Boa Tarde! Edvan

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ... by sUBs )

|- Salve-o no desktop! ( Área de trabalho! )

|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )

|- Feche algum programa/arquivo que esteja aberto.

|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )

|- Ps: Esteja conectado(a) à Internet. <- Importante!

|- Execute ComboFix.exe,com um duplo clique.

|- Para Windows Vista e/ou 7,dê clique direito em ComboFix.exe e execute-o como administrador. <- Importante!

|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!

|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.

|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.

|- Abrir-se-á a janela Auto Scan.

/applications/core/interface/imageproxy/imageproxy.php?img=http://img375.imageshack.us/img375/6271/etapas.jpg&key=886faf50f6e4a02cfc852e77d70bb52b257bfe1b6dfadc5fb94284cceb208d2e" alt="etapas.jpg" />

|- Aguarde a finalização de todas as Etapas.

|- Durante o scan,evite utilizar o mouse ou teclado!

|- Concluindo,poste: C:\ComboFix.txt

"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."

|- Ao ocorrer este erro,basta reiniciar o computador!

|- *"**ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão** de analistas de segurança."*

Abraços!

ComboFix 12-12-10.01 - f002519 11/12/2012 16:18:38.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1527.974 [GMT -2:00]

Executando de: c:\documents and settings\f002519\Desktop\ComboFix.exe

AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - system32: deleted 4 bytes in 2 streams.

ADS - drivers: deleted 310 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\f002519\Dados de aplicativos\rbap550.dll

c:\documents and settings\f002519\gejyfabtowim.exe

c:\windows\system\chron32.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-11 to 2012-12-11 ))))))))))))))))))))))))))))

.

.

2012-12-11 17:21 . 2012-12-11 17:21 388608 ----a-w- C:\HiJackThis.exe

2012-12-11 17:18 . 2012-12-11 17:18 -------- d-----w- c:\documents and settings\f002519\Dados de aplicativos\Malwarebytes

2012-12-11 17:18 . 2012-12-11 17:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2012-12-11 17:18 . 2012-12-11 17:18 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2012-12-11 17:18 . 2012-09-29 21:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-11 17:03 . 2012-12-11 17:04 -------- d-----w- C:\LinhaDefensiva

2012-12-11 13:37 . 1999-06-21 07:10 183808 ----a-w- c:\windows\system32\BDEADMIN.CPL

2012-12-11 13:37 . 1999-01-20 07:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL

2012-12-11 13:37 . 2012-12-11 13:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Borland Shared

2012-12-11 13:37 . 2012-12-11 13:37 720896 ----a-w- c:\windows\iun6002ev.exe

2012-12-06 19:24 . 2012-12-06 19:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\gas

2012-11-23 16:50 . 2012-11-23 16:50 -------- d-----w- c:\documents and settings\f002519\SPED

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-23 10:18 . 2012-05-24 14:41 360392 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-23 10:18 . 2012-05-24 14:41 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-23 10:18 . 2012-05-24 14:41 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-23 10:18 . 2012-05-24 14:41 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-23 10:18 . 2012-05-24 14:41 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-23 10:18 . 2012-05-24 14:41 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-23 10:18 . 2012-05-24 14:41 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-23 10:18 . 2012-05-24 14:41 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-23 10:17 . 2012-05-24 14:41 41224 ----a-w- c:\windows\avastSS.scr

2012-10-23 10:17 . 2012-05-24 14:41 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-09 15:29 . 2012-05-24 20:16 46440 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2012-12-05 18:30 . 2012-12-05 18:30 262112 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-23 10:17 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-11-07 18:43 1374312 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-10-04 17:05 650088 ------w- c:\arquivos de programas\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DkWLNP]

2008-07-29 10:01 61440 ----a-w- c:\windows\system32\DkWLNP.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 04:57 35760 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AxMonitor]

2008-07-29 10:01 450560 ----a-w- c:\arquivos de programas\Safenet\BSecClient\AXMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DkAutoReg]

2008-07-29 10:01 253952 ----a-w- c:\arquivos de programas\Safenet\BSecClient\dkAutoReg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DkStartup]

2008-07-29 10:01 49152 ----a-w- c:\arquivos de programas\Safenet\BSecClient\DkStartup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2004-09-30 19:37 126976 ----a-r- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-01-07 16:02	49152	----a-w-	c:\arquivos de programas\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2004-09-30 19:41 155648 ----a-r- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-07-27 20:01 68096 ----a-w- c:\windows\SOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]

2004-02-27 17:29 61440 ----a-w- c:\arquivos de programas\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 17:02	254696	----a-w-	c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]

2004-05-20 16:40 188416 ----a-w- c:\arquivos de programas\Hewlett-Packard\Toolbox\hpbpsttp.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3306:TCP"= 3306:TCP:MySQL

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [24/05/2012 18:16 46440]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24/05/2012 12:41 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/05/2012 12:41 360392]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/05/2012 12:41 21256]

R2 DkVcm;SafeNet Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [29/07/2008 08:01 122880]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [24/05/2012 18:16 280168]

R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [25/05/2012 10:10 12240]

R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [25/05/2012 10:10 18704]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [24/05/2012 18:16 29432]

R3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [25/05/2012 10:10 22096]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [24/05/2012 18:16 29432]

.

--- =Outros Serviços/Drivers Na Memória ---

.

NewlyCreated - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job

• c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 15:49]

.

2012-12-11 c:\windows\Tasks\avast! Emergency Update.job

• c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-24 10:17]

.

2012-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-10-24 12:24]

.

2012-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-10-24 12:24]

.

2012-12-11 c:\windows\Tasks\User_Feed_Synchronization-{2A061A62-EFAC-4FB3-8939-32FAFFE9B599}.job

• c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

2012-12-11 c:\windows\Tasks\User_Feed_Synchronization-{611E5FB2-040E-4515-8BEA-A355D7426A9F}.job

• c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

2012-12-11 c:\windows\Tasks\User_Feed_Synchronization-{C8C9A7A6-8961-43DA-88B4-7737AFDF3D3D}.job

• c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = <local>

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.4.65.16

FF - ProfilePath - c:\documents and settings\f002519\Dados de aplicativos\Mozilla\Firefox\Profiles\ayjwie4i.default\

FF - ExtSQL: 2012-12-06 17:20; {87F8774F-B485-47E2-A755-A40A8A5E886D}; c:\documents and settings\f002519\Dados de aplicativos\Mozilla\Firefox\Profiles\ayjwie4i.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}

.

• - - - ORFÃOS REMOVIDOS - - - -

.

HKCU-Run-gejyfabtowim - c:\documents and settings\f002519\gejyfabtowim.exe

MSConfigStartUp-755550554D584D - c:\docume~1\f002519\CONFIG~1\Temp\221020121033.cpl

MSConfigStartUp-Control Panel - c:\documents and settings\f002519\Dados de aplicativos\Microsoft\Office\Java_crw_demo.cpl

MSConfigStartUp-gejyfabtowim - c:\documents and settings\f002519\gejyfabtowim.exe

MSConfigStartUp-Regedit32 - c:\windows\system32\regedit.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-11 16:27

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

• - - - - - - > 'winlogon.exe'(796)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquivos de programas\GbPlugin\gbiehCef.dll

c:\windows\system32\DkWLNP.dll

c:\windows\system32\dkrsacsp.dll

c:\windows\system32\DKTools.dll

c:\windows\system32\dkck201.dll

c:\windows\system32\DKcert.dll

c:\windows\system32\BSEAY32.dll

c:\windows\system32\dklog.dll

.

• - - - - - - > 'explorer.exe'(3876)

c:\arquivos de programas\GbPlugin\gbiehCef.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WS2_32.dll

c:\windows\system32\WS2HELP.dll

c:\windows\system32\webcheck.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVAST Software\Avast\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\dklog.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\dkcktkn.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-12-11 16:31:02 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-12-11 18:30

.

Pré-execução: 8 pasta(s) 113.488.302.080 bytes disponíveis

Pós execução: 11 pasta(s) 114.229.522.432 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

• - End Of File - - ED5277360D2F570EB71BB1D54BA038B3

Boa Noite! Edvan

|- Pode postar o relatório do Malwarebytes,em seu escaneamento completo.

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Silent.jpg&key=b108c6f3da4b9ebe004c6fc63c6e29fc4f2043056612e16f58c8a6da9600eaea" alt="ZHPDiag_Silent.jpg" /> > ( ... par Nicolas Coolman )

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_4cones.jpg&key=1fa875282159446f710d915aa0f19515c10ea929b8487f1466b6ce34a529ae11" alt="ZHPDiag_4cones.jpg" />

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abi6rX9e.jpg&key=92c78ea35f87f8eb069ae0f2916f89217f86c2317aef892b27e6440e4dd75740" alt="abi6rX9e.jpg" />

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" />

|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abmdaZsE.jpg&key=433ccdd2cd040bd965a0b2bee3887132a2fd78ca8d607165658bf45467e220f0" alt="abmdaZsE.jpg" />

|- Maiores informações: < |Link| >

A+

LINK http://pjjoint.malekal.com/files.php?read=ZHPDiag_20121212_j5z9z15o9w14

outro link: http://cjoint.com/12dc/BLmmzcnRTme.htm

Deixei passando o scan do Malwarebytes no modo rapido: (4 minuto(s), 46 segundo(s)..

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.12.11.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f002519 :: FUN0029 [administrador]

11/12/2012 16:32:16

mbam-log-2012-12-11 (16-32-16).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 226359

Tempo decorrido: 4 minuto(s), 46 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

---------------------x-------------------

P.S: Já o scan no modo completo demorou muito, daí cancelei para rodar o combofix. (35 minuto(s), 27 segundo(s) [cancelado]

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.12.11.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f002519 :: FUN0029 [administrador]

11/12/2012 15:34:03

mbam-log-2012-12-11 (15-34-03).txt

Tipo de Verificação: Verificação Completa (C:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 45787

Tempo decorrido: 35 minuto(s), 27 segundo(s) [cancelado]

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Bom Dia! Edvan

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_silent_zps532d2db6.jpg&key=e3bca71d24a0067fad1910903f2d756650c2d526a3a3b4495f41f8a5e073328a" alt="ZHPFix_silent_zps532d2db6.jpg" />

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} Orphean Key
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- (.not file.)

proxyfix
emptytemp
emptyflash
firewallraz

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />

|- Clique no menu,"Paste ClipBoard".

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acerMAbC.jpg&key=8f6573385f94e5beff1160ce0a8e6778a7b84bd7dbdcfdd2ee7c4058d85bf88a" alt="acerMAbC.jpg" />

|- Clique "GO" -> Oui.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012

Fichier d'export Registre :

Run by f002519 at 12/12/2012 09:26:27

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://nicolascoolman.skyrock.com/

========== Registry Key ==========

DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003}

DELETED [HKLM\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

DELETED [HKCR\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}

DELETED Key: CLSID BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

========== Registry Value ==========

DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe

No Value in Firewall Exception Register Key (FirewallRaz)

========== Repertory ==========

DELETED Window Temporary:

DELETED Flash Cookies:

========== File ==========

DELETED Window Temporary:

DELETED Flash Cookies:

========== Summary ==========

9 : Registry Key

12 : Registry Value

2 : Repertory

2 : File

End of clean in 00mn 16s

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 12/12/2012 09:26:27 [1789]

Olá! Edvan

|- O Avast,ainda,continua com seus alertas?

A+

Não amigo, mais algum procedimento??

>
Não amigo, mais algum procedimento??

Olá! Edvan

|- Baixe: |DelFix| ( ... de Xplode )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/DelFix_SetaVerde.jpg&key=a562af283f81224b0096f109e2c85fcde8abae0d109a59c91160b5f99a23e243" alt="DelFix_SetaVerde.jpg" />

|- Estando na página,clique na seta verde para o download. ( Seta verde! )

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_Suppression.jpg&key=504213ed0fd7c7ffdd71bbc9a8ecfed75d167e84deb27fd5dfec08c0104c80c3" alt="DelFix_Suppression.jpg" />

|- Clique em "Suppression".

|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".

|- Seus logs estão limpos!

A+

Ok.. pode fechar o tópico. :thumbsup:

DelFix v6.2 - Logfile created 12/12/2012 at 10:48:57

Updated 11/11/2012 by Xplode

Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

User : f002519 - FUN0029

Running from : C:\Documents and Settings\f002519\Desktop\delfix.exe

Option [Delete]

~~~~~~ Folder(s) ~~~~~~

Deleted : C:\Qoobox

Deleted : C:\ZHP

Deleted : C:\Arquivos de programas\ZHPDiag

~~~~~~ File(s) ~~~~~~

Deleted : C:\AdwCleaner[s1].txt

Deleted : C:\ComboFix.txt

Deleted : C:\HiJackThis.exe

Deleted : C:\hijackthis.log

Deleted : C:\PhysicalDisk0_MBR.bin

Deleted : C:\WINDOWS\grep.exe

Deleted : C:\WINDOWS\PEV.exe

Deleted : C:\WINDOWS\NIRCMD.exe

Deleted : C:\WINDOWS\MBR.exe

Deleted : C:\WINDOWS\SED.exe

Deleted : C:\WINDOWS\SWREG.exe

Deleted : C:\WINDOWS\SWSC.exe

Deleted : C:\WINDOWS\SWXCACLS.exe

Deleted : C:\WINDOWS\Zip.exe

~~~~~~ Registry ~~~~~~

Key Deleted : HKLM\SOFTWARE\AdwCleaner

Key Deleted : HKLM\SOFTWARE\Swearware

Key Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~~~~~~ Other ~~~~~~

-> Prefetch Emptied

*************************

DelFix[s1].txt - [1171 octets] - [12/12/2012 10:48:57]

########## EOF - C:\DelFix[s1].txt - [1295 octets] ##########

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.