Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
Olá madaraujo
Cole o relatório do ComboFix.
madaraujo
Novo Membro
Registrado
35 Mensagens
1 Curtida
Segue relatório atualizado:
ComboFix 13-12-01.01 - Administrador 01/12/2013 20:05:24.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1559 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - drivers: deleted 318 bytes in 2 streams.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-01 to 2013-12-01 ))))))))))))))))))))))))))))
.
.
2013-12-01 21:40 . 2013-12-01 21:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\boost_interprocess
2013-12-01 19:38 . 2013-12-01 19:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-----w- C:\39569
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-sh--w- c:\documents and settings\Administrador\Dados de aplicativos\38c33
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-sh--w- c:\arquivos de programas\27c
2013-11-30 20:20 . 2013-11-30 20:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Wise PC 1stAid
2013-11-30 20:20 . 2013-11-30 20:20 -------- d-----w- c:\arquivos de programas\Wise
2013-11-28 22:13 . 2013-11-28 22:13 720082 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\unins001.exe
2013-11-12 22:08 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-01 22:09 . 2013-07-10 22:10 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2013-10-11 11:04 . 2011-08-12 17:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2ed"="c:\documents and settings\Administrador\Dados de aplicativos\38c33\2ed.js" [X]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"26ca"="c:\arquivos de programas\27c\26ca.js" [X]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"SWF Printer Agent"="c:\arquivos de programas\SWF Printer Pro\swfpagent.exe" [2007-06-14 90112]
"avast"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
"AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Wondershare Helper Compact.exe"="c:\arquivos de programas\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utilitário de Configuração de Rede Sem Fios TP-LINK.lnk - c:\arquivos de programas\TP-LINK\Utilitário de Configuração de Rede Sem Fios TP-LINK\TWCU.exe -nogui [2013-8-5 846848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-10-07 14:32 1487912 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-12-26 16:03 1652584 ------w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\IRPF2013.exe"=
"c:\\Documents and Settings\\Administrador\\Meus documentos\\Downloads\\u1210.exe"=
"c:\\Arquivos de programas\\SkypeWebPlugin\\SkypeWebPlugin.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\launch4j-tmp\\IRPF2013.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [9/8/2012 21:18 54912]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [12/7/2013 10:33 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [12/7/2013 10:33 177864]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [15/2/2013 18:01 47192]
R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [9/8/2012 21:18 146304]
R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [9/8/2012 21:18 23168]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [6/4/2012 13:39 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/6/2011 08:38 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/1/2008 05:01 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/1/2008 05:01 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12/7/2013 10:33 66336]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [15/2/2013 18:01 527720]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [22/9/2013 14:33 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/9/2013 14:33 22856]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTWlanU.sys [5/8/2013 12:06 1182480]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [22/9/2013 14:33 701512]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [25/7/2013 09:53 162672]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt --> e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe" --> c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe [?]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
S3 SwitchBoard;Adobe SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:04]
.
2012-06-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-MICROSOF-38FB4D-Administrador.job
- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-30 09:09]
.
2013-12-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-09 07:47]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
.
------- Scan Suplementar -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Enviar para o OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
TCP: DhcpNameServer = 172.16.0.1
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://nsalgar.acs.com.br/download/dolcontrol.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-01 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,06,7c,aa,7f,63,88,4e,90,0a,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,3b,e4,a8,79,c1,a9,4f,b2,b5,27,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,e8,df,09,64,06,e9,4a,b6,7c,06,\
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{763789DB-ECD9-3C3E-D795-E49D988DAE5B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eaenafdjfc"=hex:66,61,6f,70,62,70,68,68,64,6a,6a,64,00,31
"dafnfpnb"=hex:64,62,61,6c,68,6f,65,6f,6b,70,62,61,68,63,6f,6e,6c,6e,6e,69,66,
6a,69,70,63,65,65,66,64,6e,6d,66,69,70,66,6c,63,6f,6e,62,00,00
"iamkbaofijboacgdma"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,00
"hagllcpbfbmklbok"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,f0
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'explorer.exe'(1500)
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\ieframe.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\windows\system32\webcheck.dll
.
Tempo para conclusão: 2013-12-01 20:15:17
ComboFix-quarantined-files.txt 2013-12-01 22:15
ComboFix2.txt 2013-12-01 21:34
ComboFix3.txt 2013-12-01 20:25
ComboFix4.txt 2013-12-01 20:06
ComboFix5.txt 2013-12-01 22:04
.
Pré-execução: 21 pasta(s) 106.437.562.368 bytes disponíveis
Pós execução: 23 pasta(s) 106.424.143.872 bytes disponíveis
.
- - End Of File - - 704EE866760136FE2CDB74A365D5F8EC
239FC8B1C26D5286165A956F5A98D8D7
Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
Baixe o SystemLook (...de jpshortstuff) e salve-o no Desktop (Área de Trabalho)
*Execute-o e cole as linhas em marrom no espaço em branco:
:dir
C:\39569
*Clique [Look] e cole o relatório apresentado
madaraujo
Novo Membro
Registrado
35 Mensagens
1 Curtida
Segue relatório:
SystemLook 30.07.11 by jpshortstuff
Log created at 20:25 on 01/12/2013 by Administrador
Administrator - Elevation successful
========== dir ==========
C:\39569 - Parameters: "(none)"
---Files---
244 --a---- 10 bytes [14:33 01/12/2013] [22:02 01/12/2013]
2fcf2 --a---- 12 bytes [14:33 01/12/2013] [14:33 01/12/2013]
2fdf --a---- 10 bytes [14:33 01/12/2013] [14:33 01/12/2013]
303 --a---- 9 bytes [14:33 01/12/2013] [14:33 01/12/2013]
34343 --a---- 1 bytes [14:33 01/12/2013] [14:33 01/12/2013]
---Folders---
None found.
-= EOF =-
Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
Baixe o arquivo CFScript.txt e salve-o no Desktop
*Arraste-o para o Combofix conforme demonstrado abaixo:
*Enquanto o Combofix estiver em execução, não use o mouse nem o teclado!!
*Cole o relatório apresentado
madaraujo
Novo Membro
Registrado
35 Mensagens
1 Curtida
Segue relatório:
ComboFix 13-12-01.01 - Administrador 01/12/2013 20:05:24.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1559 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - drivers: deleted 318 bytes in 2 streams.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-01 to 2013-12-01 ))))))))))))))))))))))))))))
.
.
2013-12-01 21:40 . 2013-12-01 21:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\boost_interprocess
2013-12-01 19:38 . 2013-12-01 19:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-----w- C:\39569
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-sh--w- c:\documents and settings\Administrador\Dados de aplicativos\38c33
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-sh--w- c:\arquivos de programas\27c
2013-11-30 20:20 . 2013-11-30 20:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Wise PC 1stAid
2013-11-30 20:20 . 2013-11-30 20:20 -------- d-----w- c:\arquivos de programas\Wise
2013-11-28 22:13 . 2013-11-28 22:13 720082 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\unins001.exe
2013-11-12 22:08 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-01 22:09 . 2013-07-10 22:10 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2013-10-11 11:04 . 2011-08-12 17:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2ed"="c:\documents and settings\Administrador\Dados de aplicativos\38c33\2ed.js" [X]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"26ca"="c:\arquivos de programas\27c\26ca.js" [X]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"SWF Printer Agent"="c:\arquivos de programas\SWF Printer Pro\swfpagent.exe" [2007-06-14 90112]
"avast"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
"AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Wondershare Helper Compact.exe"="c:\arquivos de programas\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utilitário de Configuração de Rede Sem Fios TP-LINK.lnk - c:\arquivos de programas\TP-LINK\Utilitário de Configuração de Rede Sem Fios TP-LINK\TWCU.exe -nogui [2013-8-5 846848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-10-07 14:32 1487912 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-12-26 16:03 1652584 ------w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\IRPF2013.exe"=
"c:\\Documents and Settings\\Administrador\\Meus documentos\\Downloads\\u1210.exe"=
"c:\\Arquivos de programas\\SkypeWebPlugin\\SkypeWebPlugin.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\launch4j-tmp\\IRPF2013.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [9/8/2012 21:18 54912]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [12/7/2013 10:33 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [12/7/2013 10:33 177864]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [15/2/2013 18:01 47192]
R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [9/8/2012 21:18 146304]
R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [9/8/2012 21:18 23168]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [6/4/2012 13:39 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/6/2011 08:38 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/1/2008 05:01 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/1/2008 05:01 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12/7/2013 10:33 66336]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [15/2/2013 18:01 527720]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [22/9/2013 14:33 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/9/2013 14:33 22856]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTWlanU.sys [5/8/2013 12:06 1182480]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [22/9/2013 14:33 701512]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [25/7/2013 09:53 162672]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt --> e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe" --> c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe [?]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
S3 SwitchBoard;Adobe SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:04]
.
2012-06-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-MICROSOF-38FB4D-Administrador.job
- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-30 09:09]
.
2013-12-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-09 07:47]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
.
------- Scan Suplementar -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Enviar para o OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
TCP: DhcpNameServer = 172.16.0.1
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://nsalgar.acs.com.br/download/dolcontrol.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-01 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,06,7c,aa,7f,63,88,4e,90,0a,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,3b,e4,a8,79,c1,a9,4f,b2,b5,27,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,e8,df,09,64,06,e9,4a,b6,7c,06,\
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{763789DB-ECD9-3C3E-D795-E49D988DAE5B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eaenafdjfc"=hex:66,61,6f,70,62,70,68,68,64,6a,6a,64,00,31
"dafnfpnb"=hex:64,62,61,6c,68,6f,65,6f,6b,70,62,61,68,63,6f,6e,6c,6e,6e,69,66,
6a,69,70,63,65,65,66,64,6e,6d,66,69,70,66,6c,63,6f,6e,62,00,00
"iamkbaofijboacgdma"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,00
"hagllcpbfbmklbok"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,f0
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'explorer.exe'(1500)
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\ieframe.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\windows\system32\webcheck.dll
.
Tempo para conclusão: 2013-12-01 20:15:17
ComboFix-quarantined-files.txt 2013-12-01 22:15
ComboFix2.txt 2013-12-01 21:34
ComboFix3.txt 2013-12-01 20:25
ComboFix4.txt 2013-12-01 20:06
ComboFix5.txt 2013-12-01 22:04
.
Pré-execução: 21 pasta(s) 106.437.562.368 bytes disponíveis
Pós execução: 23 pasta(s) 106.424.143.872 bytes disponíveis
.
- - End Of File - - 704EE866760136FE2CDB74A365D5F8EC
239FC8B1C26D5286165A956F5A98D8D7
Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
Seu relatório está errado.
Leia atentamente o procedimento.
Nada foi feito...
madaraujo
Novo Membro
Registrado
35 Mensagens
1 Curtida
Desculpe acho que devo ter colado o primeiro log, segue atualizado com script que você enviou:
ComboFix 13-12-01.01 - Administrador 01/12/2013 20:57:40.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1518 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - drivers: deleted 310 bytes in 1 streams.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-01 to 2013-12-01 ))))))))))))))))))))))))))))
.
.
2013-12-01 21:40 . 2013-12-01 22:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\boost_interprocess
2013-12-01 19:38 . 2013-12-01 19:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-sh--w- c:\documents and settings\Administrador\Dados de aplicativos\38c33
2013-11-30 20:20 . 2013-11-30 20:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Wise PC 1stAid
2013-11-30 20:20 . 2013-11-30 20:20 -------- d-----w- c:\arquivos de programas\Wise
2013-11-28 22:13 . 2013-11-28 22:13 720082 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\unins001.exe
2013-11-12 22:08 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-01 22:57 . 2013-07-10 22:10 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2013-10-11 11:04 . 2011-08-12 17:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"SWF Printer Agent"="c:\arquivos de programas\SWF Printer Pro\swfpagent.exe" [2007-06-14 90112]
"avast"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
"AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Wondershare Helper Compact.exe"="c:\arquivos de programas\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utilitário de Configuração de Rede Sem Fios TP-LINK.lnk - c:\arquivos de programas\TP-LINK\Utilitário de Configuração de Rede Sem Fios TP-LINK\TWCU.exe -nogui [2013-8-5 846848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-10-07 14:32 1487912 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-12-26 16:03 1652584 ------w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\IRPF2013.exe"=
"c:\\Documents and Settings\\Administrador\\Meus documentos\\Downloads\\u1210.exe"=
"c:\\Arquivos de programas\\SkypeWebPlugin\\SkypeWebPlugin.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\launch4j-tmp\\IRPF2013.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [9/8/2012 21:18 54912]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [12/7/2013 10:33 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [12/7/2013 10:33 177864]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [15/2/2013 18:01 47192]
R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [9/8/2012 21:18 146304]
R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [9/8/2012 21:18 23168]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [6/4/2012 13:39 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/6/2011 08:38 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/1/2008 05:01 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/1/2008 05:01 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12/7/2013 10:33 66336]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [15/2/2013 18:01 527720]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [22/9/2013 14:33 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/9/2013 14:33 22856]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTWlanU.sys [5/8/2013 12:06 1182480]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [22/9/2013 14:33 701512]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [25/7/2013 09:53 162672]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt --> e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe" --> c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe [?]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
S3 SwitchBoard;Adobe SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:04]
.
2012-06-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-MICROSOF-38FB4D-Administrador.job
- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-30 09:09]
.
2013-12-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-09 07:47]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
.
------- Scan Suplementar -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Enviar para o OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
TCP: DhcpNameServer = 172.16.0.1
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://nsalgar.acs.com.br/download/dolcontrol.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-01 21:02
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,06,7c,aa,7f,63,88,4e,90,0a,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,3b,e4,a8,79,c1,a9,4f,b2,b5,27,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,e8,df,09,64,06,e9,4a,b6,7c,06,\
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{763789DB-ECD9-3C3E-D795-E49D988DAE5B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eaenafdjfc"=hex:66,61,6f,70,62,70,68,68,64,6a,6a,64,00,31
"dafnfpnb"=hex:64,62,61,6c,68,6f,65,6f,6b,70,62,61,68,63,6f,6e,6c,6e,6e,69,66,
6a,69,70,63,65,65,66,64,6e,6d,66,69,70,66,6c,63,6f,6e,62,00,00
"iamkbaofijboacgdma"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,00
"hagllcpbfbmklbok"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,f0
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'explorer.exe'(3672)
c:\windows\system32\ieframe.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
.
Tempo para conclusão: 2013-12-01 21:04:11
ComboFix-quarantined-files.txt 2013-12-01 23:04
ComboFix2.txt 2013-12-01 22:40
ComboFix3.txt 2013-12-01 22:15
ComboFix4.txt 2013-12-01 21:34
ComboFix5.txt 2013-12-01 22:56
.
Pré-execução: 21 pasta(s) 106.441.633.792 bytes disponíveis
Pós execução: 22 pasta(s) 106.420.432.896 bytes disponíveis
.
- - End Of File - - 9488E4FC087F6A7B1F96C0A66BE2E20E
239FC8B1C26D5286165A956F5A98D8D7
Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
Baixe o arquivo fix.zip
*Extraia o seu conteúdo e execute-o
*Informe se foi resolvido.
madaraujo
Novo Membro
Registrado
35 Mensagens
1 Curtida
Acredito que deu certo!
Gerenciador ok;
Parou as mensagens do avast,
Reiniciei tudo normal agora
Wings
Cyber Highlander
Registrado
20.3K Mensagens
1.2K Curtidas
Renomei o Combofix para Uninstall
*Execute-o, aguarde a mensagem ComboFix foi desinstalado e clique [OK]
*Delete o arquivo C:\Combofix.txt
Um abraço...
madaraujo
Novo Membro
Registrado
35 Mensagens
1 Curtida
Valeu Muito Obrigado Novamente!!!
Um abraço...