Logo Hardware.com.br
madaraujo
madaraujo Novo Membro Registrado
35 Mensagens 1 Curtida

Ajuda com Combofix

#1 Por madaraujo 01/12/2013 - 19:51
Olá boa Noite! Já utilizei combofix e também o AdwCleaner para limpar meu XP só que continua bloquear o gerenciador de tarefas toda vez que reinicia e as mensagens do avast de url maliciosa são startada direto eu sei que tem que gerar um script através do relatório do combofix mas eu não sei fazer este procedimento alguém pode me ajudar?
obrigado
boa download http xplode noite utilizei combofix adwcleaner
madaraujo
madaraujo Novo Membro Registrado
35 Mensagens 1 Curtida
#3 Por madaraujo
01/12/2013 - 20:18
Segue relatório atualizado:
ComboFix 13-12-01.01 - Administrador 01/12/2013 20:05:24.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1559 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - drivers: deleted 318 bytes in 2 streams.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-01 to 2013-12-01 ))))))))))))))))))))))))))))
.
.
2013-12-01 21:40 . 2013-12-01 21:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\boost_interprocess
2013-12-01 19:38 . 2013-12-01 19:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-----w- C:\39569
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-sh--w- c:\documents and settings\Administrador\Dados de aplicativos\38c33
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-sh--w- c:\arquivos de programas\27c
2013-11-30 20:20 . 2013-11-30 20:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Wise PC 1stAid
2013-11-30 20:20 . 2013-11-30 20:20 -------- d-----w- c:\arquivos de programas\Wise
2013-11-28 22:13 . 2013-11-28 22:13 720082 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\unins001.exe
2013-11-12 22:08 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-01 22:09 . 2013-07-10 22:10 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2013-10-11 11:04 . 2011-08-12 17:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2ed"="c:\documents and settings\Administrador\Dados de aplicativos\38c33\2ed.js" [X]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"26ca"="c:\arquivos de programas\27c\26ca.js" [X]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"SWF Printer Agent"="c:\arquivos de programas\SWF Printer Pro\swfpagent.exe" [2007-06-14 90112]
"avast"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
"AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Wondershare Helper Compact.exe"="c:\arquivos de programas\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utilitário de Configuração de Rede Sem Fios TP-LINK.lnk - c:\arquivos de programas\TP-LINK\Utilitário de Configuração de Rede Sem Fios TP-LINK\TWCU.exe -nogui [2013-8-5 846848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-10-07 14:32 1487912 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-12-26 16:03 1652584 ------w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\IRPF2013.exe"=
"c:\\Documents and Settings\\Administrador\\Meus documentos\\Downloads\\u1210.exe"=
"c:\\Arquivos de programas\\SkypeWebPlugin\\SkypeWebPlugin.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\launch4j-tmp\\IRPF2013.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [9/8/2012 21:18 54912]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [12/7/2013 10:33 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [12/7/2013 10:33 177864]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [15/2/2013 18:01 47192]
R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [9/8/2012 21:18 146304]
R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [9/8/2012 21:18 23168]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [6/4/2012 13:39 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/6/2011 08:38 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/1/2008 05:01 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/1/2008 05:01 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12/7/2013 10:33 66336]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [15/2/2013 18:01 527720]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [22/9/2013 14:33 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/9/2013 14:33 22856]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTWlanU.sys [5/8/2013 12:06 1182480]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [22/9/2013 14:33 701512]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [25/7/2013 09:53 162672]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt --> e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe" --> c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe [?]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
S3 SwitchBoard;Adobe SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:04]
.
2012-06-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-MICROSOF-38FB4D-Administrador.job
- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-30 09:09]
.
2013-12-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-09 07:47]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
.
------- Scan Suplementar -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Enviar para o OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
TCP: DhcpNameServer = 172.16.0.1
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://nsalgar.acs.com.br/download/dolcontrol.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-01 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,06,7c,aa,7f,63,88,4e,90,0a,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,3b,e4,a8,79,c1,a9,4f,b2,b5,27,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,e8,df,09,64,06,e9,4a,b6,7c,06,\
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{763789DB-ECD9-3C3E-D795-E49D988DAE5B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eaenafdjfc"=hex:66,61,6f,70,62,70,68,68,64,6a,6a,64,00,31
"dafnfpnb"=hex:64,62,61,6c,68,6f,65,6f,6b,70,62,61,68,63,6f,6e,6c,6e,6e,69,66,
6a,69,70,63,65,65,66,64,6e,6d,66,69,70,66,6c,63,6f,6e,62,00,00
"iamkbaofijboacgdma"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,00
"hagllcpbfbmklbok"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,f0
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'explorer.exe'(1500)
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\ieframe.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\windows\system32\webcheck.dll
.
Tempo para conclusão: 2013-12-01 20:15:17
ComboFix-quarantined-files.txt 2013-12-01 22:15
ComboFix2.txt 2013-12-01 21:34
ComboFix3.txt 2013-12-01 20:25
ComboFix4.txt 2013-12-01 20:06
ComboFix5.txt 2013-12-01 22:04
.
Pré-execução: 21 pasta(s) 106.437.562.368 bytes disponíveis
Pós execução: 23 pasta(s) 106.424.143.872 bytes disponíveis
.
- - End Of File - - 704EE866760136FE2CDB74A365D5F8EC
239FC8B1C26D5286165A956F5A98D8D7
madaraujo
madaraujo Novo Membro Registrado
35 Mensagens 1 Curtida
#5 Por madaraujo
01/12/2013 - 20:26
Segue relatório:
SystemLook 30.07.11 by jpshortstuff
Log created at 20:25 on 01/12/2013 by Administrador
Administrator - Elevation successful

========== dir ==========

C:\39569 - Parameters: "(none)"

---Files---
244 --a---- 10 bytes [14:33 01/12/2013] [22:02 01/12/2013]
2fcf2 --a---- 12 bytes [14:33 01/12/2013] [14:33 01/12/2013]
2fdf --a---- 10 bytes [14:33 01/12/2013] [14:33 01/12/2013]
303 --a---- 9 bytes [14:33 01/12/2013] [14:33 01/12/2013]
34343 --a---- 1 bytes [14:33 01/12/2013] [14:33 01/12/2013]

---Folders---
None found.

-= EOF =-
madaraujo
madaraujo Novo Membro Registrado
35 Mensagens 1 Curtida
#7 Por madaraujo
01/12/2013 - 20:41
Segue relatório:
ComboFix 13-12-01.01 - Administrador 01/12/2013 20:05:24.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1559 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - drivers: deleted 318 bytes in 2 streams.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-01 to 2013-12-01 ))))))))))))))))))))))))))))
.
.
2013-12-01 21:40 . 2013-12-01 21:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\boost_interprocess
2013-12-01 19:38 . 2013-12-01 19:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-----w- C:\39569
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-sh--w- c:\documents and settings\Administrador\Dados de aplicativos\38c33
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-sh--w- c:\arquivos de programas\27c
2013-11-30 20:20 . 2013-11-30 20:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Wise PC 1stAid
2013-11-30 20:20 . 2013-11-30 20:20 -------- d-----w- c:\arquivos de programas\Wise
2013-11-28 22:13 . 2013-11-28 22:13 720082 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\unins001.exe
2013-11-12 22:08 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-01 22:09 . 2013-07-10 22:10 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2013-10-11 11:04 . 2011-08-12 17:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2ed"="c:\documents and settings\Administrador\Dados de aplicativos\38c33\2ed.js" [X]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"26ca"="c:\arquivos de programas\27c\26ca.js" [X]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"SWF Printer Agent"="c:\arquivos de programas\SWF Printer Pro\swfpagent.exe" [2007-06-14 90112]
"avast"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
"AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Wondershare Helper Compact.exe"="c:\arquivos de programas\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utilitário de Configuração de Rede Sem Fios TP-LINK.lnk - c:\arquivos de programas\TP-LINK\Utilitário de Configuração de Rede Sem Fios TP-LINK\TWCU.exe -nogui [2013-8-5 846848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-10-07 14:32 1487912 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-12-26 16:03 1652584 ------w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\IRPF2013.exe"=
"c:\\Documents and Settings\\Administrador\\Meus documentos\\Downloads\\u1210.exe"=
"c:\\Arquivos de programas\\SkypeWebPlugin\\SkypeWebPlugin.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\launch4j-tmp\\IRPF2013.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [9/8/2012 21:18 54912]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [12/7/2013 10:33 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [12/7/2013 10:33 177864]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [15/2/2013 18:01 47192]
R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [9/8/2012 21:18 146304]
R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [9/8/2012 21:18 23168]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [6/4/2012 13:39 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/6/2011 08:38 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/1/2008 05:01 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/1/2008 05:01 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12/7/2013 10:33 66336]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [15/2/2013 18:01 527720]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [22/9/2013 14:33 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/9/2013 14:33 22856]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTWlanU.sys [5/8/2013 12:06 1182480]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [22/9/2013 14:33 701512]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [25/7/2013 09:53 162672]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt --> e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe" --> c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe [?]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
S3 SwitchBoard;Adobe SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:04]
.
2012-06-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-MICROSOF-38FB4D-Administrador.job
- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-30 09:09]
.
2013-12-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-09 07:47]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
.
------- Scan Suplementar -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Enviar para o OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
TCP: DhcpNameServer = 172.16.0.1
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://nsalgar.acs.com.br/download/dolcontrol.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-01 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,06,7c,aa,7f,63,88,4e,90,0a,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,3b,e4,a8,79,c1,a9,4f,b2,b5,27,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,e8,df,09,64,06,e9,4a,b6,7c,06,\
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{763789DB-ECD9-3C3E-D795-E49D988DAE5B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eaenafdjfc"=hex:66,61,6f,70,62,70,68,68,64,6a,6a,64,00,31
"dafnfpnb"=hex:64,62,61,6c,68,6f,65,6f,6b,70,62,61,68,63,6f,6e,6c,6e,6e,69,66,
6a,69,70,63,65,65,66,64,6e,6d,66,69,70,66,6c,63,6f,6e,62,00,00
"iamkbaofijboacgdma"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,00
"hagllcpbfbmklbok"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,f0
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'explorer.exe'(1500)
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\ieframe.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\windows\system32\webcheck.dll
.
Tempo para conclusão: 2013-12-01 20:15:17
ComboFix-quarantined-files.txt 2013-12-01 22:15
ComboFix2.txt 2013-12-01 21:34
ComboFix3.txt 2013-12-01 20:25
ComboFix4.txt 2013-12-01 20:06
ComboFix5.txt 2013-12-01 22:04
.
Pré-execução: 21 pasta(s) 106.437.562.368 bytes disponíveis
Pós execução: 23 pasta(s) 106.424.143.872 bytes disponíveis
.
- - End Of File - - 704EE866760136FE2CDB74A365D5F8EC
239FC8B1C26D5286165A956F5A98D8D7
madaraujo
madaraujo Novo Membro Registrado
35 Mensagens 1 Curtida
#9 Por madaraujo
01/12/2013 - 21:07
Desculpe acho que devo ter colado o primeiro log, segue atualizado com script que você enviou:
ComboFix 13-12-01.01 - Administrador 01/12/2013 20:57:40.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1518 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - drivers: deleted 310 bytes in 1 streams.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-01 to 2013-12-01 ))))))))))))))))))))))))))))
.
.
2013-12-01 21:40 . 2013-12-01 22:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\boost_interprocess
2013-12-01 19:38 . 2013-12-01 19:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-01 14:33 . 2013-12-01 14:33 -------- d-sh--w- c:\documents and settings\Administrador\Dados de aplicativos\38c33
2013-11-30 20:20 . 2013-11-30 20:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Wise PC 1stAid
2013-11-30 20:20 . 2013-11-30 20:20 -------- d-----w- c:\arquivos de programas\Wise
2013-11-28 22:13 . 2013-11-28 22:13 720082 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\unins001.exe
2013-11-12 22:08 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-01 22:57 . 2013-07-10 22:10 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2013-10-11 11:04 . 2011-08-12 17:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"SWF Printer Agent"="c:\arquivos de programas\SWF Printer Pro\swfpagent.exe" [2007-06-14 90112]
"avast"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
"AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Wondershare Helper Compact.exe"="c:\arquivos de programas\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utilitário de Configuração de Rede Sem Fios TP-LINK.lnk - c:\arquivos de programas\TP-LINK\Utilitário de Configuração de Rede Sem Fios TP-LINK\TWCU.exe -nogui [2013-8-5 846848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-10-07 14:32 1487912 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-12-26 16:03 1652584 ------w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\IRPF2013.exe"=
"c:\\Documents and Settings\\Administrador\\Meus documentos\\Downloads\\u1210.exe"=
"c:\\Arquivos de programas\\SkypeWebPlugin\\SkypeWebPlugin.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\launch4j-tmp\\IRPF2013.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [9/8/2012 21:18 54912]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [12/7/2013 10:33 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [12/7/2013 10:33 177864]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [15/2/2013 18:01 47192]
R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [9/8/2012 21:18 146304]
R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [9/8/2012 21:18 23168]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [6/4/2012 13:39 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/6/2011 08:38 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/1/2008 05:01 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/1/2008 05:01 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12/7/2013 10:33 66336]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [15/2/2013 18:01 527720]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [22/9/2013 14:33 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/9/2013 14:33 22856]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTWlanU.sys [5/8/2013 12:06 1182480]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [22/9/2013 14:33 701512]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [25/7/2013 09:53 162672]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt --> e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe" --> c:\arquivos de programas\McAfee Security Scan\3.0.285\McCHSvc.exe [?]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [10/7/2013 20:10 31088]
S3 SwitchBoard;Adobe SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:04]
.
2012-06-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-MICROSOF-38FB4D-Administrador.job
- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-30 09:09]
.
2013-12-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-09 07:47]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-31 11:51]
.
.
------- Scan Suplementar -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Enviar para o OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
TCP: DhcpNameServer = 172.16.0.1
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://nsalgar.acs.com.br/download/dolcontrol.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-01 21:02
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\caseprogramas\CaseReilla\Programas Básicos\EVEREST Ultimate Edition 4.20\kerneld.wnt"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,06,7c,aa,7f,63,88,4e,90,0a,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,3b,e4,a8,79,c1,a9,4f,b2,b5,27,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,e8,df,09,64,06,e9,4a,b6,7c,06,\
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-854245398-1284227242-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{763789DB-ECD9-3C3E-D795-E49D988DAE5B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eaenafdjfc"=hex:66,61,6f,70,62,70,68,68,64,6a,6a,64,00,31
"dafnfpnb"=hex:64,62,61,6c,68,6f,65,6f,6b,70,62,61,68,63,6f,6e,6c,6e,6e,69,66,
6a,69,70,63,65,65,66,64,6e,6d,66,69,70,66,6c,63,6f,6e,62,00,00
"iamkbaofijboacgdma"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,00
"hagllcpbfbmklbok"=hex:6a,61,69,6c,68,6f,68,66,6d,66,65,69,68,61,6c,64,66,6e,
65,6b,00,f0
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'explorer.exe'(3672)
c:\windows\system32\ieframe.dll
c:\arquivos de programas\GbPlugin\gbiehcef.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
.
Tempo para conclusão: 2013-12-01 21:04:11
ComboFix-quarantined-files.txt 2013-12-01 23:04
ComboFix2.txt 2013-12-01 22:40
ComboFix3.txt 2013-12-01 22:15
ComboFix4.txt 2013-12-01 21:34
ComboFix5.txt 2013-12-01 22:56
.
Pré-execução: 21 pasta(s) 106.441.633.792 bytes disponíveis
Pós execução: 22 pasta(s) 106.420.432.896 bytes disponíveis
.
- - End Of File - - 9488E4FC087F6A7B1F96C0A66BE2E20E
239FC8B1C26D5286165A956F5A98D8D7
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal