relatório do Combofix

[antonioalbuq]

Gostaria que alguém me lesse este relatório do Combofix. obrigado

ComboFix 11-08-11.02 - manuela 11-08-2011 20:59:00.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.351.2070.18.1013.268 [GMT 1:00]

Executando de: c:\users\manuela\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Amazon.ico

c:\programdata\BeRuby.ico

c:\programdata\MercadoLivre.ico

c:\programdata\QuickStores.ico

c:\users\manuela\weomav.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-07-11 to 2011-08-11 ))))))))))))))))))))))))))))

.

.

2011-08-10 21:39 . 2011-07-20 08:44 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3ECD20CC-31F9-48BC-A6C7-F26623FE3DBD}\mpengine.dll

2011-08-09 01:06 . 2011-08-09 01:06 -------- d-----w- c:\windows\CheckSur

2011-08-08 17:41 . 2011-08-08 17:45 -------- d-----w- c:\windows\system32\catroot2

2011-08-06 21:52 . 2011-08-11 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-05 21:37 . 2010-11-30 10:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A59093A2-315F-4847-9C67-19E8DE0C6439}\gapaengine.dll

2011-07-29 00:03 . 2011-07-29 00:03 -------- d-----w- c:\programdata\Panda Security

2011-07-29 00:03 . 2011-07-29 00:03 -------- d-----w- c:\program files\Panda USB Vaccine

2011-07-28 22:21 . 2011-07-20 08:44 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-23 21:36 . 2011-07-24 00:05 1668 ----a-w- c:\windows\system32\ASOROSet.bin

2011-07-23 21:20 . 2011-07-23 21:37 -------- d-----w- c:\users\manuela\AppData\Roaming\Systweak

2011-07-23 21:18 . 2011-07-23 21:18 -------- d-----w- c:\users\manuela\AppData\Local\Babylon

2011-07-23 21:18 . 2011-07-23 21:18 -------- d-----w- c:\users\manuela\AppData\Roaming\Babylon

2011-07-23 21:18 . 2011-07-23 21:18 -------- d-----w- c:\programdata\Babylon

2011-07-23 21:18 . 2011-07-23 21:18 -------- d-----w- c:\program files\Windows Updates Downloader

2011-07-19 08:38 . 2011-07-19 08:38 0 ---ha-w- c:\users\manuela\AppData\Local\BITBD95.tmp

2011-07-14 08:35 . 2011-07-14 08:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-20 08:44 . 2011-03-22 01:17 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-07 12:26 . 2011-03-13 01:34 17280 ----a-w- c:\windows\system32\roboot.exe

2011-05-21 07:27 . 2011-04-08 21:53 0 ----a-w- c:\windows\system32\tmp.tmp

2010-10-16 11:50 . 2011-03-13 01:33 3056008 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe

2010-01-26 10:11 . 2011-03-13 01:33 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-01-19 1232896]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-14 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-16 535336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, mehbanmc.dll, mwvmdfup.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R1 MpKsl0b246d22;MpKsl0b246d22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{595413C6-A8E8-4F7B-96CB-767A5788AEA6}\MpKsl0b246d22.sys [x]

R1 MpKsl0d8120d6;MpKsl0d8120d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0CDB946-6892-46FE-8499-7F8B945A61CB}\MpKsl0d8120d6.sys [x]

R1 MpKsl1668893d;MpKsl1668893d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44ADA05A-4239-4807-8B93-9396431C203B}\MpKsl1668893d.sys [x]

R1 MpKsl25684c35;MpKsl25684c35;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4BBE3A9-172F-45C2-BAAC-97C1965F7493}\MpKsl25684c35.sys [x]

R1 MpKsl447ba75b;MpKsl447ba75b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{319A8318-9587-4325-BB04-DFBACED5F9BE}\MpKsl447ba75b.sys [x]

R1 MpKsl49351376;MpKsl49351376;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FC4CE46-6BFF-4E2A-ADBA-504B90CB4F9B}\MpKsl49351376.sys [x]

R1 MpKsl5388af0c;MpKsl5388af0c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82474D0E-0540-4047-AE66-626E61E64465}\MpKsl5388af0c.sys [x]

R1 MpKsl5d77c19e;MpKsl5d77c19e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A69456BD-237B-4EC9-80C2-15E41F9993AD}\MpKsl5d77c19e.sys [x]

R1 MpKsl61247d5c;MpKsl61247d5c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B56E7F6-334A-4CCE-8023-64784CDA2F8F}\MpKsl61247d5c.sys [x]

R1 MpKsl68c1b912;MpKsl68c1b912;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{825F334C-9BA7-4920-AC5B-5F0BDE277271}\MpKsl68c1b912.sys [x]

R1 MpKsl81546cc3;MpKsl81546cc3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EA6F456-4E55-4827-A509-5CC450609749}\MpKsl81546cc3.sys [x]

R1 MpKsl81718b75;MpKsl81718b75;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44ADA05A-4239-4807-8B93-9396431C203B}\MpKsl81718b75.sys [x]

R1 MpKsl85303b2b;MpKsl85303b2b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0CDB946-6892-46FE-8499-7F8B945A61CB}\MpKsl85303b2b.sys [x]

R1 MpKsl8662633a;MpKsl8662633a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4879B988-7CF1-453D-AC96-C9E2F314AD81}\MpKsl8662633a.sys [x]

R1 MpKsl8ee97166;MpKsl8ee97166;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0CDB946-6892-46FE-8499-7F8B945A61CB}\MpKsl8ee97166.sys [x]

R1 MpKsl9b0b16b1;MpKsl9b0b16b1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B56E7F6-334A-4CCE-8023-64784CDA2F8F}\MpKsl9b0b16b1.sys [x]

R1 MpKsla5173262;MpKsla5173262;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B56E7F6-334A-4CCE-8023-64784CDA2F8F}\MpKsla5173262.sys [x]

R1 MpKsla6f81bb3;MpKsla6f81bb3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B56E7F6-334A-4CCE-8023-64784CDA2F8F}\MpKsla6f81bb3.sys [x]

R1 MpKsla80c767f;MpKsla80c767f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3447576B-55F3-4640-8565-B48204A358CD}\MpKsla80c767f.sys [x]

R1 MpKslbc955ad0;MpKslbc955ad0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{595413C6-A8E8-4F7B-96CB-767A5788AEA6}\MpKslbc955ad0.sys [x]

R1 MpKslcf84e83d;MpKslcf84e83d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44ADA05A-4239-4807-8B93-9396431C203B}\MpKslcf84e83d.sys [x]

R1 MpKsld217975d;MpKsld217975d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FC4CE46-6BFF-4E2A-ADBA-504B90CB4F9B}\MpKsld217975d.sys [x]

R1 MpKsld4faccb7;MpKsld4faccb7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0CDB946-6892-46FE-8499-7F8B945A61CB}\MpKsld4faccb7.sys [x]

R1 MpKslda58babe;MpKslda58babe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{711675C2-0445-4E37-8E29-AEDC23B6DA15}\MpKslda58babe.sys [x]

R1 MpKsldce2e9ff;MpKsldce2e9ff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4879B988-7CF1-453D-AC96-C9E2F314AD81}\MpKsldce2e9ff.sys [x]

R1 MpKsle3e33c62;MpKsle3e33c62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3ECD20CC-31F9-48BC-A6C7-F26623FE3DBD}\MpKsle3e33c62.sys [x]

R1 MpKsle8b2bbad;MpKsle8b2bbad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3ECD20CC-31F9-48BC-A6C7-F26623FE3DBD}\MpKsle8b2bbad.sys [x]

R2 AMService;AMService;c:\windows\TEMP\phqo\setup.exe run [x]

R2 gupdate;Serviço Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 136176]

R3 gupdatem;Serviço Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 136176]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 01:35]

.

2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 01:35]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.pt/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://pt.intl.acer.yahoo.com

uSearchURL,(Default) = hxxp://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-11 21:12

Windows 6.0.6000 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,b4,ac,34,fd,12,a2,4c,b0,f3,3a,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,b4,ac,34,fd,12,a2,4c,b0,f3,3a,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(604)

c:\windows\system32\eNetHook.dll

.

- - - - - - - > 'lsass.exe'(572)

c:\windows\system32\eNetHook.dll

.

- - - - - - - > 'Explorer.exe'(5860)

c:\windows\system32\MsnChatHook.dll

c:\windows\system32\ShowErrMsg.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\BatchCrypto.dll

c:\windows\system32\CryptoAPI.dll

c:\windows\system32\keyManager.dll

c:\acer\Empowering Technology\EPOWER\SysHook.dll

.

Tempo para conclusão: 2011-08-11 21:21:58

ComboFix-quarantined-files.txt 2011-08-11 20:21

.

Pré-execução: 22.362.828.800 bytes livres

Pós execução: 21.924.798.464 bytes livres

.

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - AA1E816688B07D647402E4D7493CF8EB

[Visitante]

Amigo, Logs do Hijack tem que ser postados em Remoção de Malwares, lá é a área correta para postagem desse conteúdo, lá participam um dos melhores especialistas na área e você será melhor ajudado, fora dessa área você pode ser ajudado por não especialistas e pode danificar algo no sistema do seu computador.

Qualquer dúvida é só mandar MP,

Obrigado e desculpe o transtorno.