Ir ao conteúdo
  • Cadastre-se
lbuda

Vírus acessa conta bancária

Recommended Posts

Olá pessoal!

Acho que há algum vírus em meu computador. Receio que tenham me roubado senhas bancárias.

Depois de passar vários antivírus e nenhum capturar nada, passei o ComoFix mas nao sei ler o log.

Alguém poderia me ajudar por favor.

Desde já agradeco.

Segue cópia do log ComboFix:

ComboFix 13-10-21.01 - f6327040 22/10/2013 21:21:57.3.4 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.591.1033.18.2927.1580 [GMT -4:00]

Running from: c:\users\f6327040\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 106 bytes in 1 streams.

.

((((((((((((((((((((((((( Files Created from 2013-09-23 to 2013-10-23 )))))))))))))))))))))))))))))))

.

.

2013-10-23 01:39 . 2013-10-23 01:39 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-10-23 01:39 . 2013-10-23 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-23 01:39 . 2013-10-23 01:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-10-23 01:39 . 2013-10-23 01:39 -------- d-----w- c:\users\z1174832\AppData\Local\temp

2013-10-23 01:39 . 2013-10-23 01:39 -------- d-----w- c:\users\z1032280\AppData\Local\temp

2013-10-23 01:39 . 2013-10-23 01:39 -------- d-----w- c:\users\luciano\AppData\Local\temp

2013-10-23 01:39 . 2013-10-23 01:39 -------- d-----w- c:\users\administrator.AGE0461\AppData\Local\temp

2013-10-23 01:17 . 2013-10-23 01:17 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2013-10-23 00:07 . 2013-10-23 00:07 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80B6D6C9-B804-4BC5-8DFA-63E296B384B1}\MpKsl7eba6f27.sys

2013-10-21 22:04 . 2013-10-21 22:04 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80B6D6C9-B804-4BC5-8DFA-63E296B384B1}\MpKslc56a7275.sys

2013-10-21 21:08 . 2008-09-29 12:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll

2013-10-21 21:08 . 2008-09-29 12:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2013-10-21 21:08 . 2008-09-29 12:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2013-10-21 21:08 . 2008-09-29 12:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2013-10-21 21:08 . 2008-09-29 12:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2013-10-21 21:08 . 2008-09-29 12:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2013-10-21 21:08 . 2008-09-29 12:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2013-10-21 21:08 . 2008-09-29 12:07 67904 ----a-w- c:\windows\system32\mfevtps.exe

2013-10-21 21:07 . 2013-10-21 21:07 -------- d-----w- c:\program files\Common Files\McAfee

2013-10-21 15:30 . 2013-10-21 15:30 -------- d-----w- c:\users\administrator.AGE0461\AppData\Local\Google

2013-10-18 23:38 . 2013-10-18 23:38 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2013-10-18 22:25 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80B6D6C9-B804-4BC5-8DFA-63E296B384B1}\mpengine.dll

2013-10-16 12:42 . 2013-10-16 12:42 0 ---ha-w- c:\users\z1032280\BITD5D6.tmp

2013-10-15 23:50 . 2013-10-15 23:50 -------- d-----w- c:\users\z1032280\AppData\Roaming\AVAST Software

2013-10-15 23:49 . 2013-10-15 23:49 269216 ----a-w- c:\windows\system32\aswBoot.exe

2013-10-15 23:46 . 2013-10-17 19:48 -------- d-----w- c:\programdata\AVAST Software

2013-10-09 14:58 . 2013-10-09 14:58 4879744 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-10-09 14:58 . 2013-10-09 14:58 4879744 ----a-w- c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-10-06 15:24 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-23 00:06 . 2012-01-28 20:19 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-10-18 23:38 . 2008-09-29 12:07 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2013-09-08 14:56 . 2013-09-08 14:57 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B23E0D13-CC73-41D7-8ADA-59F9BA415934}\gapaengine.dll

2013-08-24 16:45 . 2013-03-19 01:15 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-08-10 03:59 . 2013-09-22 07:02 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-08-10 03:58 . 2013-09-22 07:02 2876928 ----a-w- c:\windows\system32\jscript9.dll

2013-08-10 03:58 . 2013-09-22 07:02 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-08-10 03:58 . 2013-09-22 07:02 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-08-10 03:07 . 2013-09-22 07:02 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-08-10 02:17 . 2013-09-22 07:02 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-08-08 01:03 . 2013-09-21 12:15 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-08-05 01:56 . 2013-09-21 12:15 133056 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-08-02 01:50 . 2013-09-21 12:15 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-08-02 01:49 . 2013-09-21 12:15 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-08-02 01:48 . 2013-09-21 12:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-08-02 01:48 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-08-02 00:52 . 2013-09-21 12:15 271360 ----a-w- c:\windows\system32\conhost.exe

2013-08-02 00:43 . 2013-09-21 12:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43 . 2013-09-21 12:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43 . 2013-09-21 12:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43 . 2013-09-21 12:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-07-25 20:53 . 2013-07-25 20:53 18944 ----a-w- c:\windows\system32\drivers\netaapl.sys

2013-07-25 17:56 . 2013-07-25 17:56 720082 ----a-w- c:\users\f6327040\AppData\Roaming\unins000.exe

2013-07-25 08:57 . 2013-08-15 17:14 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2008-09-29 12:07 . 2013-10-21 21:08 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 20:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-01-17 20:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2013-03-22 248208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]

"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-24 175640]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-24 167960]

"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-06-10 23999752]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-17 495708]

"DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-06-30 815704]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-08-23 1691192]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-18 152392]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico -user_logon [2011-5-2 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisablePersonalDirChange"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-07-15 15:23 1410088 ----a-w- c:\program files\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 CDROM_Detect;CDROM_Detect;c:\program files\HSDPA USB Modem\WCDMA_Eject.exe [2013-03-02 325632]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]

R2 vcsFPService;Validity vocês Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2010-05-20 32896]

R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-04-10 41344]

R3 CT_QUALCOMM_U_drv;Qualcomm EVDO USB Device for Serial Communication;c:\windows\system32\DRIVERS\CT_QUALCOMM_U_drv.sys [2009-04-27 103552]

R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]

R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-17 362040]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]

R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-10-23 31088]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-01 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-05-08 49536]

S0 SafeBoot;SafeBoot; [x]

S0 SbAlg;SbAlg; [x]

S0 SbFsLock;SbFsLock; [x]

S1 MpKsl7eba6f27;MpKsl7eba6f27;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80B6D6C9-B804-4BC5-8DFA-63E296B384B1}\MpKsl7eba6f27.sys [2013-10-23 40392]

S1 MpKslc56a7275;MpKslc56a7275;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80B6D6C9-B804-4BC5-8DFA-63E296B384B1}\MpKslc56a7275.sys [2013-10-21 40392]

S1 RsvLock;RsvLock; [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe [2009-03-03 81920]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 512776]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2013-05-23 410152]

S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-08-23 103992]

S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]

S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-05-10 90112]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]

S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]

S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]

S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072]

S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2010-06-30 815704]

S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]

S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]

S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 3537672]

S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 824584]

S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-06-29 377344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]

S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-10-23 31088]

S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-06-29 794464]

S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]

S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2010-05-21 02:06 78848]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL7EBA6F27

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-06 15:09 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:52]

.

2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 20:29]

.

2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 20:29]

.

2013-10-21 c:\windows\Tasks\HPCeeScheduleForAdministrator.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2013-10-21 c:\windows\Tasks\HPCeeScheduleForf6327040.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2013-10-16 c:\windows\Tasks\HPCeeScheduleForz1032280.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2013-10-21 c:\windows\Tasks\hpwebreg_CN09L21KTW05NG.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\hpwebreg.exe [2010-06-14 20:10]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyServer = cache.bancobrasil.com.br:80

uInternet Settings,ProxyOverride = uni*.*;*bb.com.br;*.bancobrasil.com.br;*.investimentos-e.com.br;112.2.11.*;10.*.*.*;srdfsvl01.df.bb;172.17.71.37;172.27.48.*;172.21.65.*;112.2.11.*;172.27.16.*;172.17.209.207;172.27.52.*;172.18.109.*;172.21.128.*;*.local;<local>

IE: &Enviar a OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{67AF3347-4597-44B5-9498-E548BF2DA310}: NameServer = 200.73.96.146 190.104.12.43

TCP: Interfaces\{9192B03D-FF61-4328-BB83-324AAF617F8B}: NameServer = 190.104.12.43 200.73.96.146

TCP: Interfaces\{9E318D56-D234-49C4-A754-98CBE1744B85}: NameServer = 190.104.12.43 200.73.96.146

TCP: Interfaces\{DB761273-D31F-46F8-BD95-C76F619630FC}: NameServer = 190.104.12.43 200.73.96.146

TCP: Interfaces\{F2F1B34A-42A1-482D-B7C3-CE11FCA773B3}: NameServer = 172.27.52.1,10.8.4.1

DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://cldomino0603.bb.com.br/dwa85W.cab

DPF: {5220B524-B61D-4980-862F-72E1A843B9FA} - hxxps://correioweb.bb.com.br/dwa85W.cab

DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} - hxxps://correioweb.bb.com.br/dwa85W.cab

FF - ProfilePath - c:\users\f6327040\AppData\Roaming\Mozilla\Firefox\Profiles\f2cnz4k9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com.br/

FF - prefs.js: network.proxy.ftp - cache.bancobrasil.com.br

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.http - cache.bancobrasil.com.br

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks - cache.bancobrasil.com.br

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl - cache.bancobrasil.com.br

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 1

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(616)

c:\windows\system32\DPFPApi.DLL

.

- - - - - - - > 'Explorer.exe'(3228)

c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll

.

Completion time: 2013-10-22 21:45:47

ComboFix-quarantined-files.txt 2013-10-23 01:45

ComboFix2.txt 2012-12-01 16:25

ComboFix3.txt 2012-05-14 23:00

.

Pre-Run: 257.004.892.160 bytes free

Post-Run: 258.464.317.440 bytes free

.

- - End Of File - - 309A926AD3199CECD473DCCEC6316C74

D55478A889A3BD45AC4DF248CAF5D996

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Crie uma nova conta em nossa comunidade. É fácil!

Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.

Entrar agora





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×