c:\users\LUCILIO\AppData\Local\ElevatedDiagnostics

2012-03-26 02:28 . 2008-04-23 11:45 393216 ----a-w- c:\windows\SysWow64\GDS32.DLL

2012-03-26 02:28 . 2012-03-26 02:28 -------- d-----w- c:\program files (x86)\Firebird

2012-03-26 02:27 . 2012-04-19 22:28 -------- d-----w- C:\RegraEmpresarial

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 18:56 . 2011-12-29 23:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-24 00:14 . 2012-03-24 00:14 3993600 ----a-w- c:\program files (x86)\GUT5BA8.tmp

2012-03-20 00:42 . 2012-01-02 03:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 13:18 . 2012-01-04 20:42 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-19 21:57 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-19 21:57 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-19 21:57 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-19 21:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-19 21:57 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-19 21:57 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-19 21:58 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:38 . 2012-03-19 21:58 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-19 21:58 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-19 21:58 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-19_23.42.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-30 14:29 . 2012-04-24 02:08 38792 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-24 02:08 45800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-12-29 22:51 . 2012-04-24 02:08 12338 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1735432821-3104667450-3421234579-1001_UserData.bin

+ 2012-04-21 06:06 . 2012-04-21 06:06 32038 c:\windows\Installer\{8D6956F9-0DDB-4F1A-9131-5821CA17C92F}\ICON.exe

+ 2012-01-04 22:28 . 2012-04-24 02:22 3592 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2012-04-24 02:30 . 2012-04-24 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-19 23:42 . 2012-04-19 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 17:55 . 2012-04-24 02:14 703370 c:\windows\system32\prfh0416.dat

- 2009-07-14 17:55 . 2012-04-19 23:00 703370 c:\windows\system32\prfh0416.dat

- 2009-07-14 17:55 . 2012-04-19 23:00 146156 c:\windows\system32\prfc0416.dat

+ 2009-07-14 17:55 . 2012-04-24 02:14 146156 c:\windows\system32\prfc0416.dat

- 2009-07-14 02:36 . 2012-04-19 23:00 651938 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-24 02:14 651938 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-24 02:14 120870 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-04-19 23:00 120870 c:\windows\system32\perfc009.dat

+ 2009-07-14 04:46 . 2012-04-24 02:09 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 05:01 . 2012-04-24 02:22 388392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-04-19 23:15 388392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-12-30 02:33 . 2012-04-19 23:15 9397096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1735432821-3104667450-3421234579-1001-8192.dat

+ 2011-12-30 02:33 . 2012-04-24 02:22 9397096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1735432821-3104667450-3421234579-1001-8192.dat

+ 2012-04-21 06:05 . 2012-04-21 06:05 1051136 c:\windows\Installer\2e783e.msi

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB Antivirus"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2010-07-17 824224]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

R1 83399051;83399051;c:\windows\system32\DRIVERS\83399051.sys [x]

R1 96847671;96847671;c:\windows\system32\DRIVERS\96847671.sys [x]

R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]

R1 setup_9.0.0.722_20.04.2012_11-19drv;setup_9.0.0.722_20.04.2012_11-19drv;c:\windows\system32\DRIVERS\8339905.sys [x]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe [2008-04-23 81920]

R2 gupdate;Serviço do Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe [2008-04-23 2015232]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]

S0 83399052;83399052 Boot Guard Driver;c:\windows\system32\DRIVERS\83399052.sys [x]

S0 96847672;96847672 Boot Guard Driver;c:\windows\system32\DRIVERS\96847672.sys [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 23:36]

.

2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-29 23:36]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://br.ask.com/?l=diz&o=14784

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.10.1 8.8.8.8 8.8.4.4

FF - ProfilePath - c:\users\LUCILIO\AppData\Roaming\Mozilla\Firefox\Profiles\5hzshg9g.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com.br

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-{742E70CF-7770-412d-86CB-230B322E807C} - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-04-23 23:33:48 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-04-24 02:33

ComboFix2.txt 2012-04-23 02:12

.

Pré-execução: 139.175.280.640 bytes disponíveis

Pós execução: 139.085.615.104 bytes disponíveis

.

- - End Of File - - 1C619FEB9E6C6F5612632B3133262EC8

LOG do hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:37:02, on 23/04/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\USB Disk Security\USBGuard.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\LUCILIO\Desktop\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=14784

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 6182 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Kaspersky Virus Removal Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Salve-o em sua área de trabalho.

- Duplo clique no arquivo "setup" e aguarde a instalação;

- Na próxima tela marque I accept the licence agreement e clique em Start

- Clique no botão

f4uZX.png
e marque:

  • Meu computador
  • Disco local (C:) (a letra do disco local pode variar)

- Clique em Actions e desmarque os dois quadros:

Zqewdl.jpg

- Clique na aba Automatic Scan e aguarde o término da verificação.

- Clique no botão

rxcHb.png
, em Detected threats e no botão "Save".

- Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

José Melo, bom dia!

BAixei o Kaspersky Virus Removal Tool 2010, mas não consegui encontrar o relatório ou log para postar. O que fazer?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Houve alguma detecção durante o scan?

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Renomeie o ComboFix para Uninstall, execute-o e aguarde a sua remoção;

- Faça o download do CCleaner:

  • Clique em Salvar e quando terminado o download, faça a instalação;
  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

- Se não tiver mais problema, clique no botão

p_report.gif
e diga que o seu caso foi resolvido.

Compartilhar este post


Link para o post
Compartilhar em outros sites

José Melo,

boa noite!

Realizei o procedimento.

Muito obrigado pela ajuda.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.