Ir ao conteúdo
  • Cadastre-se
klebenawa

remoção de malware

Recommended Posts

Amigos:

----------------------------------------------------------

meu PC tem como configuração:

pentium dual core 2.6 ghz

memoria ddr2 2gb

HD 320 gb

-----------------------------------------------------------

programas principais:

windows 7 ultimate ( w7)

Google Chrome ( chrome)

Microsoft security Essentials ( MSE )

CClean

------------------------------------------------------------

O PROBLEMA !

Na qualidade de usuário doméstico, muito provável acessei páginas "indevidas" e a partir daí a lentidão se instalou no meu PC. Fiz várias varreduras na máquina via 'MSE' e nada de vírus. Até porque ele está sempre ativo e atualizado.. Pesquisei na internet e pelos relatos assemelhados constatei que o problema era o mesmo: PC lento por ação de malware.

Não possuo nenhum anti-spy nem anti-malware.

Nas pesquisas li a indicação do uso do COMBOFIX.Na dúvida ainda preferi usar o CClean, acreditando ser as tais chaves falsa de registro. Nada. continuava lento. Acessei o baixaki e baixei o programa, mesmo preocupado com o que li a respeito do programa. Executei-o. O aplicativo solicitou que eu desabilitasse o anti-vírus;desabilitei o 'MSE'. daí o COMBOFIX fez todo o processo. Após isto a máquina sozinha reinicializou. repeti o processo mais duas vezes. Observei que o programa criou um ' ponto de restauração'.

Observei que em duas oportunidades salvei o LOG.

----------------------------------------------------------------------

Após isto, ativei novamente o "MSE' e fiz um scaneamento completo e imediatamente ele identificou uma possibilidade de um malware na máuina e não seria possivel excluí-lo pelo programa corrente. Desliguei a máquina e no outro dia a surpresa:

Até então, mesmo lento ainda acessava a internet, mas a partir deste outro dia, mesmo com todas as conexões corretas e confirmadas pelo provedor, não consigou mais acessar a rede mundial de computadores. Resolvi o seguinte: desliguei o foi azul que faz fisicamente a conexão de meu PC com a Net. E tenho usado esporadicamente, sem net o micro.

-----------------------------------------------------------------------

detalhes:

01) Quando ligo o Pc aparece a seguinte mensagem: " esta copia não é original" e

02) Nestes últimos 10 dias, internet só por Lan house.

03) primeiro acesso ao fórum como usuário. O site, já conheço há um bom tempo.

Espero que possam me ajudar.

grato

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Obs: modo de segurança com rede não deixa o computador melhor, pelo menos para postar os logs?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Obs: modo de segurança com rede não deixa o computador melhor, pelo menos para postar os logs?

----------------------------------------------------------------------------

Renato não foi possível acessar a WEB, mesmo entrando no modo segurança de rede:

1. Tentei primeiramente usando REINICIAR + F8. Não entrou no modo segurança.

2. Com o PC ligado, desliguei-o, e religuei-o e assim entrei no modo segurança em rede. Tentei acessar a internet e NADA. a resposta era sempre:" Esta página não está disponível".

Outra coisa: Identifiquei uns programas estranhos no PC:

DSP-WORX; BONANZA DEALS; BONANZA DELASLIVE e $RECYCLE.BIN

Para encerrar: se eu estiver postando no fórum errado diga-me, mas pelo que eu li e sendo um problema individual e resposta também tem que ser única. Cada caso é um caso ( nesta caso de malware). Continuo usando Lan house.

Grato.

Compartilhar este post


Link para o post
Compartilhar em outros sites

A única forma de fazer isso, será transportar os logs e procedimentos via pendrive, preciso dos logs para começar a analisar o problema.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Renato, como escrevi no inicio, usei três vezes consecutivas o COMBOM FIX. Posto aqui os três LOGs salvos ou basta o primeiro ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado, o procedimento inicial pede o log do DDS, com ele eu avalio se é necessário qualquer outro log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Renato, segue o LOG-1:

ComboFix 13-10-08.01 - Kleber 08/10/2013 16:39:23.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2046.1084 [GMT -3:00]

Executando de: c:\users\Kleber\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Windows Live\Messenger\msacm32.dll

c:\programdata\BetterSoft\OptimizerPro

c:\programdata\BetterSoft\OptimizerPro\3036567561.ini

c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe

c:\programdata\wxDownload

c:\programdata\wxDownload\50ea05dfd0a16.dll

c:\programdata\wxDownload\50ea05dfd0a16.tlb

c:\programdata\wxDownload\50ea07cbd700b.dll

c:\programdata\wxDownload\50ea07cbd700b.tlb

c:\programdata\wxDownload\settings.ini

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflagacdmfkpfkpdnknpnnafiajfjoae

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflagacdmfkpfkpdnknpnnafiajfjoae\1\516cb3282e98c1.93405410.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflagacdmfkpfkpdnknpnnafiajfjoae\1\background.html

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflagacdmfkpfkpdnknpnnafiajfjoae\1\content.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflagacdmfkpfkpdnknpnnafiajfjoae\1\lsdb.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflagacdmfkpfkpdnknpnnafiajfjoae\1\manifest.json

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflagacdmfkpfkpdnknpnnafiajfjoae\1\sqlite.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjdpopalggolemffbnolamijohfamno

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjdpopalggolemffbnolamijohfamno\1\516cb3e41417c0.14220722.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjdpopalggolemffbnolamijohfamno\1\background.html

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjdpopalggolemffbnolamijohfamno\1\content.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjdpopalggolemffbnolamijohfamno\1\lsdb.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjdpopalggolemffbnolamijohfamno\1\manifest.json

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjdpopalggolemffbnolamijohfamno\1\newtab.html

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjdpopalggolemffbnolamijohfamno\1\sqlite.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\opkjnjphbhpbklcmfdjkkdoohojelmod

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\opkjnjphbhpbklcmfdjkkdoohojelmod\1\50ea07ba113798.51953512.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\opkjnjphbhpbklcmfdjkkdoohojelmod\1\background.html

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\opkjnjphbhpbklcmfdjkkdoohojelmod\1\content.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\opkjnjphbhpbklcmfdjkkdoohojelmod\1\lsdb.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\opkjnjphbhpbklcmfdjkkdoohojelmod\1\manifest.json

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\opkjnjphbhpbklcmfdjkkdoohojelmod\1\sqlite.js

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_opkjnjphbhpbklcmfdjkkdoohojelmod_0.localstorage-journal

c:\users\Kleber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_opkjnjphbhpbklcmfdjkkdoohojelmod_0.localstorage

c:\users\Kleber\AppData\Roaming\Mozilla\Firefox\Profiles\c3kxyi1z.default\extensions\j8e1yaui@bkjpzkcb.net

c:\users\Kleber\AppData\Roaming\Mozilla\Firefox\Profiles\c3kxyi1z.default\extensions\j8e1yaui@bkjpzkcb.net\bootstrap.js

c:\users\Kleber\AppData\Roaming\Mozilla\Firefox\Profiles\c3kxyi1z.default\extensions\j8e1yaui@bkjpzkcb.net\chrome.manifest

c:\users\Kleber\AppData\Roaming\Mozilla\Firefox\Profiles\c3kxyi1z.default\extensions\j8e1yaui@bkjpzkcb.net\content\bg.js

c:\users\Kleber\AppData\Roaming\Mozilla\Firefox\Profiles\c3kxyi1z.default\extensions\j8e1yaui@bkjpzkcb.net\install.rdf

c:\windows\ST6UNST.000

c:\windows\system32\roboot.exe

.

A cópia de c:\windows\system32\winlogon.exe foi encontrada e desinfectada

Cópia restaurada de - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.21820_none_72453a854c5ce5ad\winlogon.exe

.

c:\windows\System32\slui.exe . . . está infectado!!

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-09-08 to 2013-10-08 ))))))))))))))))))))))))))))

.

.

2013-10-08 18:55 . 2013-10-08 18:55 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16EFDEE0-867C-4022-B8FF-150DA47C5111}\offreg.dll

2013-10-08 18:55 . 2013-10-08 18:55 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16EFDEE0-867C-4022-B8FF-150DA47C5111}\MpKsl61ed739c.sys

2013-10-08 16:53 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16EFDEE0-867C-4022-B8FF-150DA47C5111}\mpengine.dll

2013-10-07 11:37 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-09-28 23:42 . 2013-09-28 23:42 -------- d-----w- c:\users\Kleber\AppData\Roaming\SpeedAnalysis2

2013-09-28 23:42 . 2013-09-28 23:42 -------- d-----w- c:\program files\Speed Analysis 2

2013-09-28 23:42 . 2013-09-28 23:49 -------- d-----w- c:\users\Kleber\AppData\Roaming\PerformerSoft

2013-09-28 23:41 . 2013-09-28 23:41 -------- d-----w- c:\programdata\IBUpdaterService

2013-09-28 23:41 . 2013-09-28 23:41 -------- d-----w- c:\users\Kleber\AppData\Roaming\zulagames

2013-09-28 23:41 . 2013-09-28 23:41 -------- d-----w- c:\users\Kleber\AppData\Roaming\File Scout

2013-09-28 23:06 . 2011-08-09 18:11 212240 ----a-w- c:\windows\system32\Richtx32.ocx

2013-09-28 23:06 . 2011-08-09 18:11 196608 ----a-w- c:\windows\system32\Utility.dll

2013-09-28 23:06 . 2011-08-09 18:11 117507 ----a-w- c:\windows\system32\msinet.ocx

2013-09-28 23:06 . 2013-09-28 23:33 -------- d-----w- c:\windows\system32\gs

2013-09-28 23:06 . 2001-03-13 17:49 140288 ----a-w- c:\windows\system32\COMDLG32.OCX

2013-09-28 23:06 . 1998-04-24 03:00 368912 ----a-w- c:\windows\system32\vbar332.dll

2013-09-28 23:06 . 2013-09-28 23:33 -------- d-----w- c:\programdata\DSMBasic

2013-09-28 23:00 . 2013-09-28 23:00 -------- d-----w- c:\users\Kleber\AppData\Local\BonanzaDealsLive

2013-09-28 23:00 . 2013-09-28 23:00 -------- d-----w- c:\programdata\BonanzaDealsLive

2013-09-28 23:00 . 2013-09-28 23:31 -------- d-----w- c:\program files\BonanzaDeals

2013-09-28 00:05 . 2013-09-28 00:05 -------- d-----w- c:\users\Kleber\AppData\Roaming\RealNetworks

2013-09-28 00:04 . 2013-09-28 00:04 -------- d-----w- c:\program files\RealNetworks

2013-09-28 00:04 . 2013-09-28 00:04 -------- d-----w- c:\programdata\RealNetworks

2013-09-28 00:03 . 2013-09-28 00:03 -------- d-----w- c:\program files\Common Files\xing shared

2013-09-22 13:50 . 2013-09-22 13:50 -------- d-----w- c:\program files\Dicionário de Sinônimos AOL

2013-09-22 13:50 . 1999-03-23 12:12 300032 ----a-w- c:\windows\uninst.exe

2013-09-14 21:03 . 2013-09-14 21:03 -------- d-----w- c:\programdata\WEBREG

2013-09-14 21:03 . 2013-09-14 21:03 -------- d-----w- c:\users\Kleber\AppData\Roaming\HP

2013-09-14 21:03 . 2013-09-14 21:03 -------- d-----w- c:\users\Kleber\AppData\Local\HP

2013-09-14 20:58 . 2013-09-14 20:58 -------- d-----w- c:\programdata\HP Product Assistant

2013-09-14 20:57 . 2013-09-14 20:57 -------- d-----w- c:\program files\Common Files\HP

2013-09-14 20:57 . 2013-09-14 20:57 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2013-09-14 20:42 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll

2013-09-14 20:42 . 2009-07-08 10:51 364544 ----a-w- c:\windows\system32\hppldcoi.dll

2013-09-14 20:42 . 2009-07-08 10:51 729088 ----a-w- c:\windows\system32\hpowiax5.dll

2013-09-14 20:42 . 2009-07-08 10:51 303104 ----a-w- c:\windows\system32\hpovst12.dll

2013-09-14 20:42 . 2009-07-08 10:51 966656 ----a-w- c:\windows\system32\hpotiop5.dll

2013-09-14 20:06 . 2013-09-14 20:08 -------- d-----w- c:\windows\system32\MRT

2013-09-14 19:52 . 2013-09-14 19:52 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-09-14 18:59 . 2013-07-08 05:08 3973056 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-09-14 18:59 . 2013-07-08 05:08 3918272 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-09-14 18:59 . 2013-07-08 03:31 97792 ----a-w- c:\windows\system32\appidpolicyconverter.exe

2013-09-14 18:59 . 2013-07-08 05:06 1293216 ----a-w- c:\windows\system32\ntdll.dll

2013-09-14 18:59 . 2013-07-08 05:00 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-09-14 18:59 . 2013-07-08 04:59 6656 ----a-w- c:\windows\system32\apisetschema.dll

2013-09-14 18:59 . 2013-07-08 04:59 50688 ----a-w- c:\windows\system32\appidapi.dll

2013-09-14 18:59 . 2013-07-08 03:32 50176 ----a-w- c:\windows\system32\drivers\appid.sys

2013-09-14 18:59 . 2013-07-08 03:31 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe

2013-09-14 18:59 . 2013-07-08 03:31 29696 ----a-w- c:\windows\system32\appidsvc.dll

2013-09-14 18:59 . 2013-07-08 03:02 69632 ----a-w- c:\windows\system32\smss.exe

2013-09-14 18:58 . 2013-07-09 13:57 1167360 ----a-w- c:\windows\system32\crypt32.dll

2013-09-14 18:58 . 2013-07-09 13:57 142848 ----a-w- c:\windows\system32\cryptsvc.dll

2013-09-14 18:58 . 2013-07-09 13:57 106496 ----a-w- c:\windows\system32\cryptnet.dll

2013-09-14 18:58 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-09-14 18:55 . 2013-06-15 03:40 918528 ----a-w- c:\windows\system32\rdpcorets.dll

2013-09-14 18:55 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-09-14 18:54 . 2013-07-09 14:01 140800 ----a-w- c:\windows\system32\rpchttp.dll

2013-09-14 18:54 . 2013-07-09 14:01 653312 ----a-w- c:\windows\system32\rpcrt4.dll

2013-09-14 18:54 . 2013-07-06 04:57 1309120 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-14 18:54 . 2013-07-06 04:57 240576 ----a-w- c:\windows\system32\drivers\netio.sys

2013-09-14 18:54 . 2013-07-06 04:57 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-09-14 18:54 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-09-14 18:54 . 2013-08-08 01:03 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-09-13 22:24 . 2013-09-14 21:03 -------- d-----w- c:\programdata\HP

2013-09-13 22:24 . 2013-09-14 21:00 -------- d-----w- c:\program files\HP

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-28 00:02 . 2013-02-02 20:06 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-09-28 00:02 . 2013-02-02 20:06 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-09-20 13:19 . 2013-02-24 00:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-20 13:19 . 2013-02-24 00:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-06 12:06 . 2013-09-06 12:06 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A1B6372-6F4E-435D-AC4E-D8F88C83D81D}\gapaengine.dll

2013-08-22 21:53 . 2013-03-12 15:42 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-07-31 23:42 . 2013-07-31 23:42 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-31 23:42 . 2012-12-26 21:04 867240 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-07-31 23:42 . 2012-12-26 21:04 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-07-24 01:24 . 2013-07-24 01:24 715038 ----a-w- c:\windows\unins000.exe

2013-01-07 01:34 2169856 --sha-w- c:\windows\System32\hale.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2012-01-03 . B3A878C22E0C35A4C80B73C1B6378E3D . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll

[7] 2012-01-03 . 522899528A6DFCAB89AEB895E4DC0EBD . 811520 . . [6.1.7601.21846] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.21846_none_cfab0793e4d2b8d6\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521352]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1D0F449D-46BA-DF79-F9ED-AD4CB27DB866}]

2013-04-16 02:10 118272 ----a-w- c:\programdata\Browse2seavei\516cb3282ebac.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

"Octoshape Streaming Services"="c:\users\Kleber\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2011-03-24 107800]

"Facebook Update"="c:\users\Kleber\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-31 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-29 1573576]

"Chew7Hale"="c:\windows\System32\hale.exe" [2013-01-07 2169856]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-09-28 295512]

.

c:\users\Kleber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-12-21 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\MocaFlix\sprotector.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]

R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 99272]

R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2012-01-03 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 USBET;Goldentec Webcam;c:\windows\system32\DRIVERS\ETdrv.sys [2010-06-21 165888]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S1 MpKsl61ed739c;MpKsl61ed739c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16EFDEE0-867C-4022-B8FF-150DA47C5111}\MpKsl61ed739c.sys [2013-10-08 40392]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]

S2 MobiCap;fix8 Virtual Webcam, WDM Video Capture;c:\windows\system32\DRIVERS\MobiCap.sys [2007-08-28 217600]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-06 18:06 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 13:19]

.

2013-10-08 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-12-26 14:27]

.

2013-10-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3535962665-3855276934-2327244261-1000Core.job

- c:\users\Kleber\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-31 17:07]

.

2013-10-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3535962665-3855276934-2327244261-1000UA.job

- c:\users\Kleber\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-31 17:07]

.

2013-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 17:49]

.

2013-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-23 17:49]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Enviar para o OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

TCP: Interfaces\{556D038D-F9B4-4FFA-B8DB-F43D6F9124EA}: NameServer = 10.1.1.1,200.175.5.139

FF - ProfilePath - c:\users\Kleber\AppData\Roaming\Mozilla\Firefox\Profiles\c3kxyi1z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=724&r=2013/04/16&hid=3658382666&lg=EN&cc=BR&l=1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=724&r=2013/04/16&hid=3658382666&lg=EN&cc=BR&l=1&q=

FF - ExtSQL: 2013-09-14 18:00; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - ExtSQL: 2013-09-27 21:04; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF - ExtSQL: !HIDDEN! 2013-09-14 18:00; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{4660C9D2-44DA-388C-F31F-DC24E4AB35A0} - c:\programdata\wxDownload\50ea05dfd0a16.dll

AddRemove-zulagames - c:\program files\ZulaGames\uninst.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]

"ImagePath"="\??\c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\AUDIODG.EXE

c:\windows\system32\atieclxx.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\sppsvc.exe

c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

c:\windows\System32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-10-08 16:54:08 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-10-08 19:54

.

Pré-execução: 19.728.588.800 bytes disponíveis

Pós execução: 19.729.174.528 bytes disponíveis

.

- - End Of File - - 9A090C21AFD8D965A0DF820235571834

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você LEU meu post anterior?

Compartilhar este post


Link para o post
Compartilhar em outros sites

A informação está clara e disponível no link abaixo:

http://forum.clubedohardware.com.br/leia-antes-postar/597599

LEIA e faça o que é pedido, por gentileza, se tiver alguma dúvida basta perguntar.

Apenas entenda que ComboFix e DDS são coisas completamente distintas e sem nenhuma relação, eu estou pedindo log do DDS e você postou log do ComboFix.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por gentileza, poste apenas quando já estiver com o log.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×