Remoção de vírus

KnuckP · 28 de outubro de 2013

Eu estou ajudando um amigo a arrumar um notebook, que está abrindo janelas de propagandas sozinho. Já desinstalei todos os programas que possam estar contaminados (Dealply, toolbars, entre outros), porém acho que ainda tem algum arquivo infectado. Procurei na internet e, utilizando o programa ComboFix, obtive o seguinte log:

ComboFix 13-10-28.01 - marcelo de siena 28/10/2013 18:43:19.1.4 - x64

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.1900.1007 [GMT -2:00]

Executando de: c:\users\marcelo de siena\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\END

c:\program files (x86)\DealPly

c:\program files (x86)\DealPly\DealPly.crx

c:\program files (x86)\DealPly\DealPly.xpi

c:\program files (x86)\DealPly\DealPlyIE.dll

c:\program files (x86)\DealPly\DealPlyIE64.dll

c:\program files (x86)\DealPly\DealPlyUpdate.exe

c:\program files (x86)\DealPly\DealPlyUpdateRun.exe

c:\program files (x86)\DealPly\DealPlyUpdateVer.exe

c:\program files (x86)\DealPly\icon.ico

c:\program files (x86)\DealPly\uninst.exe

c:\programdata\ntuser.dat

c:\users\marcelo de siena\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

c:\users\marcelo de siena\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences

c:\users\marcelo de siena\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk

c:\windows\SysWow64\DEBUG.log

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_srvPlgProtect

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-09-28 to 2013-10-28 ))))))))))))))))))))))))))))

.

.

2013-10-28 20:49 . 2013-10-28 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-28 20:13 . 2013-10-28 20:13 -------- d-----w- c:\program files (x86)\predm

2013-10-28 18:05 . 2013-10-28 18:05 -------- d-----w- c:\program files\CCleaner

2013-10-28 03:44 . 2013-10-28 03:44 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-10-23 03:47 . 2013-10-23 03:47 -------- d-----w- c:\users\marcelo de siena\AppData\Roaming\Avira

2013-10-23 03:39 . 2013-10-23 03:37 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-10-23 03:39 . 2013-10-23 03:37 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-10-23 03:39 . 2013-10-23 03:37 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-10-23 03:39 . 2013-10-23 03:39 -------- d-----w- c:\program files (x86)\Avira

2013-10-21 04:02 . 2013-10-21 04:02 -------- d-----w- c:\programdata\Uniblue

2013-10-21 03:59 . 2013-10-21 03:59 -------- d-----w- c:\users\marcelo de siena\AppData\Roaming\Uniblue

2013-10-21 03:59 . 2013-10-21 03:59 -------- d-----w- c:\program files (x86)\Uniblue

2013-10-21 03:54 . 2013-10-22 02:36 -------- d-----w- c:\users\marcelo de siena\AppData\Roaming\okitspace

2013-10-02 04:16 . 2013-10-02 04:16 -------- d-----w- c:\users\marcelo de siena\AppData\Local\Apps

2013-10-02 04:16 . 2013-10-02 04:16 -------- d-----w- c:\users\marcelo de siena\AppData\Local\Deployment

2013-09-29 23:12 . 2013-09-29 23:12 -------- d-----w- c:\users\marcelo de siena\AppData\Roaming\File Scout

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-30 15:53 . 2010-03-18 12:36 829264 ----a-w- c:\windows\system32\msvcr100.dll

2013-09-30 15:53 . 2010-03-18 12:36 608080 ----a-w- c:\windows\system32\msvcp100.dll

2013-09-25 02:25 . 2013-09-25 02:25 0 ----a-w- c:\windows\SysWow64\sho5831.tmp

2013-09-14 02:47 . 2013-09-03 02:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-14 02:47 . 2013-09-03 02:53 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-22 21:36 . 2013-09-17 23:51 20312 ----a-w- c:\windows\system32\roboot64.exe

2013-08-15 16:17 . 2013-06-26 21:51 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}]

2013-08-28 01:11 752488 ----a-w- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

"Facebook Update"="c:\users\marcelo de siena\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-05-08 18680424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-10-23 347192]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 lmservicedrv;lmservicedrv;c:\windows\system32\drivers\lmservicedrv.sys;c:\windows\SYSNATIVE\drivers\lmservicedrv.sys [x]

S2 AntiVirSchedulerService;Avira Agendamento;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S2 LM Service;Serviço LM;c:\program files (x86)\Driver LM\lmservice.exe;c:\program files (x86)\Driver LM\lmservice.exe [x]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 scpVista;scpVista;c:\program files (x86)\Scpad\scpVista.exe;c:\program files (x86)\Scpad\scpVista.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]

S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]

S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]

S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-03 02:47]

.

2013-09-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2277092130-2856680764-3424487789-1000Core.job

- c:\users\marcelo de siena\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-08 19:54]

.

2013-09-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2277092130-2856680764-3424487789-1000UA.job

- c:\users\marcelo de siena\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-08 19:54]

.

2013-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cecae6d13e288b.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 02:54]

.

2013-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cecae6d1a8abba.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 02:54]

.

2013-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2277092130-2856680764-3424487789-1000Core1cecae583a83d74.job

- c:\users\marcelo de siena\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-24 04:05]

.

2013-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2277092130-2856680764-3424487789-1000UA1cecae5841ce0e1.job

- c:\users\marcelo de siena\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-24 04:05]

.

2013-09-14 c:\windows\Tasks\Plus-HD-1.3-chromeinstaller.job

- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-08-28 01:09]

.

2013-09-14 c:\windows\Tasks\Plus-HD-1.3-codedownloader.job

- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-08-28 01:09]

.

2013-09-14 c:\windows\Tasks\Plus-HD-1.3-enabler.job

- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-08-28 01:11]

.

2013-09-14 c:\windows\Tasks\Plus-HD-1.3-updater.job

- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-08-28 01:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]

"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]

"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]

.

------- Scan Suplementar -------

.

uStart Page = about:Tabs

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://start.mysearchdial.com/?f=1&a=airmsd&cd=2XzuyEtN2Y1L1Qzu0F0EyDyD0Fzy0ByCyBzyzyyBtBtCyEyEtN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1T1L1C1H1B1Q&cr=1317183217&ir=

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=BR&userid=1dfe19af-1a67-ea51-8258-4f2c76d35e13&searchtype=ds&q={searchTerms}&installDate=27/08/2013

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 201.6.2.44 201.6.2.164 192.168.0.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{3728ba43-f94f-42a4-9e8d-00b930d1db28} - c:\program files (x86)\DealPly\DealPlyIE.dll

Toolbar-Locked - (no file)

Toolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)

Wow6432Node-HKLM-Run-fst_br_3 - (no file)

Toolbar-Locked - (no file)

AddRemove-{B906C11A-D193-4143-9FA7-E2EE8A5A8F21} - c:\program files (x86)\InstallShield Installation Information\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}\Setup.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

c:\program files (x86)\Launch Manager\LMworker.exe

c:\program files (x86)\Launch Manager\LMutilps32.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-10-28 18:59:12 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-10-28 20:59

.

Pré-execução: 426.751.610.880 bytes disponíveis

Pós execução: 425.945.935.872 bytes disponíveis

.

- - End Of File - - 47F99536CBD69F25F678B4BB61437D62

E agora, que procedimentos devo fazer? Obrigado desde já.

edgar_ · 29 de outubro de 2013

Olá! tente na área de Segurança da Informação; peça para que um moderador mova seu tópico, peça para fechar este ou crie outro lá e assim vão analisar seu problema.

http://forum.clubedohardware.com.br/duvidas-invasoes-infeccoes/f104

Dúvidas sobre Invasões e Infecções Acha que foi invadido? Quer saber se sua máquina está contaminada por algum vírus ou spyware? Dúvidas quanto a falhas de segurança? Esta é a área onde poderá sanar suas dúvidas. ATENÇÃO! Não poste log do Hijackthis ou de qualquer outra ferramenta de análise neste fórum, poste no fórum de Remoção de Malware.