Jump to content



Foto

Possivel Malware?



Existem 4 respostas neste tópico

#1 pedrok3    

pedrok3
  • Participante
  • 5 mensagens

Publicado 27 December 2012 - 11:21 PM

Eai galera, hoje de manhã enfrentei 1 problema no meu computador.. rs.

Estava usando normal tranquilamente, ai desliguei fui dormir, quando acordei liguei o mesmo, e vim usar, eu clicava no google chrome e demorava quase 30segs pra abrir, certo.. tranquilo eu pensei que era o sobrecarregamento do meu PC, ai eu fui entrar no site da Uol e não consegui, demorava muito pra abrir, então desliguei meu Modem da GVT e liguei o meu da Via Embratel, o modem da gvt é 15MB a e da embratel é de 1Mb o da embratel abriu, só que MUITO lento, não carregava imagens e nem nada direito. Reiniciei o computador, e nada..

Tenho dois modens, então pensei comigo mesmo que não é 1 problema entre as duas operadoras.. e sim com o meu computador, ok. Abri o Kaspersky fiz 1 varredura no meu computador, e nada! Não achou sequer 1 virus, abri o SUPERAntiSpyware e nada, simplesmente alguns adsenses, fiz 1 teste com as 2 internets.. A de 15MB deu 15KBPS A TRANSFERENCIA, e a de 1 deu 9KBPS, como assim?

Fiz as 2 ultimas soluções desfragmentei o windows, e restaurei o sistema pro dia 21/01/2012. Deixei meu PC ligado e fui na casa dos meus tios e quando voltei, o computador estava³³³³³³³³³³³³³³³³³³³³³³³ lerdo, e minha internet aparentemente normal? como assim? alguém me explica essa situação? Estou pensando em 1 formatação.




#2 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65382 mensagens

Publicado 28 December 2012 - 08:06 AM

Para podermos ajudá-lo, siga integralmente o estabelecido neste "Tópico de procedimento padrão obrigatório do Fórum".

Logs do HijackThis ** leia antes de postar **

Após feitos os procedimentos, postar o Log do HijackThis para exame, aqui mesmo neste Tópico, clicando no segundo BOTÃO RESPONDER e aguarde novas instruções.
MillionMPV.gif

#3 pedrok3    

pedrok3
  • Participante
  • 5 mensagens

Publicado 29 December 2012 - 01:33 AM

Ai o Log

----------------------

 

ComboFix 12-12-28.02 - Usuario 29/12/2012   1:17.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.2012.1368 [GMT -2:00]
Executando de: c:\users\Usuario\Desktop\ComboFix.exe
AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\v9Soft\v9sof.exe
c:\programdata\396759231
c:\programdata\DynuEncrypt.dll
C:\test.txt
c:\users\Usuario\AppData\Roaming\csrs.exe
c:\windows\explorer.exe.local
c:\windows\system32\Config.ini
c:\windows\system32\Hook.dll
c:\windows\system32\main.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddsxeiservice
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2012-11-28 to 2012-12-29  ))))))))))))))))))))))))))))
.
.
2012-12-29 03:16 . 2012-12-29 03:16    56200    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C98F8D35-99DD-424F-80A3-2FA13D0647FA}\offreg.dll
2012-12-28 21:11 . 2012-12-28 21:11    --------    d-----w-    c:\program files\UniverseGamers
2012-12-27 15:27 . 2012-12-27 15:27    --------    d-----w-    c:\users\Usuario\AppData\Local\Macromedia
2012-12-26 23:32 . 2012-12-27 16:20    --------    d-----w-    c:\users\Usuario\groundation
2012-12-26 10:16 . 2012-02-23 16:23    210080    -c----w-    c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_92e71b6781ec1f48584ee61d478eaf224ed957_cab_78ce982b\snxhk.dll
2012-12-25 13:01 . 2012-12-25 13:10    --------    d-----w-    C:\FFOutput
2012-12-25 12:58 . 2012-12-27 23:43    --------    d-----w-    c:\program files\FreeTime
2012-12-25 12:47 . 2012-12-25 12:47    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2012-12-25 12:43 . 2012-12-25 12:43    89944    ----a-w-    c:\program files\Common Files\Windows Live\.cache\7b0214101cde29d07\DSETUP.dll
2012-12-25 12:43 . 2012-12-25 12:43    537432    ----a-w-    c:\program files\Common Files\Windows Live\.cache\7b0214101cde29d07\DXSETUP.exe
2012-12-25 12:43 . 2012-12-25 12:43    1801048    ----a-w-    c:\program files\Common Files\Windows Live\.cache\7b0214101cde29d07\dsetup32.dll
2012-12-25 12:43 . 2012-12-25 12:43    94040    ----a-w-    c:\program files\Common Files\Windows Live\.cache\728170b11cde29d04\DSETUP.dll
2012-12-25 12:43 . 2012-12-25 12:43    525656    ----a-w-    c:\program files\Common Files\Windows Live\.cache\728170b11cde29d04\DXSETUP.exe
2012-12-25 12:43 . 2012-12-25 12:43    1691480    ----a-w-    c:\program files\Common Files\Windows Live\.cache\728170b11cde29d04\dsetup32.dll
2012-12-25 12:43 . 2012-12-25 12:43    89944    ----a-w-    c:\program files\Common Files\Windows Live\.cache\6b59ab9f1cde29d03\DSETUP.dll
2012-12-25 12:43 . 2012-12-25 12:43    537432    ----a-w-    c:\program files\Common Files\Windows Live\.cache\6b59ab9f1cde29d03\DXSETUP.exe
2012-12-25 12:43 . 2012-12-25 12:43    1801048    ----a-w-    c:\program files\Common Files\Windows Live\.cache\6b59ab9f1cde29d03\dsetup32.dll
2012-12-25 12:33 . 2012-12-25 12:33    --------    d-----w-    c:\users\Usuario\AppData\Roaming\VideoEditor
2012-12-25 12:30 . 2012-07-03 15:40    75264    ----a-w-    c:\windows\system32\mslvddsfilter2.ax
2012-12-25 12:30 . 2012-12-25 12:30    --------    d-----w-    c:\program files\Common Files\FlashIntegro
2012-12-25 12:30 . 2004-09-06 18:06    53248    ----a-w-    c:\windows\system32\xvid.ax
2012-12-25 12:30 . 2004-02-04 23:11    81920    ----a-w-    c:\windows\system32\AC3ACM.acm
2012-12-25 12:30 . 2003-05-22 01:50    82944    ----a-w-    c:\windows\system32\vct3216.acm
2012-12-25 12:30 . 2003-05-22 01:50    24576    ----a-w-    c:\windows\system32\msxml3a.dll
2012-12-25 12:30 . 2003-05-22 01:50    38912    ----a-w-    c:\windows\system32\alf2cd.acm
2012-12-25 12:30 . 2003-05-22 01:50    261632    ----a-w-    c:\windows\system32\mcdvd_32.dll
2012-12-25 12:30 . 2003-03-25 07:49    98304    ----a-w-    c:\windows\system32\L3CODECX.AX
2012-12-25 12:30 . 2002-08-20 02:41    413760    ----a-w-    c:\windows\system32\mpg4c32.dll
2012-12-25 12:30 . 2000-03-14 22:55    13239    ----a-w-    c:\windows\system32\Scg726.acm
2012-12-25 12:01 . 2012-12-25 12:18    --------    d-----w-    c:\users\Usuario\AppData\Local\Ashampoo Video Styler
2012-12-25 11:31 . 2012-12-27 23:37    --------    d-----w-    c:\programdata\Sony
2012-12-25 11:30 . 2012-12-27 23:37    --------    d-----w-    c:\program files\Sony
2012-12-25 11:27 . 2012-12-25 11:27    --------    d-----w-    c:\program files\Sony Setup
2012-12-25 11:03 . 2005-08-26 00:10    9804    ----a-w-    c:\windows\system\vdremote.dll
2012-12-25 11:03 . 2005-08-26 00:09    7244    ----a-w-    c:\windows\system\vdsvrlnk.dll
2012-12-25 10:39 . 2012-12-27 16:20    --------    d-----w-    C:\Fraps
2012-12-21 00:16 . 2012-12-21 00:16    --------    d-----w-    c:\users\Usuario\alborosie
2012-12-20 23:57 . 2012-12-27 23:56    --------    d-----w-    c:\program files\Windows Live
2012-12-20 23:34 . 2012-12-20 23:34    --------    d-----w-    c:\windows\PCHEALTH
2012-12-20 23:28 . 2012-12-27 16:20    --------    d-----w-    c:\program files\Add Remove Pro
2012-12-20 23:24 . 2012-08-21 17:01    541008    ----a-w-    c:\windows\system32\uxcontacts.dll
2012-12-20 23:23 . 2012-11-01 17:09    3164008    ----a-w-    c:\windows\system32\uxctl.dll
2012-12-20 23:22 . 2012-10-25 12:09    80320    ----a-w-    c:\windows\system32\wldcore.dll
2012-12-20 23:20 . 2012-08-24 12:58    2568128    ----a-w-    c:\windows\system32\uxcore.dll
2012-12-20 22:57 . 2012-12-20 22:57    31600    ----a-w-    c:\windows\system32\wldlog.dll
2012-12-04 17:13 . 2011-03-27 22:54    1064960    -c----w-    c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_b7d59ba77cdf5c8d9df5534e611126a38434e1_cab_0964ea6f\NyxLauncher.exe
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-29 02:17 . 2012-10-14 16:48    853504    ----a-w-    c:\windows\Guntoy.dll
2012-12-17 08:59 . 2011-06-10 13:26    73656    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-16 05:58 . 2012-10-14 17:11    815616    ----a-w-    c:\windows\Guntoy2.dll
2012-11-06 00:32 . 2012-11-06 00:32    93672    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2012-11-06 00:32 . 2012-07-07 20:15    821736    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-11-06 00:32 . 2011-07-16 12:40    746984    ----a-w-    c:\windows\system32\deployJava1.dll
2012-12-28 23:25 . 2012-12-28 23:25    262112    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C385276-1AB4-5E0A-C907-A4DCAF1CF456}]
2012-07-18 16:15    140800    ----a-w-    c:\programdata\DownloadnSave\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DE0953E-490E-4D6F-BDDA-0516C372F3AF}]
2012-01-13 10:08    93088    ----a-w-    c:\windows\System32\v9loader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{742E70CF-7770-412d-86CB-230B322E807C}"= "c:\windows\system32\v9-toolbar.dll" [2012-01-13 567200]
.
[HKEY_CLASSES_ROOT\clsid\{742e70cf-7770-412d-86cb-230b322e807c}]
[HKEY_CLASSES_ROOT\V9_ToolBar.V9_ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{4CB82F8A-DC54-4be9-A5A4-CE8BF8F2962A}]
[HKEY_CLASSES_ROOT\V9_ToolBar.V9_ToolBar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{742E70CF-7770-412D-86CB-230B322E807C}"= "c:\windows\system32\v9-toolbar.dll" [2012-01-13 567200]
.
[HKEY_CLASSES_ROOT\clsid\{742e70cf-7770-412d-86cb-230b322e807c}]
[HKEY_CLASSES_ROOT\V9_ToolBar.V9_ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{4CB82F8A-DC54-4be9-A5A4-CE8BF8F2962A}]
[HKEY_CLASSES_ROOT\V9_ToolBar.V9_ToolBar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23    123536    ----a-w-    c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-20 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-20 169496]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-02-23 4031368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2012-7-20 2666296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\23796~1.11\{16CDF~1\browsemngr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk]
path=c:\users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk
backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Free]
0 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-07-20 12:15    3329824    ----a-w-    c:\users\Usuario\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2012-07-20 12:15    800768    ----a-w-    c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 13:27    17877168    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 11:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 Browser Manager;Browser Manager; [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 apf001;apf001;c:\windows\system32\apf001.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [x]
R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
R3 XDva393;XDva393;c:\windows\system32\XDva393.sys [x]
R3 XDva394;XDva394;c:\windows\system32\XDva394.sys [x]
R3 XDva399;XDva399;c:\windows\system32\XDva399.sys [x]
R3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\DRIVERS\ZTEusbdvbh.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-17 08:59]
.
.
------- Scan Suplementar -------
.
uStart Page =
mStart Page = hxxp://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Usuario\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 187.122.127.34 187.122.127.35 187.122.127.36
TCP: Interfaces\{9887CD89-68FB-4FED-BFB5-3CCC80B2FFFC}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\6cwndhmg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal
FF - prefs.js: network.proxy.type - 0
user_pref('extensions.dealply.partner', 'vn');
user_pref('extensions.dealply.channel', 'pcdealply');
user_pref('extensions.dealply.installId', '692975984132630710052602527714931613731010');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '0');
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQGnornbs&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 129379740000000000001c6f65f3e576
FF - user.js: extensions.incredibar_i.instlDay - 15564
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:44
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQGnornbs
FF - user.js: extensions.incredibar_i.upn2n - 92543395664039530
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 34%5F6
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0FtA0EyDyByCyBzyyByEtN0D0Tzu0StByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1550068217
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0FtA0EyDyByCyBzyyByEtN0D0Tzu0StByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1550068217
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0FtA0EyDyByCyBzyyByEtN0D0Tzu0StByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1550068217&q=
FF - user.js: extensions.funmoods.id - 1C6F65F3E5767974
FF - user.js: extensions.funmoods.instlDay - 15587
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2219:26
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ironpub
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - ironpub
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=129379740000000000001c6f65f3e576&q=
FF - user.js: extensions.BabylonToolbar.id - 129379740000000000001c6f65f3e576
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15657
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.816:38
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110824&tt=4612_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - ORFÃOS REMOVIDOS - - - -
.
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-Facebook Update - c:\users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-ManyCam - c:\program files\ManyCam\Bin\ManyCam.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-V9Software - c:\program files\v9Soft\v9sof.exe
AddRemove-hao123desk-international - c:\users\Usuario\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1099.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'Explorer.exe'(3884)
c:\program files\Microsoft Office\Office12\1046\GrooveIntlResource.dll
c:\windows\System32\NLSData0416.dll
c:\program files\Windows Photo Viewer\PhotoViewer.dll
c:\windows\system32\d3d9.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-12-29  01:54:03 - Máquina reiniciou
ComboFix-quarantined-files.txt  2012-12-29 03:53
.
Pré-execução: 55.611.154.432 bytes disponíveis
Pós execução: 55.134.494.720 bytes disponíveis
.
- - End Of File - - F299C8B8D254F3A225FB37C7D77A4E23
 



#4 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65382 mensagens

Publicado 29 December 2012 - 09:14 AM

Foi solicitado o Log do HijackThis e não o do ComboFix................


MillionMPV.gif

#5 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65382 mensagens

Publicado 01 January 2013 - 10:52 AM

O PC está infectado...


MillionMPV.gif