Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom dia Equipe Imasters! :grin:
Quando ligo a maquina, antes de mostrar a área de trabalho o pc reinicia, faz isso varias vezes para poder carregar normalmente meu desktop.
Link: http://pjjoint.malekal.com/files.php?read=ZHPDiag_20130104_g10i11q9d15h10
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.03.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
f003589 :: SUPORTE [administrator]
03/01/2013 15:26:25
mbar-log-2013-01-03 (15-26-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27016
Time elapsed: 13 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\RECYCLER\S-1-5-21-2586132527-314635491-3328972525-21404\Dc34.exe (Trojan.Arqudrop) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-2586132527-314635491-3328972525-21404\Dc35.exe (Trojan.Arqudrop) -> Delete on reboot.
(end)
------------------------xxx--------------------------------------------
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Versão da Base de Dados: v2013.01.03.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
f003589 :: SUPORTE [administrador]
03/01/2013 17:30:02
mbam-log-2013-01-03 (17-30-02).txt
Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 354355
Tempo decorrido: 51 minuto(s), 40 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
(fim)
----------------------xx---------------------------
*** [services] ***
*** [Files / Folders] ***
Folder Deleted : C:\Arquivos de programas\Iminent
Folder Deleted : C:\DOCUME~1\F00358~1.BR\CONFIG~1\Temp\Iminent
Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Iminent
Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Iminent
*** [Registry] ***
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\Software\PIP
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [iminent]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [iminentMessenger]
*** [internet Browsers] ***
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[s1].txt - [1161 octets] - [08/11/2012 11:26:37]
AdwCleaner[s2].txt - [14826 octets] - [20/12/2012 09:41:58]
########## EOF - C:\AdwCleaner[s2].txt - [14887 octets] ##########
Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012
Fichier d'export Registre :
Run by f003589 at 04/01/2013 15:07:54
Windows XP Professional Service Pack 3 (Build 2600)
Web site : http://nicolascoolman.skyrock.com/
========== Software ==========
DELETED Iminent
========== Registry Key ==========
NOT FOUND Key: Service: SProtection
DELETED Key: CLSID BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
DELETED Key: CLSID BHO: {AE7CD045-E861-484f-8273-0445EE161910}
DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
DELETED Key: StartupReg: ZyngaGamesAgent
DELETED Key: SearchScopes :{33BB0A4E-99AF-4226-BDF6-49120163DE86}
DELETED Key: SearchScopes :{3AA0F31D-D21E-40D4-8E3B-636F4464CFC6}
DELETED Key: HKCU\Software\Iminent
========== Registry Value ==========
DELETED URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
DELETED Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}
DELETED RunValue: CTFMON.EXE
DELETED RunValue: AdobeBridge
NOT FOUND RunValue: AdobeBridge
NOT FOUND AAKE KeyValue: C:\Arquivos de programas\Iminent\Iminent.exe
NOT FOUND AAKE KeyValue: C:\Arquivos de programas\Iminent\Iminent.Messengers.exe
DELETED AAKE KeyValue: C:\Arquivos de programas\ControlCenter\controlcenter.exe
DELETED AAKE KeyValue: C:\Arquivos de programas\ControlCenter\iptool.exe
DELETED AAKE KeyValue: C:\Arquivos de programas\Megacubo\megacubo.exe
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
No Value in Firewall Exception Register Key (FirewallRaz)
========== Registry Data Items ==========
REMOVED R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
REMOVED R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page
REMOVED R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL
REMOVED R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant
========== Repertory ==========
DELETED Window Temporary:
DELETED Flash Cookies:
========== File ==========
NOT FOUND Folder/File: c:\arquivos de programas\arquivos comuns\umbrella\umbrella.exe
NOT FOUND File: c:\arquivos de programas\arquivos comuns\umbrella\umbrella.exe
DELETE on Reboot c:\windows\system32\ctfmon.exe
DELETED File: c:\documents and settings\administrador\desktop\interapp control.lnk
NOT FOUND File: c:\arquivos de programas\qubnfe\qubnfe.exe
NOT FOUND File: c:\arquivos de programas\controlcenter\controlcenter.exe
NOT FOUND File: c:\arquivos de programas\controlcenter\iptool.exe
NOT FOUND File: c:\arquivos de programas\megacubo\megacubo.exe
NOT FOUND File: c:\arquivos de programas\splashtop\splashtop connect\zyngagamesagent.exe
DELETED Window Temporary:
DELETED Flash Cookies:
========== Restoration ==========
Restore System Point created succefully
========== Summary ==========
10 : Registry Key
22 : Registry Value
4 : Registry Data Items
2 : Repertory
11 : File
1 : Software
1 : Restoration
End of clean in 00mn 39s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 04/01/2013 15:08:03 [3554]
Bom Dia! Edvan
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ... by sUBs )
|- Salve-o no desktop! ( Área de trabalho! )
|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )
|- Feche algum programa/arquivo que esteja aberto.
|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )
|- Ps: Esteja conectado(a) à Internet. <- Importante!
|- Execute ComboFix.exe,com um duplo clique.
|- Para Windows Vista e/ou 7,dê clique direito em ComboFix.exe e execute-o como administrador. <- Importante!
|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!
|- Ps: Ficará,portanto,à seu critério optar por sua instalação.
/applications/core/interface/imageproxy/imageproxy.php?img=http://blog.teesupport.com/wp-content/uploads/2012/07/Safe-Mode.jpg&key=cd7748cef105069b8a043fb9aace5066635f52846ccece737be9d7dcf1635861" alt="Safe-Mode.jpg" />
|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.
|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.
|- Abrir-se-á a janela Auto Scan.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img375.imageshack.us/img375/6271/etapas.jpg&key=886faf50f6e4a02cfc852e77d70bb52b257bfe1b6dfadc5fb94284cceb208d2e" alt="etapas.jpg" />
|- Aguarde a finalização de todas as Etapas.
|- Durante o scan,evite utilizar o mouse ou teclado!
|- Concluindo,poste: C:\ComboFix.txt
"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."
|- Ao ocorrer este erro,basta reiniciar o computador!
|- *"**ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão** de analistas de segurança."*
Abraços!
Concluindo,poste: C:\ComboFix.txt
Bom dia amigo!.
Quando estava concluindo as etapas,a maquina reiniciou, mais nao foi gerado nenhum log, seria interessante rodar novamente o combofix?
/applications/core/interface/imageproxy/imageproxy.php?img=http://img375.imageshack.us/img375/6271/etapas.jpg&key=886faf50f6e4a02cfc852e77d70bb52b257bfe1b6dfadc5fb94284cceb208d2e" alt="etapas.jpg" />
Novo log: http://pjjoint.malekal.com/files.php?read=ZHPDiag_20130107_z15x10v10d10o7
Olá! Edvan
|- Tentou executar o ComboFix em Modo de Segurança?
Abs!
Não conseguir passar em modo de segurança, daí reiniciei e tentei passar em modo normal novamente e dessa vez tive sucesso. :grin:
ComboFix 13-01-06.01 - f003589 07/01/2013 14:15:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1959.1528 [GMT -3:00]
Executando de: c:\documents and settings\f003589.FUNPEC.BR\Desktop\ComboFix.exe
AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\inst.exe
c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\vso_ts_preview.xml
c:\windows\IsUn0416.exe
c:\windows\system\chron32.dll
c:\windows\system\libeay32.dll
c:\windows\system\ssleay32.dll
c:\windows\System32\sbfiv.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-12-07 to 2013-01-07 ))))))))))))))))))))))))))))
.
.
2013-01-04 18:53 . 2013-01-04 18:53 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\VirtualBox VMs
2013-01-04 11:36 . 2013-01-07 12:42 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-01-04 11:35 . 2013-01-07 12:42 -------- d-----w- c:\arquivos de programas\ZHPDiag
2012-12-27 13:37 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-12-27 13:37 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-12-27 13:37 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-12-27 13:37 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-12-27 13:37 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-12-27 13:37 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-12-26 14:37 . 2012-12-26 14:37 -------- d-----w- C:\My Documents
2012-12-26 14:37 . 2001-01-16 18:46 50576 ------w- c:\windows\system32\drivers\hppadt40.sys
2012-12-26 14:37 . 2001-01-16 18:44 17872 ------w- c:\windows\system32\drivers\hppausb0.sys
2012-12-26 14:37 . 2001-01-16 18:21 53248 ------w- c:\windows\system32\hppapml0.dll
2012-12-26 14:37 . 2001-01-16 18:20 61440 ------w- c:\windows\system32\hppapml0.exe
2012-12-26 14:37 . 2001-01-16 18:11 94208 ------w- c:\windows\system32\hppapts0.dll
2012-12-26 14:37 . 2001-01-16 18:10 61440 ------w- c:\windows\system32\hppanet0.exe
2012-12-26 14:37 . 2001-01-16 17:43 15792 ------w- c:\windows\system32\drivers\hppaprt0.sys
2012-12-26 14:37 . 2001-01-08 17:26 73728 ------w- c:\windows\system32\hppadt40.dll
2012-12-26 14:36 . 2001-01-17 15:38 40960 ------w- c:\windows\system32\hppamon0.dll
2012-12-26 14:36 . 2001-01-05 11:38 58880 ------w- c:\windows\system32\hpdcmon.dll
2012-12-26 14:36 . 2000-07-31 15:00 317952 ------w- c:\windows\system32\roboex32.dll
2012-12-26 14:36 . 2012-12-26 14:36 -------- d-----w- c:\arquivos de programas\Hewlett-Packard
2012-12-26 14:35 . 2001-08-18 00:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2012-12-26 14:35 . 2001-08-18 00:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2012-12-26 14:35 . 2008-04-13 14:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2012-12-26 14:35 . 2008-04-13 14:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2012-12-26 14:35 . 2001-09-06 02:06 24064 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2012-12-26 14:35 . 2001-09-06 02:06 24064 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2012-12-21 18:36 . 2012-12-21 18:36 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Configurações locais\Dados de aplicativos\Sun
2012-12-21 17:09 . 2012-12-21 17:09 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\Malwarebytes
2012-12-21 17:09 . 2012-12-21 17:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2012-12-21 17:09 . 2013-01-03 19:51 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2012-12-21 17:09 . 2012-12-14 19:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-20 13:57 . 2012-12-20 13:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2012-12-20 13:57 . 2012-12-20 13:56 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-20 13:57 . 2012-12-20 13:56 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-20 13:57 . 2012-12-20 13:56 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-20 13:56 . 2012-12-20 13:56 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-20 13:56 . 2012-12-20 13:56 -------- d-----w- c:\arquivos de programas\Java
2012-12-18 20:18 . 2012-12-20 12:42 -------- d-----w- c:\arquivos de programas\uTorrent
2012-12-18 20:17 . 2013-01-07 17:17 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\uTorrent
2012-12-18 14:19 . 2012-06-09 18:21 178688 ----a-w- c:\windows\system32\unrar.dll
2012-12-18 14:18 . 2012-12-18 14:19 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2012-12-13 19:46 . 2012-12-17 12:29 -------- d-----w- c:\arquivos de programas\Cobian Backup 11
2012-12-10 20:20 . 2012-12-17 12:33 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\FileZilla
2012-12-10 20:17 . 2012-12-10 20:17 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\GlobalSCAPE
2012-12-10 11:46 . 2012-12-10 11:46 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 20:33 . 2012-10-19 11:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 20:33 . 2012-10-19 11:32 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-03 19:29 . 2012-12-03 17:13 344 ---h--w- c:\documents and settings\All Users\gwp2.sys
2012-11-16 13:08 . 2012-11-16 13:08 47360 ----a-w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\pcouffin.sys
2012-10-30 22:51 . 2012-10-05 14:08 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-05 14:08 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-10-05 14:08 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-05 14:08 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-05 14:08 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-10-05 14:08 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-10-05 14:08 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-05 14:08 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-10-05 14:08 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-05 14:08 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-26 23:03 . 2012-12-05 11:00 187736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-10-26 23:03 . 2012-10-26 23:03 104280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-10-26 23:02 . 2012-12-05 11:00 84312 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2012-10-26 23:02 . 2012-12-05 11:00 94040 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-10-26 23:02 . 2012-10-26 23:02 115544 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-10-26 23:02 . 2012-10-26 23:02 174424 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-10-10 18:40 . 2012-10-05 13:39 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-10-10 18:40 . 2012-10-05 13:45 17488 ----a-w- c:\windows\gdrv.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"abfiv"="c:\arquivos de programas\blok free 4\abfiv.exe" [2012-05-29 709120]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2012-12-18 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-06 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-06 182552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-06 166680]
"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Blok Free 4"="c:\arquivos de programas\Blok Free 4\abfiv.exe" [2012-05-29 709120]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-07-03 252848]
.c:\documents and settings\f003589.FUNPEC.BR\Menu Iniciar\Programas\Inicializar\
Stardock ObjectDock.lnk - c:\arquivos de programas\Stardock\ObjectDockFree\ObjectDock.exe [2012-8-28 3768688]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 09:09 446392 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 19:26 1073312 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-05-12 06:10 20053608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 16:37 517096 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [05/10/2012 10:27 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/10/2012 11:08 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/10/2012 11:08 361032]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [05/12/2012 08:00 187736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [05/12/2012 08:00 94040]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/10/2012 11:08 21256]
R2 Smart TimeLock;Smart TimeLock Service;c:\arquivos de programas\Gigabyte\SMART6\timelock\TimeMgmtDaemon.exe [05/10/2012 10:30 114688]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe [05/10/2012 10:27 2655768]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [13/07/2009 01:07 21096]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [13/07/2009 01:07 25448]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [05/10/2012 10:17 65136]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [05/10/2012 10:27 41088]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [26/10/2012 20:02 115544]
S2 Syslogon;System logon;c:\windows\system32\1052\lsass.exe [03/12/2012 14:13 471552]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/10/2012 10:27 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [29/11/2012 15:55 13192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [05/10/2012 10:46 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [29/11/2012 15:55 8456]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [05/10/2012 10:39 24944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 17:22 34064]
S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [26/10/2012 20:03 104280]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [05/12/2012 08:00 84312]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
.
2013-01-07 c:\windows\Tasks\avast! Emergency Update.job
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-10-05 13:56]
.2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-10-05 13:56]
.2013-01-07 c:\windows\Tasks\PandaUSBVaccine.job
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.funpec.br/ponto_online/
mStart Page = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.4.65.16
.
.
HKCU-Run-sbfiv - c:\windows\System32\sbfiv.exe
HKLM-Run-sbfiv - c:\windows\System32\sbfiv.exe
MSConfigStartUp-TkBellExe - c:\arquivos de programas\Real\RealPlayer\update\realsched.exe
.
.
.**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-07 14:19
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Tempo para conclusão: 2013-01-07 14:20:05
ComboFix-quarantined-files.txt 2013-01-07 17:20
.
Pré-execução: 13 pasta(s) 398.008.037.376 bytes disponíveis
Pós execução: 15 pasta(s) 398.209.159.168 bytes disponíveis
.
Boa Tarde! Edvan
|- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.
|- Salve-o,no desktop,com o nome: CFScript <-- Texto!
>
KillAll::Registry::
[-HKLM\SOFTWARE\Classes\.vzs2]
File::
c:\documents and settings\All Users\gwp2.sys
c:\windows\system32\1052\lsass.exe
Driver::
Syslogon
ClearJavaCache::
|- Ps: Desabilite,temporariamente,seu antivírus.
|- Ps: Não utilizem este script em outra máquina!
|- Arraste,o CFScript.txt para o ícone/interior do ComboFix.
|- Veja a demonstração!
/applications/core/interface/imageproxy/imageproxy.php?img=http://farm4.static.flickr.com/3028/2872959479_997d4500c4_o.gif&key=5df91a69abacb5902724f70d14994f3bf5ba8d87bf300cea4c6fd8c885940cf0" alt="2872959479_997d4500c4_o.gif" />
|- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
|- Ps: Faça o arraste,até surgir essa solicitação! ( janela )
|- Ao surgir solicitação para atualizar a ferramenta,clique Sim!
|- Concluindo,poste: C:\ComboFix.txt
A+
ComboFix 13-01-06.01 - f003589 07/01/2013 15:37:15.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1959.1396 [GMT -3:00]
Executando de: c:\documents and settings\f003589.FUNPEC.BR\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\f003589.FUNPEC.BR\Desktop\CFScript.txt
AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\All Users\gwp2.sys"
"c:\windows\system32\1052\lsass.exe"
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\gwp2.sys
c:\windows\system32\1052\lsass.exe
c:\windows\System32\sbfiv.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSLOGON
-------\Service_Syslogon
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-12-07 to 2013-01-07 ))))))))))))))))))))))))))))
.
.
2013-01-04 18:53 . 2013-01-04 18:53 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\VirtualBox VMs
2013-01-04 11:36 . 2013-01-07 12:42 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-01-04 11:35 . 2013-01-07 12:42 -------- d-----w- c:\arquivos de programas\ZHPDiag
2012-12-27 13:37 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-12-27 13:37 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-12-27 13:37 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-12-27 13:37 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-12-27 13:37 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-12-27 13:37 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-12-26 14:37 . 2012-12-26 14:37 -------- d-----w- C:\My Documents
2012-12-26 14:37 . 2001-01-16 18:46 50576 ------w- c:\windows\system32\drivers\hppadt40.sys
2012-12-26 14:37 . 2001-01-16 18:44 17872 ------w- c:\windows\system32\drivers\hppausb0.sys
2012-12-26 14:37 . 2001-01-16 18:21 53248 ------w- c:\windows\system32\hppapml0.dll
2012-12-26 14:37 . 2001-01-16 18:20 61440 ------w- c:\windows\system32\hppapml0.exe
2012-12-26 14:37 . 2001-01-16 18:11 94208 ------w- c:\windows\system32\hppapts0.dll
2012-12-26 14:37 . 2001-01-16 18:10 61440 ------w- c:\windows\system32\hppanet0.exe
2012-12-26 14:37 . 2001-01-16 17:43 15792 ------w- c:\windows\system32\drivers\hppaprt0.sys
2012-12-26 14:37 . 2001-01-08 17:26 73728 ------w- c:\windows\system32\hppadt40.dll
2012-12-26 14:36 . 2001-01-17 15:38 40960 ------w- c:\windows\system32\hppamon0.dll
2012-12-26 14:36 . 2001-01-05 11:38 58880 ------w- c:\windows\system32\hpdcmon.dll
2012-12-26 14:36 . 2000-07-31 15:00 317952 ------w- c:\windows\system32\roboex32.dll
2012-12-26 14:36 . 2012-12-26 14:36 -------- d-----w- c:\arquivos de programas\Hewlett-Packard
2012-12-26 14:35 . 2001-08-18 00:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2012-12-26 14:35 . 2001-08-18 00:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2012-12-26 14:35 . 2008-04-13 14:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2012-12-26 14:35 . 2008-04-13 14:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2012-12-26 14:35 . 2001-09-06 02:06 24064 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2012-12-26 14:35 . 2001-09-06 02:06 24064 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2012-12-21 18:36 . 2012-12-21 18:36 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Configurações locais\Dados de aplicativos\Sun
2012-12-21 17:09 . 2012-12-21 17:09 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\Malwarebytes
2012-12-21 17:09 . 2012-12-21 17:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2012-12-21 17:09 . 2013-01-03 19:51 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2012-12-21 17:09 . 2012-12-14 19:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-20 13:57 . 2012-12-20 13:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2012-12-20 13:57 . 2012-12-20 13:56 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-20 13:57 . 2012-12-20 13:56 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-20 13:57 . 2012-12-20 13:56 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-20 13:56 . 2012-12-20 13:56 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-20 13:56 . 2012-12-20 13:56 -------- d-----w- c:\arquivos de programas\Java
2012-12-18 20:18 . 2012-12-20 12:42 -------- d-----w- c:\arquivos de programas\uTorrent
2012-12-18 20:17 . 2013-01-07 18:46 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\uTorrent
2012-12-18 14:19 . 2012-06-09 18:21 178688 ----a-w- c:\windows\system32\unrar.dll
2012-12-18 14:18 . 2012-12-18 14:19 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2012-12-13 19:46 . 2012-12-17 12:29 -------- d-----w- c:\arquivos de programas\Cobian Backup 11
2012-12-10 20:20 . 2012-12-17 12:33 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\FileZilla
2012-12-10 20:17 . 2012-12-10 20:17 -------- d-----w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\GlobalSCAPE
2012-12-10 11:46 . 2012-12-10 11:46 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 20:33 . 2012-10-19 11:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 20:33 . 2012-10-19 11:32 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-16 13:08 . 2012-11-16 13:08 47360 ----a-w- c:\documents and settings\f003589.FUNPEC.BR\Dados de aplicativos\pcouffin.sys
2012-10-30 22:51 . 2012-10-05 14:08 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-05 14:08 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-10-05 14:08 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-05 14:08 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-05 14:08 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-10-05 14:08 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-10-05 14:08 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-05 14:08 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-10-05 14:08 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-05 14:08 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-26 23:03 . 2012-12-05 11:00 187736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-10-26 23:03 . 2012-10-26 23:03 104280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-10-26 23:02 . 2012-12-05 11:00 84312 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2012-10-26 23:02 . 2012-12-05 11:00 94040 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-10-26 23:02 . 2012-10-26 23:02 115544 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-10-26 23:02 . 2012-10-26 23:02 174424 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-10-10 18:40 . 2012-10-05 13:39 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-10-10 18:40 . 2012-10-05 13:45 17488 ----a-w- c:\windows\gdrv.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"abfiv"="c:\arquivos de programas\blok free 4\abfiv.exe" [2012-05-29 709120]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2012-12-18 969104]
"sbfiv"="c:\windows\System32\sbfiv.exe" [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-06 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-06 182552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-06 166680]
"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Blok Free 4"="c:\arquivos de programas\Blok Free 4\abfiv.exe" [2012-05-29 709120]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-07-03 252848]
"sbfiv"="c:\windows\System32\sbfiv.exe" [bU]
.
c:\documents and settings\f003589.FUNPEC.BR\Menu Iniciar\Programas\Inicializar\
Stardock ObjectDock.lnk - c:\arquivos de programas\Stardock\ObjectDockFree\ObjectDock.exe [2012-8-28 3768688]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 09:09 446392 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 19:26 1073312 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-05-12 06:10 20053608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 16:37 517096 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [05/10/2012 10:27 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/10/2012 11:08 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/10/2012 11:08 361032]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [05/12/2012 08:00 187736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [05/12/2012 08:00 94040]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/10/2012 11:08 21256]
R2 Smart TimeLock;Smart TimeLock Service;c:\arquivos de programas\Gigabyte\SMART6\timelock\TimeMgmtDaemon.exe [05/10/2012 10:30 114688]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe [05/10/2012 10:27 2655768]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [13/07/2009 01:07 21096]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [13/07/2009 01:07 25448]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [05/10/2012 10:17 65136]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [05/10/2012 10:27 41088]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [26/10/2012 20:02 115544]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/10/2012 10:27 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [29/11/2012 15:55 13192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [05/10/2012 10:46 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [29/11/2012 15:55 8456]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [05/10/2012 10:39 24944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 17:22 34064]
S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [26/10/2012 20:03 104280]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [05/12/2012 08:00 84312]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
.
2013-01-07 c:\windows\Tasks\avast! Emergency Update.job
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-10-05 13:56]
.2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-10-05 13:56]
.2013-01-07 c:\windows\Tasks\PandaUSBVaccine.job
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.funpec.br/ponto_online/
mStart Page = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.4.65.16
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-07 15:47
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
c:\windows\system32\WININET.dll
c:\arquivos de programas\Stardock\ObjectDockFree\DockShellHook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\AVAST Software\Avast\AvastSvc.exe
c:\arquivos de programas\Java\jre7\bin\jqs.exe
c:\arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\arquivos de programas\AVAST Software\Avast\setup\avast.setup
c:\arquivos de programas\Panda USB Vaccine\USBVaccine.exe
c:\arquivos de programas\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-01-07 15:48:49 - Máquina reiniciou
ComboFix-quarantined-files.txt 2013-01-07 18:48
ComboFix2.txt 2013-01-07 17:20
.
Pré-execução: 14 pasta(s) 398.209.085.440 bytes disponíveis
Pós execução: 15 pasta(s) 398.125.776.896 bytes disponíveis
.
Boa Tarde! Edvan
|- As reinicializações permanecem?
-/-
|- Salve-o no desktop ou Arquivos de programas.
|- Ao executar o Setup,clique "Next".
|- Aguarde a atualização da ferramenta!
|- Ao concluir,clique "Accept and Scan".
|- Finalizando o scan,clique "Clean".
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acl1mmHo.jpg&key=5c285ef7e359f6ec3782928e4339d69bce089a990e532e57481a64117dcc46cc" alt="acl1mmHo.jpg" />
|- Para ter maior domínio do que queira remover clique na seta,para selecionar o(s) ítens,já que alguns podem ser "falsos positivo".
A+
Boa Tarde! Edvan
|- As reinicializações permanecem?
Não agora está tudo ok. :thumbsup:
P.S <> O panda pegou esses três aqui, você ainda está usando o panda como antivirus?
Rapaz estou com um note aqui que nao consigo nem a pau instalar o avast nele!.
Malware. FILE: C:\DOCUMENTS AND SETTINGS\F003589.FUNPEC.BR\COOKIES\MQA0WVP9.TXT to be deleted.
Malware. FILE: C:\DOCUMENTS AND SETTINGS\F003589.FUNPEC.BR\COOKIES\HDC1BQYH.TXT to be deleted.
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Bom Dia! Edvan
P.S <> O panda pegou esses três aqui, você ainda está usando o panda como antivirus?
Rapaz estou com um note aqui que nao consigo nem a pau instalar o avast nele!.
|- Não! Testei o Panda Cloud por um ano e o achei ótimo para quem,ainda,possui o Windows XP. Atualmente estou sem antivírus,pois optei por outra modalidade de proteção,dando ênfase aos navegadores. ( NoScript ;NotScripts ;WOT )
|- Complementei tudo isso,com o WinPatrol + Spyware Blaster,que utilizo há muitos anos.
#####
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
#####
|- Esta foi a única detecção relevante e que foi corrigida pela ferramenta.
|- Pode utilizar DelFix para remover ZHPDiag.
|- Caso queira,mantenha o Panda Cloud Cleaner,em seu PC.
Rapaz estou com um note aqui que nao consigo nem a pau instalar o avast nele!.
|- Abra um "Novo Tópico",referente ao seu Note,com o log de ZHPDiag e veremos o que pode ser feito.
Abs!
OK amigo, pode fechar o tópico!. :grin:
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa Tarde! Edvan
|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_silent_zps532d2db6.jpg&key=e3bca71d24a0067fad1910903f2d756650c2d526a3a3b4495f41f8a5e073328a" alt="ZHPFix_silent_zps532d2db6.jpg" />
|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} Orphean Key O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- (.not file.) O3 - Toolbar: (no name) - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (...) -- (.not file.) O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKCU\..\Run: [AdobeBridge] Orphean Key O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21404\..\Run: [AdobeBridge] Orphean Key O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\InterApp Control.lnk . (...) -- C:\Arquivos de programas\qubnfe\qubnfe.exe (.not file.) O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\InterApp Control.lnk . (...) -- C:\Arquivos de programas\qubnfe\qubnfe.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\ControlCenter\controlcenter.exe" [Enabled] .(...) -- C:\Arquivos de programas\ControlCenter\controlcenter.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\ControlCenter\iptool.exe" [Enabled] .(...) -- C:\Arquivos de programas\ControlCenter\iptool.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Megacubo\megacubo.exe" [Enabled] .(...) -- C:\Arquivos de programas\Megacubo\megacubo.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\ZyngaGamesAgent [Key] . (...) -- C:\Arquivos de programas\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (.not file.) O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (v9) - http://search.v9.com O69 - SBI: SearchScopes [HKCU] {3AA0F31D-D21E-40D4-8E3B-636F4464CFC6} - (Ask Search) - http://websearch.ask.com[HKCU\Software\Iminent] => Infection PUP (Adware.IMBooster)
proxyfix
emptytemp
emptyflash
firewallraz
sysrestore
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />
|- Clique no menu,"Paste ClipBoard".
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acerMAbC.jpg&key=8f6573385f94e5beff1160ce0a8e6778a7b84bd7dbdcfdd2ee7c4058d85bf88a" alt="acerMAbC.jpg" />
|- Clique "GO" -> Oui.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />
|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
A+