Ir ao conteúdo
  • Cadastre-se
negativer

Vírus Malicious URL http://specrtop.org/a/

Recommended Posts

Galera,

Já vi vários casos de pessoas relatando infecção por esse vírus, meu Avast não para de apitar! Conto com a auda de vocês! Segue em anexo o log DDS - ATTACH (nessa ordem). O GMER, por estar muito grande, não me permitia postar. Aguardo retorno de um Analista para me autorizar postar o log do GMER!

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 15/11/2012 11:37:42

System Uptime: 17/07/2013 08:24:06 (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | H61M-S1

Processor: Intel® Core i3-2120 CPU @ 3.30GHz | Intel® Core i3-2120 CPU @ 3.30GHz | 3292/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 291,396 GiB free.

D: is FIXED (NTFS) - 0 GiB total, 0,068 GiB free.

E: is FIXED (NTFS) - 466 GiB total, 170,471 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: aswRvrt

Device ID: ROOT\LEGACY_ASWRVRT\0000

Manufacturer:

Name: aswRvrt

PNP Device ID: ROOT\LEGACY_ASWRVRT\0000

Service: aswRvrt

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: aswVmm

Device ID: ROOT\LEGACY_ASWVMM\0000

Manufacturer:

Name: aswVmm

PNP Device ID: ROOT\LEGACY_ASWVMM\0000

Service: aswVmm

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP67: 05/07/2013 12:56:01 - Instalado SPORE™

RP68: 12/07/2013 13:06:37 - Installed Microsoft Visio Professional 2013

RP69: 12/07/2013 13:07:03 - VISPRO

.

==== Installed Programs ======================

.

@BIOS

64 Bit HP CIO Components Installer

A4 TECH PC Camera V

Adobe Reader XI (11.0.03) - Português

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Apple Mobile Device Support

Apple Software Update

µTorrent

AutoCAD 2012 - English

AutoCAD 2012 Language Pack - English

Autodesk Content Service

Autodesk Express Viewer

Autodesk Inventor Fusion 2012

Autodesk Inventor Fusion 2012 Language Pack

Autodesk Inventor Fusion plug-in for AutoCAD 2012

Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012

Autodesk Material Library 2012

Autodesk Material Library Base Resolution Image Library 2012

AutoGreen B12.0206.1

avast! Free Antivirus

Bonjour

BufferChm

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Curse Client

D110

DAEMON Tools Lite

Definition update for Microsoft Office 2010 (KB982726)

Destinations

DeviceDiscovery

Doro 1.82

Dropbox

Easy Tune 6 B12.0320.1

FARO LS 1.1.406.58

FIFA 12 © EA version 1

Google Chrome

Google Update Helper

HP Imaging Device Functions 14.0

HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

HP Smart Web Printing 4.60

HP Update

HPAppStudio

HPDiagnosticAlert

HPPhotoGadget

Idioma das Descrições do Microsoft Office 2010 - Português

Intel® Management Engine Components

Intel® Trusted Connect Service Client

iTunes

Java 7 Update 21

Java Auto Updater

K-Lite Mega Codec Pack 9.4.0

Módulo de Segurança - Banco do Brasil

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office 64-bit Components 2013

Microsoft Office Access MUI (English) 2010

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil)

Microsoft Office O MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office OSM MUI (English) 2013

Microsoft Office Outlook MUI (English) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing (English) 2013

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Español

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2013

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared MUI (English) 2013

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2013

Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Office X MUI (Portuguese (Brazil)) 2010

Microsoft Visio MUI (English) 2013

Microsoft Visio Professional 2013

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 22.0 (x86 pt-BR)

Mozilla Maintenance Service

Nero 12

Nero Audio Pack 1

Nero BackItUp

Nero BackItUp Help (CHM)

Nero Blu-ray Player

Nero Blu-ray Player Help (CHM)

Nero Burning ROM

Nero Burning ROM Help (CHM)

Nero ControlCenter

Nero ControlCenter Help (CHM)

Nero Core Components

Nero Disc Menus Basic

Nero Effects Basic

Nero Express

Nero Express Help (CHM)

Nero Kwik Media

Nero Kwik Media Help (CHM)

Nero Kwik Themes Basic

Nero PiP Effects Basic

Nero Recode

Nero Recode Help (CHM)

Nero RescueAgent

Nero RescueAgent Help (CHM)

Nero SharedVideoCodecs

Nero Update

Nero Video

Nero Video Help (CHM)

neroxml

Network64

ON_OFF Charge B11.0110.1

Outils de vérification linguistique 2013 de Microsoft Office*- Français

Portal 2

Prerequisite installer

Prince of Persia T2T

Prince of Persia The Two Thrones

PS_AIO_07_D110_SW_Min

QuickTransfer

RaidCall

Ralink RT2870 Wireless LAN Card

Realtek HDMI Audio Driver for ATI

Realtek High Definition Audio Driver

SafeCast Shared Components

Scan

Skype™ 6.0

SmartWebPrinting

Splashtop Connect for Firefox

Splashtop Connect IE

SPORE™

Status

Steam

Suporte para Aplicativos Apple

Time Adjuster LIGHT 3.1

Toolbox

TrayApp

Trine 2

USB PC Camera VC305

WebReg

Welcome App (Start-up experience)

WinRAR 4.20 (64-bit)

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL

Internet Explorer: 8.0.7600.16385

Run by Renan at 8:28:54 on 2013-07-17

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4060.2759 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: Splashtop Connect SearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll

mWinlogon: Userinit = userinit.exe

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [e606e] C:\Users\Renan\AppData\Roaming\f010\e606e.js

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bd.js

StartupFolder: C:\Users\Renan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Renan\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{9A32FCB2-D880-4B69-9DC7-D530D939263D} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{CA5BCEC6-2088-43D0-90EA-389AB247D1FD} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{CA5BCEC6-2088-43D0-90EA-389AB247D1FD}\D4963627F6023456E64756270234F6D60757471646F6275637 : DHCPNameServer = 10.1.1.253 10.0.0.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\oti1kzg7.default\

FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Users\Renan\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

FF - plugin: C:\Users\Renan\AppData\Roaming\RCKR\plugins\nprcplugin.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2013-03-21 15:22; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-20 283200]

S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-2 65336]

S0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-2 189936]

S1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-11-15 21104]

S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-21 1030952]

S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-21 378944]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-21 33400]

S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-21 80816]

S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-17 46808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-6-19 410152]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-15 161560]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-15 363800]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-11-15 25640]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-12-13 1431888]

S3 GETNDIS;Driver do VIA Velocity-Family Gigabit Ethernet Adapter;C:\Windows\System32\drivers\getn62a.sys [2009-6-10 51968]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-11-15 30528]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-11-15 160256]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-15 646248]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 vvftav;vvftav;C:\Windows\System32\drivers\vvftav.sys [2012-11-15 300800]

S3 ZSMC0305;A4 TECH PC Camera V;C:\Windows\System32\drivers\usbVM305.sys [2012-11-15 1541120]

S4 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]

S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]

S4 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S4 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-24 493384]

S4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile="C:\Windows\notepad.exe" "%1"

.

=============== Created Last 30 ================

.

2013-07-15 20:09:54 -------- d-sh--w- C:\Users\Renan\AppData\Roaming\f010

2013-07-15 20:09:54 -------- d-sh--w- C:\f1e

2013-07-12 16:10:52 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft

2013-07-11 07:54:54 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CC60701D-750D-4886-B4A3-1443169FA233}\offreg.dll

2013-07-05 16:12:26 -------- d-----w- C:\Users\Renan\AppData\Roaming\SPORE

2013-06-30 15:00:53 -------- d-----w- C:\Program Files (x86)\Valve

2013-06-20 00:49:50 -------- d-----w- C:\ProgramData\boost_interprocess

2013-06-20 00:40:19 49536 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys

2013-06-20 00:39:15 720082 ----a-w- C:\Users\Renan\AppData\Roaming\unins000.exe

2013-06-20 00:39:15 -------- d-----w- C:\Users\Renan\AppData\Local\GAS Tecnologia

2013-06-20 00:39:15 -------- d-----w- C:\ProgramData\GAS Tecnologia

.

==================== Find3M ====================

.

2013-06-28 11:39:47 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-06-28 11:39:47 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-05-18 17:26:01 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-05-18 17:26:01 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-05-09 19:52:44 2560 ----a-w- C:\Windows\_MSRSTRT.EXE

2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr

.

============= FINISH: 8:29:49,97 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue abaixo o log do ComboFix, como pedido!

Obrigado!

ComboFix 13-07-18.04 - Renan 19/07/2013 21:39:44.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4060.2738 [GMT -3:00]

Executando de: c:\users\Renan\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\boost_interprocess\20130719212425.109999

c:\programdata\boost_interprocess\20130719212425.109999\sf.cnv-db

c:\programdata\ntuser.dat

c:\users\Renan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0A16A8FE-DECA-421B-9539-93E8F6A9E2AC}.xps

c:\users\Renan\AppData\Roaming\unins000.exe

c:\windows\VM305Cap.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-06-20 to 2013-07-20 ))))))))))))))))))))))))))))

.

.

2013-07-20 00:43 . 2013-07-20 00:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-20 00:26 . 2013-07-20 00:26 47059 ----a-w- c:\users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b247.js

2013-07-19 17:22 . 2013-07-19 17:32 47059 ----a-w- c:\users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b744b.js

2013-07-18 02:58 . 2013-07-20 00:26 -------- d-----w- c:\programdata\MCShield

2013-07-18 02:58 . 2013-07-18 02:58 -------- d-----w- c:\program files (x86)\MCShield

2013-07-15 20:09 . 2013-07-15 20:10 -------- d-----w- C:\f1e

2013-07-15 20:09 . 2013-07-15 20:09 -------- d-sh--w- c:\users\Renan\AppData\Roaming\f010

2013-07-12 16:10 . 2013-07-12 16:10 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft

2013-07-11 07:54 . 2013-07-12 08:45 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC60701D-750D-4886-B4A3-1443169FA233}\offreg.dll

2013-07-05 16:12 . 2013-07-05 16:13 -------- d-----w- c:\users\Renan\AppData\Roaming\SPORE

2013-07-05 15:56 . 2013-07-05 15:56 -------- d-----w- c:\program files (x86)\Electronic Arts

2013-06-30 15:00 . 2013-06-30 15:00 -------- d-----w- c:\program files (x86)\Valve

2013-06-20 00:51 . 2013-06-20 00:51 -------- d-----w- c:\users\Renan\AppData\Roaming\HPAppData

2013-06-20 00:49 . 2013-07-20 00:43 -------- d-----w- c:\programdata\boost_interprocess

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-28 11:39 . 2013-04-02 23:34 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-06-28 11:39 . 2012-11-21 17:22 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-06-28 11:39 . 2012-11-21 17:21 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-05-18 17:26 . 2012-12-08 11:53 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-05-18 17:26 . 2012-12-08 11:53 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-05-09 19:52 . 2013-05-09 19:52 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2013-05-09 08:59 . 2013-04-02 23:34 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-09 08:59 . 2012-11-21 17:21 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-05-09 08:59 . 2012-11-21 17:21 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-05-09 08:59 . 2012-11-21 17:22 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-05-09 08:59 . 2012-11-21 17:21 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-09 08:58 . 2012-11-21 17:21 41664 ----a-w- c:\windows\avastSS.scr

2013-05-09 08:58 . 2012-11-21 17:21 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-05-08 12:52 . 2013-06-20 00:40 49536 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776]

.

[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 130736 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 130736 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 130736 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"e606e"="c:\users\Renan\AppData\Roaming\f010\e606e.js" [X]

"MCShield Monitor"="c:\program files (x86)\MCShield\mcshieldrtm.exe" [2013-07-15 607744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"DoroServer"="c:\program files (x86)\DoroPDFWriter\DoroServer.exe" [2013-02-02 192512]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

b247.js [2013-7-19 47059]

b744b.js [2013-7-19 47059]

Dropbox.lnk - c:\users\Renan\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-05-23 13:47 1389096 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 GETNDIS;Driver do VIA Velocity-Family Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\getn62a.sys;c:\windows\SYSNATIVE\DRIVERS\getn62a.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys;c:\windows\SYSNATIVE\drivers\vvftav.sys [x]

R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys;c:\windows\SYSNATIVE\Drivers\usbVM305.sys [x]

R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

R4 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [x]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R4 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [x]

R4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-13 14:40 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-07-20 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-11-19 02:53]

.

2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 16:25]

.

2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 16:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2012-10-01 23:47 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2012-10-01 23:47 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2012-10-01 23:47 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 164016 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 164016 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 164016 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 164016 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 192.168.0.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\oti1kzg7.default\

FF - ExtSQL: !HIDDEN! 2013-03-21 15:22; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Renan\AppData\Roaming\unins000.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-07-19 21:44:49

ComboFix-quarantined-files.txt 2013-07-20 00:44

.

Pré-execução: 322.483.539.968 bytes disponíveis

Pós execução: 322.487.468.032 bytes disponíveis

.

- - End Of File - - F32AD535EAE4B780437E9AB6D81D279D

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e606e"=-

File::

c:\users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b247.js
c:\users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b744b.js

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Me desculpe a demora

ComboFix 13-07-18.04 - Renan 02/08/2013 21:20:36.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4060.2217 [GMT -3:00]

Executando de: c:\users\Renan\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Renan\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

FILE ::

"c:\users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b247.js"

"c:\users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b744b.js"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\boost_interprocess\20130802102725.109999

c:\programdata\boost_interprocess\20130802102725.109999\sf.cnv-db

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-07-03 to 2013-08-03 ))))))))))))))))))))))))))))

.

.

2013-08-03 00:25 . 2013-08-03 00:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-21 18:27 . 2013-07-21 18:27 -------- d-----w- c:\users\Renan\AppData\Local\Macromedia

2013-07-21 18:27 . 2013-07-21 18:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-21 18:27 . 2013-07-21 18:27 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-21 18:27 . 2013-07-21 18:27 -------- d-----w- c:\windows\system32\Macromed

2013-07-18 02:58 . 2013-08-02 13:40 -------- d-----w- c:\programdata\MCShield

2013-07-18 02:58 . 2013-07-18 02:58 -------- d-----w- c:\program files (x86)\MCShield

2013-07-15 20:09 . 2013-07-20 13:25 -------- d-sh--w- c:\users\Renan\AppData\Roaming\f010

2013-07-15 20:09 . 2013-07-15 20:10 -------- d-----w- C:\f1e

2013-07-12 16:10 . 2013-07-12 16:10 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft

2013-07-11 07:54 . 2013-07-31 09:00 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC60701D-750D-4886-B4A3-1443169FA233}\offreg.dll

2013-07-05 16:12 . 2013-07-05 16:13 -------- d-----w- c:\users\Renan\AppData\Roaming\SPORE

2013-07-05 15:56 . 2013-07-05 15:56 -------- d-----w- c:\program files (x86)\Electronic Arts

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-28 11:39 . 2013-04-02 23:34 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-06-28 11:39 . 2012-11-21 17:22 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-06-28 11:39 . 2012-11-21 17:21 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-05-18 17:26 . 2012-12-08 11:53 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-05-18 17:26 . 2012-12-08 11:53 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-05-09 19:52 . 2013-05-09 19:52 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2013-05-09 08:59 . 2013-04-02 23:34 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-09 08:59 . 2012-11-21 17:21 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-05-09 08:59 . 2012-11-21 17:21 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-05-09 08:59 . 2012-11-21 17:22 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-05-09 08:59 . 2012-11-21 17:21 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-09 08:58 . 2012-11-21 17:21 41664 ----a-w- c:\windows\avastSS.scr

2013-05-09 08:58 . 2012-11-21 17:21 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-05-08 12:52 . 2013-06-20 00:40 49536 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776]

.

[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 130736 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 130736 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 130736 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MCShield Monitor"="c:\program files (x86)\MCShield\mcshieldrtm.exe" [2013-07-15 607744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"DoroServer"="c:\program files (x86)\DoroPDFWriter\DoroServer.exe" [2013-02-02 192512]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Renan\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-05-23 13:47 1389096 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 GETNDIS;Driver do VIA Velocity-Family Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\getn62a.sys;c:\windows\SYSNATIVE\DRIVERS\getn62a.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys;c:\windows\SYSNATIVE\drivers\vvftav.sys [x]

R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys;c:\windows\SYSNATIVE\Drivers\usbVM305.sys [x]

R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

R4 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [x]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R4 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [x]

R4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-31 17:45 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-21 18:27]

.

2013-08-02 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-11-19 02:53]

.

2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 16:25]

.

2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 16:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2012-10-01 23:47 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2012-10-01 23:47 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2012-10-01 23:47 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 164016 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 164016 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 164016 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-15 23:49 164016 ----a-w- c:\users\Renan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 192.168.0.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Renan\AppData\Roaming\Mozilla\Firefox\Profiles\oti1kzg7.default\

FF - ExtSQL: !HIDDEN! 2013-03-21 15:22; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Renan\AppData\Roaming\unins000.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-08-02 21:26:20

ComboFix-quarantined-files.txt 2013-08-03 00:26

ComboFix2.txt 2013-07-20 00:44

.

Pré-execução: 317.497.151.488 bytes disponíveis

Pós execução: 317.548.146.688 bytes disponíveis

.

- - End Of File - - 6AADA3C600595918BB6910E1D0F25DA9

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×