Ir para conteúdo
Entre para seguir isso  
kinhaheart

Análise de LOG

Mensagem Recomendada

Bom dia, a umas semanas atrás apareceu uma atualização do java para eu fazer, nomeada de jucheck.exe para ser instalada no system.32.

Como sou leiga no assunto, num primeiro momento cliquei em instalar, pensando se tratar realmente de uma simples atualização, mas normalmente após se instalar esse notificação sairia, mas toda hora aparece pra eu fazê-la de novo. Pesquisando na internet, vi que se trata de um malware, gostaria que me ajudassem a resolver isso. :)

Se o LOG:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:13:54, on 22/12/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CyberLink\YouCam\YouCamService.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files\CyberLink\YouCam\YouCamService.exe" /s

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Jéssica\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jéssica\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS1\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS2\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 6991 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log MBAM

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.12.22.03

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Jéssica :: JESSICA [administrador]

22/12/2012 12:21:42

mbam-log-2012-12-22 (12-21-42).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 195985

Tempo decorrido: 5 minuto(s), 15 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

_____________________________________________

Log HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:30:40, on 22/12/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CyberLink\YouCam\YouCamService.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files\CyberLink\YouCam\YouCamService.exe" /s

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Jéssica\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jéssica\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS1\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS2\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 6554 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE:Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-12-22.01 - Jéssica 22/12/2012 13:27:24.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2009.1136 [GMT -2:00]

Executando de: c:\users\JÚssica\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\muzapp.exe

c:\windows\system32\roboot.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-22 to 2012-12-22 ))))))))))))))))))))))))))))

.

.

2012-12-22 15:35 . 2012-12-22 15:36 -------- d-----w- c:\users\Jéssica\AppData\Local\temp

2012-12-22 15:35 . 2012-12-22 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-22 15:22 . 2012-12-22 15:22 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E5109F5-5C6A-4850-9ACB-553814939DB0}\MpKsl47abf02c.sys

2012-12-22 14:27 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E5109F5-5C6A-4850-9ACB-553814939DB0}\mpengine.dll

2012-12-22 12:42 . 2012-12-22 12:42 -------- d-----w- c:\users\Jéssica\AppData\Local\{BC1BB98F-5524-4607-8CB1-54237B1D1773}

2012-12-21 22:24 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 22:24 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 14:34 . 2012-12-21 14:34 -------- d-----w- c:\users\Jéssica\AppData\Local\{FADE13A5-3145-430E-AD56-47550C52B864}

2012-12-21 13:24 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-18 15:20 . 2012-12-18 15:20 -------- d-----w- c:\program files\Topaz Labs LLC

2012-12-18 14:38 . 2012-12-18 14:38 -------- d-----w- c:\users\Jéssica\AppData\Local\{01A2ED32-347D-433D-87A1-DD2F2C092FFB}

2012-12-18 00:44 . 2012-12-18 00:44 -------- d-----w- c:\users\Jéssica\AppData\Local\{BC9FACBE-FA0C-4271-939D-3075FA9EF14A}

2012-12-16 15:48 . 2012-12-16 15:48 -------- d-----w- c:\users\Jéssica\AppData\Local\{3A4552BD-1416-42AC-B78D-7D2F9139708A}

2012-12-16 02:11 . 2012-12-16 02:12 -------- d-----w- c:\users\Jéssica\AppData\Local\{6F909B4A-CBBA-4F47-AC6D-DB0C9BA427D8}

2012-12-14 18:06 . 2012-12-14 18:08 237568 ----a-w- c:\windows\system32\glut32.dll

2012-12-14 13:20 . 2012-12-14 13:20 -------- d-----w- c:\users\Jéssica\AppData\Local\{52D6C44E-A8FB-422E-865D-A23357340681}

2012-12-12 16:10 . 2012-12-12 16:10 -------- d-----w- c:\users\Jéssica\AppData\Local\{67D94C70-4CCF-4CAD-97E5-11515A29815C}

2012-12-12 11:08 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 11:08 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 01:52 . 2012-12-12 01:52 -------- d-----w- c:\users\Jéssica\AppData\Local\{F9EF322B-3266-4D2C-8DD2-11F9DE5F26B3}

2012-12-11 13:52 . 2012-12-11 13:52 -------- d-----w- c:\users\Jéssica\AppData\Local\{45051F20-5AA2-474F-A8BF-C8F03064D6B6}

2012-12-10 14:00 . 2012-12-10 14:00 -------- d-----w- c:\users\Jéssica\AppData\Local\{151C8507-EC2A-4219-B0B3-7969DD5881A1}

2012-12-09 22:59 . 2012-12-09 22:59 -------- d-----w- c:\users\Jéssica\AppData\Local\{6691BEA1-B38C-49E4-8F58-0D5E8D45BE41}

2012-12-08 12:53 . 2012-12-08 12:53 -------- d-----w- c:\users\Jéssica\AppData\Local\{97AA0389-6AD8-4979-A50C-F99B7E5B46FB}

2012-12-08 00:52 . 2012-12-08 00:53 -------- d-----w- c:\users\Jéssica\AppData\Local\{5F51C75D-7E61-4FEE-8E9D-7172A0EA1F20}

2012-12-07 00:41 . 2012-12-07 00:41 -------- d-----w- c:\users\Jéssica\AppData\Local\{1DCD0BEE-A3B1-4CEE-8ED0-A29D168A94F0}

2012-12-05 14:15 . 2012-12-05 14:15 -------- d-----w- c:\users\Jéssica\AppData\Local\{967302FB-ABB2-4FCE-8DFB-C0D97706FDBF}

2012-12-04 18:18 . 2012-12-04 18:18 -------- d-----w- c:\users\Jéssica\AppData\Local\{BED3D4AB-643D-4D8A-9019-E3AACFD800CA}

2012-12-03 15:06 . 2012-12-03 15:06 -------- d-----w- c:\program files\Common Files\Skype

2012-12-03 15:06 . 2012-12-03 15:06 -------- d-----r- c:\program files\Skype

2012-12-03 12:05 . 2012-12-03 12:05 -------- d-----w- c:\users\Jéssica\AppData\Local\{513E286D-1529-43F5-A6D2-2492C3DC56DF}

2012-12-02 14:10 . 2012-12-02 14:10 -------- d-----w- c:\users\Jéssica\AppData\Local\{4606787B-A8DF-4EDC-B295-53C237568AA2}

2012-12-01 15:53 . 2012-12-01 15:53 -------- d-----w- c:\users\Jéssica\AppData\Local\{2EC2D4E6-32CB-4F09-BAFD-43B74609EB34}

2012-11-30 23:54 . 2012-11-30 23:54 -------- d-----w- c:\users\Jéssica\AppData\Local\{2A3720D3-E8DA-4AD3-8C44-7E1081DD651F}

2012-11-30 00:55 . 2012-11-30 00:55 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{716A7905-4571-44BE-97F2-2370ED29EBDD}\gapaengine.dll

2012-11-28 17:20 . 2012-11-28 17:20 -------- d-----w- c:\users\Jéssica\AppData\Local\{FA4481C7-0860-4451-820F-F1BF18482395}

2012-11-26 13:22 . 2012-11-26 13:22 -------- d-----w- c:\users\Jéssica\AppData\Local\{122A9116-4EB6-4272-85B5-C955F3D0E5DF}

2012-11-25 11:09 . 2012-11-25 11:09 -------- d-----w- c:\users\Jéssica\AppData\Local\{5742AEAA-3422-4C98-968A-CDD8B806E65C}

2012-11-24 23:07 . 2012-11-24 23:07 -------- d-----w- c:\users\Jéssica\AppData\Local\{405150BE-9C24-42FB-9771-EE2A9E501F50}

2012-11-23 18:28 . 2012-11-23 18:28 -------- d-----w- c:\users\Jéssica\AppData\Local\{EA475D8A-2091-4B5C-877B-0E46F1A8FE4A}

2012-11-22 23:19 . 2012-11-22 23:19 -------- d-----w- c:\users\Jéssica\AppData\Local\{443BD8D4-FF63-4754-A5EF-5C517E6B86C1}

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 16:43 . 2012-07-26 22:47 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 16:43 . 2012-07-26 22:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-16 07:39 . 2012-11-28 01:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 17:40 . 2012-11-14 10:49 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-14 10:49 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-03 16:58 . 2012-11-14 10:54 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 16:42 . 2012-11-14 10:54 242176 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 16:42 . 2012-11-14 10:54 52224 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 16:42 . 2012-11-14 10:54 175104 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 16:42 . 2012-11-14 10:54 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 16:42 . 2012-11-14 10:54 156672 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 16:40 . 2012-11-14 10:54 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 15:21 . 2012-11-14 10:54 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-10-03 12:09 . 2012-06-13 10:53 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-29 21:54 . 2012-06-06 17:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 22:47 . 2012-11-14 10:53 78336 ----a-w- c:\windows\system32\synceng.dll

2012-09-25 01:16 . 2012-10-30 12:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]

"Facebook Update"="c:\users\Jéssica\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-12 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-09-24 802304]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]

"YouCam Service"="c:\program files\CyberLink\YouCam\YouCamService.exe" [2011-11-29 255208]

"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-09-14 296096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 MpKsl47abf02c;MpKsl47abf02c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E5109F5-5C6A-4850-9ACB-553814939DB0}\MpKsl47abf02c.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - MPKSL47ABF02C

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 16:43]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-4164523807-1953574760-2480442740-1000\Software\Zepter Software\RegLib*94d4163e\AnyDVD/1]

"1"=dword:50310e98

"2"=dword:50310fd9

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-12-22 13:43:19

ComboFix-quarantined-files.txt 2012-12-22 15:43

.

Pré-execução: 111.189.913.600 bytes disponíveis

Pós execução: 110.859.542.528 bytes disponíveis

.

- - End Of File - - EDB4EBCDC6673D59846E5325D300D905

__________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:46:28, on 22/12/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CyberLink\YouCam\YouCamService.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\rundll32.exe

C:\Windows\explorer.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\Downloads\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files\CyberLink\YouCam\YouCamService.exe" /s

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jéssica\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS1\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS2\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 6299 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa branca) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt

File::

c:\windows\system32\srvany.exe

Driver::

KMService

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

Faça um novo Log com o HijackThis em Modo Normal e poste + o ComboFix.txt.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-12-22.01 - Jéssica 22/12/2012 15:51:13.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2009.1108 [GMT -2:00]

Executando de: c:\users\JÚssica\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\JÚssica\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-22 to 2012-12-22 ))))))))))))))))))))))))))))

.

.

2012-12-22 17:59 . 2012-12-22 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-22 17:48 . 2012-12-22 17:48 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82897C0F-310F-4AEF-B96E-1AB8499E0E18}\MpKsladcfbad7.sys

2012-12-22 15:44 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82897C0F-310F-4AEF-B96E-1AB8499E0E18}\mpengine.dll

2012-12-22 15:43 . 2012-12-22 17:59 -------- d-----w- c:\users\Jéssica\AppData\Local\temp

2012-12-22 12:42 . 2012-12-22 12:42 -------- d-----w- c:\users\Jéssica\AppData\Local\{BC1BB98F-5524-4607-8CB1-54237B1D1773}

2012-12-21 22:24 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 22:24 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 14:34 . 2012-12-21 14:34 -------- d-----w- c:\users\Jéssica\AppData\Local\{FADE13A5-3145-430E-AD56-47550C52B864}

2012-12-21 13:24 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-18 15:20 . 2012-12-18 15:20 -------- d-----w- c:\program files\Topaz Labs LLC

2012-12-18 14:38 . 2012-12-18 14:38 -------- d-----w- c:\users\Jéssica\AppData\Local\{01A2ED32-347D-433D-87A1-DD2F2C092FFB}

2012-12-18 00:44 . 2012-12-18 00:44 -------- d-----w- c:\users\Jéssica\AppData\Local\{BC9FACBE-FA0C-4271-939D-3075FA9EF14A}

2012-12-16 15:48 . 2012-12-16 15:48 -------- d-----w- c:\users\Jéssica\AppData\Local\{3A4552BD-1416-42AC-B78D-7D2F9139708A}

2012-12-16 02:11 . 2012-12-16 02:12 -------- d-----w- c:\users\Jéssica\AppData\Local\{6F909B4A-CBBA-4F47-AC6D-DB0C9BA427D8}

2012-12-14 18:06 . 2012-12-14 18:08 237568 ----a-w- c:\windows\system32\glut32.dll

2012-12-14 13:20 . 2012-12-14 13:20 -------- d-----w- c:\users\Jéssica\AppData\Local\{52D6C44E-A8FB-422E-865D-A23357340681}

2012-12-12 16:10 . 2012-12-12 16:10 -------- d-----w- c:\users\Jéssica\AppData\Local\{67D94C70-4CCF-4CAD-97E5-11515A29815C}

2012-12-12 11:08 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 11:08 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 01:52 . 2012-12-12 01:52 -------- d-----w- c:\users\Jéssica\AppData\Local\{F9EF322B-3266-4D2C-8DD2-11F9DE5F26B3}

2012-12-11 13:52 . 2012-12-11 13:52 -------- d-----w- c:\users\Jéssica\AppData\Local\{45051F20-5AA2-474F-A8BF-C8F03064D6B6}

2012-12-10 14:00 . 2012-12-10 14:00 -------- d-----w- c:\users\Jéssica\AppData\Local\{151C8507-EC2A-4219-B0B3-7969DD5881A1}

2012-12-09 22:59 . 2012-12-09 22:59 -------- d-----w- c:\users\Jéssica\AppData\Local\{6691BEA1-B38C-49E4-8F58-0D5E8D45BE41}

2012-12-08 12:53 . 2012-12-08 12:53 -------- d-----w- c:\users\Jéssica\AppData\Local\{97AA0389-6AD8-4979-A50C-F99B7E5B46FB}

2012-12-08 00:52 . 2012-12-08 00:53 -------- d-----w- c:\users\Jéssica\AppData\Local\{5F51C75D-7E61-4FEE-8E9D-7172A0EA1F20}

2012-12-07 00:41 . 2012-12-07 00:41 -------- d-----w- c:\users\Jéssica\AppData\Local\{1DCD0BEE-A3B1-4CEE-8ED0-A29D168A94F0}

2012-12-05 14:15 . 2012-12-05 14:15 -------- d-----w- c:\users\Jéssica\AppData\Local\{967302FB-ABB2-4FCE-8DFB-C0D97706FDBF}

2012-12-04 18:18 . 2012-12-04 18:18 -------- d-----w- c:\users\Jéssica\AppData\Local\{BED3D4AB-643D-4D8A-9019-E3AACFD800CA}

2012-12-03 15:06 . 2012-12-03 15:06 -------- d-----w- c:\program files\Common Files\Skype

2012-12-03 15:06 . 2012-12-03 15:06 -------- d-----r- c:\program files\Skype

2012-12-03 12:05 . 2012-12-03 12:05 -------- d-----w- c:\users\Jéssica\AppData\Local\{513E286D-1529-43F5-A6D2-2492C3DC56DF}

2012-12-02 14:10 . 2012-12-02 14:10 -------- d-----w- c:\users\Jéssica\AppData\Local\{4606787B-A8DF-4EDC-B295-53C237568AA2}

2012-12-01 15:53 . 2012-12-01 15:53 -------- d-----w- c:\users\Jéssica\AppData\Local\{2EC2D4E6-32CB-4F09-BAFD-43B74609EB34}

2012-11-30 23:54 . 2012-11-30 23:54 -------- d-----w- c:\users\Jéssica\AppData\Local\{2A3720D3-E8DA-4AD3-8C44-7E1081DD651F}

2012-11-30 00:55 . 2012-11-30 00:55 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{716A7905-4571-44BE-97F2-2370ED29EBDD}\gapaengine.dll

2012-11-28 17:20 . 2012-11-28 17:20 -------- d-----w- c:\users\Jéssica\AppData\Local\{FA4481C7-0860-4451-820F-F1BF18482395}

2012-11-26 13:22 . 2012-11-26 13:22 -------- d-----w- c:\users\Jéssica\AppData\Local\{122A9116-4EB6-4272-85B5-C955F3D0E5DF}

2012-11-25 11:09 . 2012-11-25 11:09 -------- d-----w- c:\users\Jéssica\AppData\Local\{5742AEAA-3422-4C98-968A-CDD8B806E65C}

2012-11-24 23:07 . 2012-11-24 23:07 -------- d-----w- c:\users\Jéssica\AppData\Local\{405150BE-9C24-42FB-9771-EE2A9E501F50}

2012-11-23 18:28 . 2012-11-23 18:28 -------- d-----w- c:\users\Jéssica\AppData\Local\{EA475D8A-2091-4B5C-877B-0E46F1A8FE4A}

2012-11-22 23:19 . 2012-11-22 23:19 -------- d-----w- c:\users\Jéssica\AppData\Local\{443BD8D4-FF63-4754-A5EF-5C517E6B86C1}

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 16:43 . 2012-07-26 22:47 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 16:43 . 2012-07-26 22:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-16 07:39 . 2012-11-28 01:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 17:40 . 2012-11-14 10:49 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-14 10:49 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-03 16:58 . 2012-11-14 10:54 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 16:42 . 2012-11-14 10:54 242176 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 16:42 . 2012-11-14 10:54 52224 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 16:42 . 2012-11-14 10:54 175104 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 16:42 . 2012-11-14 10:54 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 16:42 . 2012-11-14 10:54 156672 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 16:40 . 2012-11-14 10:54 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 15:21 . 2012-11-14 10:54 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-10-03 12:09 . 2012-06-13 10:53 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-29 21:54 . 2012-06-06 17:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 22:47 . 2012-11-14 10:53 78336 ----a-w- c:\windows\system32\synceng.dll

2012-09-25 01:16 . 2012-10-30 12:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]

"Facebook Update"="c:\users\Jéssica\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-12 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-09-24 802304]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]

"YouCam Service"="c:\program files\CyberLink\YouCam\YouCamService.exe" [2011-11-29 255208]

"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-09-14 296096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 MpKsladcfbad7;MpKsladcfbad7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82897C0F-310F-4AEF-B96E-1AB8499E0E18}\MpKsladcfbad7.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - MPKSLADCFBAD7

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 16:43]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-4164523807-1953574760-2480442740-1000\Software\Zepter Software\RegLib*94d4163e\AnyDVD/1]

"1"=dword:50310e98

"2"=dword:50310fd9

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-12-22 16:05:48

ComboFix-quarantined-files.txt 2012-12-22 18:05

ComboFix2.txt 2012-12-22 15:43

.

Pré-execução: 110.864.666.624 bytes disponíveis

Pós execução: 110.828.158.976 bytes disponíveis

.

- - End Of File - - 588CCD92EF8E0C31A203059712972AC3

___________________________________________________

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:07:30, on 22/12/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CyberLink\YouCam\YouCamService.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\Explorer.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Users\Jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jéssica\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files\CyberLink\YouCam\YouCamService.exe" /s

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jéssica\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS1\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS2\Services\Tcpip\..\{097D9FB1-94AE-4C07-B5AD-9940268F8756}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 6292 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

  1. Atualize o Java..
    Faça download da última versão do Java SE Runtime Environment (JRE) .
    Acesse esta página:http://www.java.com/...load/manual.jsp
    Clique em Windows Off-line, para fazer o download do jre-...(Última Versão)
    Se o seu Windows for 64 bits, Acesse esta página:http://www.java.com/...va_win64bit.xml
    Baixe as versões 32 e 64 bits.
    Salve no seu Desktop.
    Feche qualquer programa que esteja executando, especialmente navegadores.
    Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas (XP) ou Programas e Recursos (Vista, 7, 8), e remova todas as versões antigas do Java.
    Exemplos de versões antigas
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
    Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    Clique no botão Remover ou Alterar/Remover.
    Repita quantas vezes for necessária para remover cada versão do Java.
    Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    Agora vá no seu Desktop e execute o arquivo que você acabou de baixar. Basta seguir os prompts.
    ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.

Vá em
Iniciar
>
Painel de Controle
duplo clique em
Adicionar ou Remover Programas (XP)
ou
Programas e Recursos (Vista, 7, 8)
, e remova todas as versões antigas do
Flash Player
. Versões antigas também têm vulnerabilidades que são exploradas por Malwares. Clique
e instale a mais nova versão.

assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Entre para seguir isso  

×