[Resolvido] &nbspAnálise De Log

[Drsmith2000 0]

Pessoal, gostaria que dessem uma olhada no meu log para ver se tem algo de errado.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:34:18, on 23/07/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

 

Running processes:

C:\Program Files\Lock My PC 4\lockpc.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Windows\system\Cm106eye.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Preencher - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{A172EFD9-1BE4-4A90-9C8B-C852B292F9F8}: NameServer = 8.8.8.8,8.8.4.4

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - C:\Program Files\Lock My PC 4\LmpcServ.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9531 bytes

[DigRam 144]

Bom Dia! Drsmith2000

 

|- O log não mostra entradas ruins. O que ocorre?

 

Abraços!

[Drsmith2000 0]

Boa noite DigRam . Desculpe a demora em responder, estive sem internet por esses dias.

 

Ocorre que uso um programa pra monitorar todo meu tráfego de internet, chamado net limiter, e toda vez que ligo o pc ele reconhece um arquivo chamado "keygen.exe" localizado na pasta do windows. Porém quando chego na pasta ele não está mais lá. Parece que o arquivo surge do nada durante os 30seg que o windows leva pra carregar e depois some... Já ouviu falar de algo a respeito?

[DigRam 144]

Boa noite DigRam . Desculpe a demora em responder, estive sem internet por esses dias.

 

Ocorre que uso um programa pra monitorar todo meu tráfego de internet, chamado net limiter, e toda vez que ligo o pc ele reconhece um arquivo chamado "keygen.exe" localizado na pasta do windows. Porém quando chego na pasta ele não está mais lá. Parece que o arquivo surge do nada durante os 30seg que o windows leva pra carregar e depois some... Já ouviu falar de algo a respeito?

Bom Dia! Drsmith2000

 

|- < KeyGen 1.0.0.0 >

 

|- Tem certeza que nunca utilizou este software?

 

Abs!

[Drsmith2000 0]

Tenho certeza sim, o arquivo não é desse software. Consegui fazer uma cópia do arquivo antes dele desaparecer e passei no virutotal, segue o link do log:

 

https://www.virustotal.com/file/0585cdc0293ea6b8c86482608c08c583bf32e12cfa59d143f4a0411d2894c0f3/analysis/1343592636/

 

Foi reconhecido por boa parte dos anti-vírus, mas pelo que parece não é trojan/keylogger é hacker tool.

Falta entender o que faz esse arquivo ser executado, já que no log do HijackThis não aparece nada...

[DigRam 144]

Tenho certeza sim, o arquivo não é desse software. Consegui fazer uma cópia do arquivo antes dele desaparecer e passei no virutotal, segue o link do log:

 

https://www.virustotal.com/file/0585cdc0293ea6b8c86482608c08c583bf32e12cfa59d143f4a0411d2894c0f3/analysis/1343592636/

 

Foi reconhecido por boa parte dos anti-vírus, mas pelo que parece não é trojan/keylogger é hacker tool.

Falta entender o que faz esse arquivo ser executado, já que no log do HijackThis não aparece nada...

Boa Tarde! Drsmith2000

 

|- Tudo indica ser arquivo que irá validar o Office.

 

|- Baixe: < > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abraços!

[Drsmith2000 0]

Boa noite DigRam.

 

Segue o link do log:

 

< Malekal.com >

[DigRam 144]

Boa Noite! Drsmith2000

 

|- Acesse:

 

 

|- Em "Arquivo para verificar",coloque:

 

|- <!> C:\Windows\SysNative\fsp_lmwl.dll

 

|- Clique em "Enviar".

|- Ps: Copie e poste,o resultado deste exame.

 

-/-

 

|- Baixe: < ZHPFix.zip >

 

|- Descompacte-o para o desktop.

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

>>

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

O4 - HKLM\..\Wow6432Node\Run: [Driver Genius] Orphean Key

O4 - Global Startup: C:\Users\Meu Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Computador - Atalho.lnk - Orphean Key

O8 - Extra context menu item: Exportar para o Microsoft Excel - (.not file.) - C:\Program Files (x86)\MICROS~4\OFFICE11\EXCEL.exe

[MD5.00000000000000000000000000000000] [APT] [{2920186C-1D1E-4EB0-B79C-F202134C2B19}] (...) -- D:\J£nior\Programas\Format\Programas\Instalados\Toaster.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{2D04FF41-329D-4499-A79E-6F2BBD1128A6}] (...) -- D:\Jogos\The Sims 2\EAUninstall.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{575DEC02-F383-488F-8120-4480F2F3D839}] (...) -- D:\Jogos\The Sims 2\The Sims 2 Mansäes e Jardins Cole‡Æo de Objetos\TSBin\Sims2Launcher.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{5A5FEA2C-C643-40DC-A19F-BF38BA9863AC}] (...) -- D:\Jogos\The Sims 2\Sims2EP9.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{7DBAD061-FCC3-4AB8-8DC4-3AAD66A6EBFD}] (...) -- D:\J£nior\Programas\Format\Programas\Instalados\Name It Your Way 1.7.2\msvbvm50.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{8281C33D-E43B-4BEF-BAA6-AC4C911F2D43}] (...) -- Z:\DirectX\dxsetup.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{FB603066-9EF5-4327-886C-F683E05E4554}] (...) -- D:\Jogos\The Sims 2\Sims2EP9.exe (.not file.)

[MD5.58177776756F9696B0F200A01612DC11] [APT] [AutoKMS] (.Microsoft.) -- C:\Windows\AutoKMS.exe => Infection Diverse (Trojan.Keygen)

O20 - Winlogon Notify: fsp_lmwl . (.FSPro Labs - Lock My PC startup lock for Windows XP x64.) -- C:\Windows\System32\fsp_lmwl.dll => Infection Vundo (Possible)

O43 - CFD: 29/07/2012 - 05:53:26 - [0] ----D C:\ProgramData\Trymedia => Infection BT (Adware.Trymedia)

O43 - CFD: 13/07/2012 - 22:51:43 - [0] ----D C:\Users\Meu Usuario\AppData\Local\Dados de aplicativos

O43 - CFD: 13/07/2012 - 22:51:43 - [0] ----D C:\Users\Meu Usuario\AppData\Local\Histórico

O43 - CFD: 24/07/2012 - 03:16:42 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{03469CBC-52AC-42E1-82F7-DA14D3ABB0D9}

O43 - CFD: 29/07/2012 - 03:26:51 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{0D79CC75-3BDD-4443-A304-B786E87ABF0D}

O43 - CFD: 22/07/2012 - 15:14:03 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{11231F74-BE60-462F-9E83-DB2CDB51C541}

O43 - CFD: 14/07/2012 - 23:47:05 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{11708FEE-D471-4CFE-BB8A-FAAB4904B414}

O43 - CFD: 24/07/2012 - 03:17:04 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{12B53B25-48F4-423D-8EE0-01C583B747CA}

O43 - CFD: 26/07/2012 - 03:20:19 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{1538A57E-7AE9-4EB0-BF12-8D516D7B3A6B}

O43 - CFD: 28/07/2012 - 03:25:30 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{16DEC083-FA48-4EA7-8B43-8742F4CA3694}

O43 - CFD: 14/07/2012 - 11:45:55 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{1C518239-4584-4FCA-A010-5D4929B03064}

O43 - CFD: 15/07/2012 - 14:14:58 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{1ED2F141-5E5B-43FC-8D73-0B701AED631D}

O43 - CFD: 27/07/2012 - 15:24:42 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{2055EAAE-032F-4A0E-815C-1491A5056B4A}

O43 - CFD: 21/07/2012 - 15:13:00 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{20B5E995-CB9D-452D-BB98-15AE0CDE1F32}

O43 - CFD: 26/07/2012 - 03:20:09 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{2336B9F9-4067-4C2F-82EE-598A33282A2A}

O43 - CFD: 16/07/2012 - 02:44:22 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{25E02AD2-98A0-4245-96A3-409D9FA731AC}

O43 - CFD: 30/07/2012 - 03:29:07 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{2631A210-528A-46EB-B0AE-84545624ECDE}

O43 - CFD: 19/07/2012 - 15:10:52 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{273D47E6-3FA7-41F5-AC35-B9F428E254D7}

O43 - CFD: 19/07/2012 - 03:10:15 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{2C789BCE-680C-46A0-B06B-A4D57CC93AE1}

O43 - CFD: 22/07/2012 - 03:13:39 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{2DC852E1-9DFE-4DB2-B187-2BA8AA85DF2D}

O43 - CFD: 15/07/2012 - 14:14:48 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{2E877333-FD9A-4416-B2DE-0C7F36D5C339}

O43 - CFD: 26/07/2012 - 03:20:29 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{3834A1A7-E6DC-4999-B081-32608F028229}

O43 - CFD: 25/07/2012 - 03:18:23 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{392FD16C-050B-438E-B8DE-4EAFD17A1EB5}

O43 - CFD: 23/07/2012 - 03:14:53 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{3FD89158-A41B-499E-918E-298CEDAFEBA4}

O43 - CFD: 28/07/2012 - 03:25:40 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{4002920E-987C-4CED-9DE8-BEEE4F908043}

O43 - CFD: 14/07/2012 - 11:45:22 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{4065A524-C42E-4AC5-AAA1-4914CD7CE5F3}

O43 - CFD: 21/07/2012 - 03:12:37 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{408AFE42-F645-4A65-AEC5-B9CCA7CB04B6}

O43 - CFD: 17/07/2012 - 15:08:35 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{40E8BB38-3632-43C4-BD61-70599C36F8FA}

O43 - CFD: 26/07/2012 - 03:20:48 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{419F29D6-E359-4E5B-AC4E-53490BA06DD8}

O43 - CFD: 26/07/2012 - 15:23:45 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{45B3B14A-A912-4EC4-AC11-0D53647F25EE}

O43 - CFD: 27/07/2012 - 03:24:10 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{46D29F5D-901E-4914-AD1D-5093A1D79763}

O43 - CFD: 24/07/2012 - 03:16:53 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{494C5B54-320D-45F8-9E11-3570630344B9}

O43 - CFD: 23/07/2012 - 15:15:30 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{4B40C01B-0340-481A-8126-65B0B55C4C1F}

O43 - CFD: 30/07/2012 - 15:30:17 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{4DDD0088-BAAD-4337-A6CB-3FB4E0D65CCB}

O43 - CFD: 18/07/2012 - 15:09:50 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{4F70FE2E-204B-4009-8B5E-4E435E7BCC99}

O43 - CFD: 27/07/2012 - 15:24:32 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{51AA76A0-5FE7-4A87-8341-5C9D4AC70C16}

O43 - CFD: 26/07/2012 - 15:23:35 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{539E3125-D1D9-4F48-B65B-BD0F64461269}

O43 - CFD: 23/07/2012 - 15:16:04 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{588B4B33-D67A-480F-83C7-BB7AFC7869C9}

O43 - CFD: 25/07/2012 - 15:19:24 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{5B764244-8992-4600-9B30-939CC70BDA92}

O43 - CFD: 20/07/2012 - 15:11:52 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{5DBFC24D-5D6D-4F69-8EAE-23393BB800A2}

O43 - CFD: 18/07/2012 - 03:08:59 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{63948DD4-6897-4D9A-9234-CFAF00BA2DF8}

O43 - CFD: 29/07/2012 - 03:27:05 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{64555331-11FB-451D-9FFE-0AAF21EAD917}

O43 - CFD: 30/07/2012 - 15:30:37 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{668786B6-7C8B-412B-ACBE-13360350A1A8}

O43 - CFD: 28/07/2012 - 15:26:14 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{6B635FED-C4AA-4A8B-8E24-72C63C523983}

O43 - CFD: 24/07/2012 - 15:18:00 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{7004A086-4CB7-42BF-8AD9-155A5B5FDAA7}

O43 - CFD: 24/07/2012 - 15:17:30 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{7556DE20-5645-4DB5-8545-1AE67AE32E3E}

O43 - CFD: 23/07/2012 - 15:15:52 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{75743CA3-7F6E-431F-823E-EA74544EF4E8}

O43 - CFD: 20/07/2012 - 03:11:40 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{75E5088D-FB0E-4E21-B190-861E5E799C1E}

O43 - CFD: 24/07/2012 - 15:17:40 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{7773DB1B-7BFB-4257-ABE8-179382261888}

O43 - CFD: 18/07/2012 - 15:09:40 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{7EADDA3A-7291-499D-A97B-3304098F4E31}

O43 - CFD: 14/07/2012 - 11:45:44 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{81801746-5CDB-42CB-AA09-4C5A5E910109}

O43 - CFD: 29/07/2012 - 15:28:31 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{8192D6D0-DA76-41A8-801D-BCFCAD3EA2C3}

O43 - CFD: 27/07/2012 - 03:24:20 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{81AFED26-6DB1-4C7F-9286-4416F2E85A35}

O43 - CFD: 20/07/2012 - 15:12:02 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{82E3AFD4-4640-4991-83AA-74A04C76937E}

O43 - CFD: 25/07/2012 - 15:19:34 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{86EF360F-E52F-4E54-AD8A-1942AD31E916}

O43 - CFD: 16/07/2012 - 15:07:25 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{87EA5674-5BF3-47B3-A5B3-23B1FE80268B}

O43 - CFD: 25/07/2012 - 03:18:34 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{8D274502-DC95-4A00-BEBB-52CF6CA5E83B}

O43 - CFD: 20/07/2012 - 03:11:30 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{92446EBE-6439-4F02-BCA9-FF76D6BC59BB}

O43 - CFD: 15/07/2012 - 14:15:08 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{9B438DE8-446D-4D69-847A-1E7DCAF2930F}

O43 - CFD: 17/07/2012 - 03:08:02 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{A07D5987-2780-42DB-B9A9-86A845A6CA3C}

O43 - CFD: 25/07/2012 - 15:19:10 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{A3E135A1-25BB-4B6E-92EC-1675484B3FB6}

O43 - CFD: 14/07/2012 - 11:45:33 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{A3FBAF01-A1D1-4046-A517-D84B9192FA22}

O43 - CFD: 26/07/2012 - 15:23:15 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{A8C32224-2562-46A9-9727-9686FF8224A0}

O43 - CFD: 16/07/2012 - 15:07:36 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{AB8B7907-9E80-4E21-921B-4033B948A96C}

O43 - CFD: 14/07/2012 - 11:45:11 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{AC826785-1685-4B31-AD81-942FBCB33E48}

O43 - CFD: 24/07/2012 - 03:16:31 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{AD33F1B3-2371-41A9-B3C0-4B5369CFC78A}

O43 - CFD: 16/07/2012 - 02:44:32 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{AF5DCE3B-C93B-4D1E-A4A1-409D904BC6EC}

O43 - CFD: 21/07/2012 - 03:12:27 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{AF82DE89-6941-41D9-9495-329616D6DD71}

O43 - CFD: 25/07/2012 - 15:19:44 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{B3C6B3F4-9CA6-4C67-BF0D-A2A1B798C395}

O43 - CFD: 17/07/2012 - 03:09:49 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{B9AA8271-CF3B-43CC-8E1A-0DA8CF87F4E9}

O43 - CFD: 25/07/2012 - 15:19:00 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{BA3E36F9-F911-4E7D-911F-12735FCC8B91}

O43 - CFD: 28/07/2012 - 03:25:07 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{BB35FCDC-0ABC-4AC9-9D4E-BFA1C67C44F5}

O43 - CFD: 28/07/2012 - 03:25:17 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{BCEC8481-17F2-4DBB-9769-2B1D29E08B45}

O43 - CFD: 17/07/2012 - 03:08:12 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{BD0E2847-AC01-44C3-AD9B-A27510D2675A}

O43 - CFD: 29/07/2012 - 15:27:56 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{BDE6A4A0-E2DD-4717-99CA-A97A6B73D43A}

O43 - CFD: 29/07/2012 - 15:28:19 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{BECC0E2A-C55D-4A7F-9E78-396D7CF40ADB}

O43 - CFD: 22/07/2012 - 15:13:52 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{BFA060E6-A9A4-43D5-829C-AD155DCC7E77}

O43 - CFD: 18/07/2012 - 03:09:28 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{C0BAA6FB-3AC1-46E0-BBBE-9DF80971EE62}

O43 - CFD: 23/07/2012 - 03:15:03 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{C1732A2D-109F-437A-BEE6-0B077E8048C7}

O43 - CFD: 26/07/2012 - 03:20:38 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{C1E6BEBD-2495-4CED-B32F-0E33D8A9629F}

O43 - CFD: 29/07/2012 - 03:27:25 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{C3E50F72-12CF-4EB5-A6B6-3261B2C47099}

O43 - CFD: 21/07/2012 - 15:12:50 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{C4E53A83-DA1D-45C8-AD8E-4AACD17EEC27}

O43 - CFD: 30/07/2012 - 03:29:53 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{C7AE2F04-734B-4FC7-BBFB-5845D8A4C6F7}

O43 - CFD: 14/07/2012 - 23:46:44 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{C9FB089F-860D-4EE1-B5FF-18CD092F6D89}

O43 - CFD: 15/07/2012 - 14:14:38 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{CA4A68C1-8887-4D86-932D-3990980C7FCA}

O43 - CFD: 29/07/2012 - 03:27:15 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{CA553A52-458E-4177-9F32-E9D41B4C4FD8}

O43 - CFD: 14/07/2012 - 23:46:54 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{CAE1156C-27B4-4600-8B74-B450F4E7BE9A}

O43 - CFD: 18/07/2012 - 03:09:19 - [0] ----D C:\Users\Meu UsuarioAppData\Local\{CEBA179B-A2AA-4516-90D5-82E1ACB562BB}

O43 - CFD: 19/07/2012 - 15:11:03 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{D004FBB6-4814-4129-959D-D61F24742DDF}

O43 - CFD: 23/07/2012 - 15:15:42 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{D219EE0C-1B45-432D-8808-B47C578E54CF}

O43 - CFD: 23/07/2012 - 03:14:33 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{D2E64A13-912D-4EE6-A53E-DC811E17A9FB}

O43 - CFD: 30/07/2012 - 15:30:28 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{D39C1A16-C780-4FA6-891F-9C553E022563}

O43 - CFD: 25/07/2012 - 03:18:12 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{D65451FB-CFD9-47D8-9178-CDA596669133}

O43 - CFD: 30/07/2012 - 03:29:26 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{D67CA422-4FC5-4941-ADDD-E74DFD6DDC96}

O43 - CFD: 26/07/2012 - 15:23:26 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{DD0D10E6-C47C-4739-86C5-561488583D97}

O43 - CFD: 23/07/2012 - 03:14:43 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{DF88D22B-FC3E-4D57-8871-18E45FD83D16}

O43 - CFD: 28/07/2012 - 15:26:04 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{E21B2ED7-FBD2-4633-B2A1-35E1A7CAD641}

O43 - CFD: 19/07/2012 - 03:10:25 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{E4FC07B8-353B-4612-A38F-96CB7E9D6A2E}

O43 - CFD: 14/07/2012 - 23:46:32 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{E7F8717A-6553-46B8-96FD-091FC019E1BA}

O43 - CFD: 24/07/2012 - 15:17:49 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{E910C9B7-2A53-4781-BB1B-BD279D9D642F}

O43 - CFD: 22/07/2012 - 03:13:29 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{E9AE495C-4FEF-4E6C-9A1D-5130EEA73075}

O43 - CFD: 29/07/2012 - 15:28:08 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{EFFDD139-FF4C-4DB0-8116-672F75A8BDBC}

O43 - CFD: 30/07/2012 - 15:30:48 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{F1869922-75B2-4D9A-9239-BD8D759B86DB}

O43 - CFD: 13/07/2012 - 23:44:44 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{F57E032A-160F-48B4-9893-442E887A16CE}

O43 - CFD: 18/07/2012 - 03:09:09 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{F8ED20C9-DD63-4F1D-AB67-799650FA35F1}

O43 - CFD: 30/07/2012 - 03:29:38 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{FB363BDB-AE0E-4C98-92A2-181A79CF26FF}

O43 - CFD: 13/07/2012 - 23:44:15 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{FBC5B88A-674E-4611-B90E-F7C5C63E3242}

O43 - CFD: 17/07/2012 - 15:08:25 - [0] ----D C:\Users\Meu Usuario\AppData\Local\{FED2BD32-74A0-4D23-85D7-E7CB3B859ED3}

O44 - LFC:[MD5.58177776756F9696B0F200A01612DC11] - 14/07/2012 - 05:05:16 ---A- . (.Microsoft - AutoKMS.) -- C:\Windows\AutoKMS.exe [472576] => Infection Diverse (Trojan.Keygen)

O44 - LFC:[MD5.667A2D21E6587436C941AAF4A7650E1A] - 13/07/2012 - 23:30:54 ---A- . (.FSPro Labs - Lock My PC startup lock for Windows XP x64.) -- C:\Windows\SysNative\fsp_lmwl.dll [43648] => Infection Vundo (Possible)

 

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

 

C:\ProgramData\Trymedia => Infection BT (Adware.Trymedia)

 

emptytemp

emptyflash

proxyfix

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

[Drsmith2000 0]

Feito, estes são os resultados:

Relatório: fsp_lmwl.dll

 

ZHPFix:

 

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Meu Usuario at 30/07/2012 21:40:20

Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Memory Process ==========

DELETED Memory Process: C:\Windows\AutoKMS.exe

 

========== Registry Key ==========

NOT FOUND Key: Menu Contextuel: Exportar para o Microsoft Excel

DELETED Key: Winlogon Notify: fsp_lmwl

 

========== Registry Value ==========

DELETED RunValue: Driver Genius

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (Private) : {D19DF7F6-9567-48DB-B874-660326E330B9}

DELETED FirewallRaz (Private) : {7E06FFC2-ABFD-4CD2-9D5A-FDE32F58D94F}

DELETED FirewallRaz (Private) : {BFBD4A10-9798-47E0-B0E3-A46DB9BE858B}

DELETED FirewallRaz (Private) : {78F5D2BB-BEC9-4ECA-9267-C75B0363097C}

DELETED FirewallRaz (Private) : TCP Query User{98C58715-1321-4231-B177-5F99C0F3B471}D:\jogos\fifa 12\game\fifa.exe

DELETED FirewallRaz (Private) : UDP Query User{C832B3D5-11DE-4173-A118-59D0C6A7DF76}D:\jogos\fifa 12\game\fifa.exe

 

========== Registry Data Items ==========

REPLACED Value NoActiveDesktopChanges : Good (0) - Bad (1)

REPLACED Value EnableLUA : Good (1) - Bad (0)

 

========== Repertory ==========

NOT FOUND C:\ProgramData\Trymedia

NOT FOUND C:\Users\Meu Usuario\AppData\Local\Dados de aplicativos

NOT FOUND C:\Users\Meu Usuario\AppData\Local\Histórico

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{03469CBC-52AC-42E1-82F7-DA14D3ABB0D9}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{0D79CC75-3BDD-4443-A304-B786E87ABF0D}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{11231F74-BE60-462F-9E83-DB2CDB51C541}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{11708FEE-D471-4CFE-BB8A-FAAB4904B414}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{12B53B25-48F4-423D-8EE0-01C583B747CA}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{1538A57E-7AE9-4EB0-BF12-8D516D7B3A6B}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{16DEC083-FA48-4EA7-8B43-8742F4CA3694}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{1C518239-4584-4FCA-A010-5D4929B03064}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{1ED2F141-5E5B-43FC-8D73-0B701AED631D}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{2055EAAE-032F-4A0E-815C-1491A5056B4A}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{20B5E995-CB9D-452D-BB98-15AE0CDE1F32}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{2336B9F9-4067-4C2F-82EE-598A33282A2A}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{25E02AD2-98A0-4245-96A3-409D9FA731AC}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{2631A210-528A-46EB-B0AE-84545624ECDE}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{273D47E6-3FA7-41F5-AC35-B9F428E254D7}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{2C789BCE-680C-46A0-B06B-A4D57CC93AE1}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{2DC852E1-9DFE-4DB2-B187-2BA8AA85DF2D}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{2E877333-FD9A-4416-B2DE-0C7F36D5C339}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{3834A1A7-E6DC-4999-B081-32608F028229}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{392FD16C-050B-438E-B8DE-4EAFD17A1EB5}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{3FD89158-A41B-499E-918E-298CEDAFEBA4}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{4002920E-987C-4CED-9DE8-BEEE4F908043}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{4065A524-C42E-4AC5-AAA1-4914CD7CE5F3}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{408AFE42-F645-4A65-AEC5-B9CCA7CB04B6}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{40E8BB38-3632-43C4-BD61-70599C36F8FA}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{419F29D6-E359-4E5B-AC4E-53490BA06DD8}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{45B3B14A-A912-4EC4-AC11-0D53647F25EE}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{46D29F5D-901E-4914-AD1D-5093A1D79763}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{494C5B54-320D-45F8-9E11-3570630344B9}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{4B40C01B-0340-481A-8126-65B0B55C4C1F}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{4DDD0088-BAAD-4337-A6CB-3FB4E0D65CCB}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{4F70FE2E-204B-4009-8B5E-4E435E7BCC99}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{51AA76A0-5FE7-4A87-8341-5C9D4AC70C16}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{539E3125-D1D9-4F48-B65B-BD0F64461269}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{588B4B33-D67A-480F-83C7-BB7AFC7869C9}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{5B764244-8992-4600-9B30-939CC70BDA92}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{5DBFC24D-5D6D-4F69-8EAE-23393BB800A2}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{63948DD4-6897-4D9A-9234-CFAF00BA2DF8}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{64555331-11FB-451D-9FFE-0AAF21EAD917}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{668786B6-7C8B-412B-ACBE-13360350A1A8}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{6B635FED-C4AA-4A8B-8E24-72C63C523983}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{7004A086-4CB7-42BF-8AD9-155A5B5FDAA7}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{7556DE20-5645-4DB5-8545-1AE67AE32E3E}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{75743CA3-7F6E-431F-823E-EA74544EF4E8}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{75E5088D-FB0E-4E21-B190-861E5E799C1E}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{7773DB1B-7BFB-4257-ABE8-179382261888}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{7EADDA3A-7291-499D-A97B-3304098F4E31}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{81801746-5CDB-42CB-AA09-4C5A5E910109}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{8192D6D0-DA76-41A8-801D-BCFCAD3EA2C3}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{81AFED26-6DB1-4C7F-9286-4416F2E85A35}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{82E3AFD4-4640-4991-83AA-74A04C76937E}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{86EF360F-E52F-4E54-AD8A-1942AD31E916}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{87EA5674-5BF3-47B3-A5B3-23B1FE80268B}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{8D274502-DC95-4A00-BEBB-52CF6CA5E83B}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{92446EBE-6439-4F02-BCA9-FF76D6BC59BB}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{9B438DE8-446D-4D69-847A-1E7DCAF2930F}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{A07D5987-2780-42DB-B9A9-86A845A6CA3C}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{A3E135A1-25BB-4B6E-92EC-1675484B3FB6}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{A3FBAF01-A1D1-4046-A517-D84B9192FA22}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{A8C32224-2562-46A9-9727-9686FF8224A0}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{AB8B7907-9E80-4E21-921B-4033B948A96C}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{AC826785-1685-4B31-AD81-942FBCB33E48}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{AD33F1B3-2371-41A9-B3C0-4B5369CFC78A}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{AF5DCE3B-C93B-4D1E-A4A1-409D904BC6EC}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{AF82DE89-6941-41D9-9495-329616D6DD71}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{B3C6B3F4-9CA6-4C67-BF0D-A2A1B798C395}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{B9AA8271-CF3B-43CC-8E1A-0DA8CF87F4E9}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{BA3E36F9-F911-4E7D-911F-12735FCC8B91}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{BB35FCDC-0ABC-4AC9-9D4E-BFA1C67C44F5}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{BCEC8481-17F2-4DBB-9769-2B1D29E08B45}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{BD0E2847-AC01-44C3-AD9B-A27510D2675A}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{BDE6A4A0-E2DD-4717-99CA-A97A6B73D43A}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{BECC0E2A-C55D-4A7F-9E78-396D7CF40ADB}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{BFA060E6-A9A4-43D5-829C-AD155DCC7E77}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{C0BAA6FB-3AC1-46E0-BBBE-9DF80971EE62}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{C1732A2D-109F-437A-BEE6-0B077E8048C7}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{C1E6BEBD-2495-4CED-B32F-0E33D8A9629F}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{C3E50F72-12CF-4EB5-A6B6-3261B2C47099}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{C4E53A83-DA1D-45C8-AD8E-4AACD17EEC27}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{C7AE2F04-734B-4FC7-BBFB-5845D8A4C6F7}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{C9FB089F-860D-4EE1-B5FF-18CD092F6D89}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{CA4A68C1-8887-4D86-932D-3990980C7FCA}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{CA553A52-458E-4177-9F32-E9D41B4C4FD8}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{CAE1156C-27B4-4600-8B74-B450F4E7BE9A}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{CEBA179B-A2AA-4516-90D5-82E1ACB562BB}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{D004FBB6-4814-4129-959D-D61F24742DDF}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{D219EE0C-1B45-432D-8808-B47C578E54CF}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{D2E64A13-912D-4EE6-A53E-DC811E17A9FB}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{D39C1A16-C780-4FA6-891F-9C553E022563}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{D65451FB-CFD9-47D8-9178-CDA596669133}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{D67CA422-4FC5-4941-ADDD-E74DFD6DDC96}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{DD0D10E6-C47C-4739-86C5-561488583D97}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{DF88D22B-FC3E-4D57-8871-18E45FD83D16}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{E21B2ED7-FBD2-4633-B2A1-35E1A7CAD641}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{E4FC07B8-353B-4612-A38F-96CB7E9D6A2E}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{E7F8717A-6553-46B8-96FD-091FC019E1BA}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{E910C9B7-2A53-4781-BB1B-BD279D9D642F}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{E9AE495C-4FEF-4E6C-9A1D-5130EEA73075}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{EFFDD139-FF4C-4DB0-8116-672F75A8BDBC}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{F1869922-75B2-4D9A-9239-BD8D759B86DB}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{F57E032A-160F-48B4-9893-442E887A16CE}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{F8ED20C9-DD63-4F1D-AB67-799650FA35F1}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{FB363BDB-AE0E-4C98-92A2-181A79CF26FF}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{FBC5B88A-674E-4611-B90E-F7C5C63E3242}

DELETED Folder: C:\Users\Meu Usuario\AppData\Local\{FED2BD32-74A0-4D23-85D7-E7CB3B859ED3}

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETED c:\users\Meu Usuario\appdata\roaming\microsoft\internet explorer\quick launch\computador - atalho.lnk

NOT FOUND File: c:\program files (x86)\micros~4\office11\excel.exe

DELETED File: c:\windows\autokms.exe

DELETE on Reboot c:\windows\system32\fsp_lmwl.dll

NOT FOUND File: c:\windows\autokms.exe

DELETED c:\windows\sysnative\fsp_lmwl.dll

NOT FOUND Folder/File: c:\programdata\trymedia

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Task ==========

DELETED Task: {2920186C-1D1E-4EB0-B79C-F202134C2B19}

DELETED Task: {2D04FF41-329D-4499-A79E-6F2BBD1128A6}

DELETED Task: {575DEC02-F383-488F-8120-4480F2F3D839}

DELETED Task: {5A5FEA2C-C643-40DC-A19F-BF38BA9863AC}

DELETED Task: {7DBAD061-FCC3-4AB8-8DC4-3AAD66A6EBFD}

DELETED Task: {8281C33D-E43B-4BEF-BAA6-AC4C911F2D43}

DELETED Task: {FB603066-9EF5-4327-886C-F683E05E4554}

DELETED Task: AutoKMS

 

========== Restoration ==========

Restore System Point not created

 

 

========== Summary ==========

1 : Memory Process

2 : Registry Key

15 : Registry Value

2 : Registry Data Items

110 : Repertory

9 : File

8 : Task

1 : Restoration

 

 

End of clean in 00mn 34s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 30/07/2012 21:40:20 [13160]

 

No log alterei meu nome de usuário pra "Meu Usuario" só pra evitar que meu sobrenome seja indexado por buscadores.

Se puder editar o seu post acima fazendo o mesmo ou removendo a parte do "quote" eu ficaria bastante grato. :)

 

Obrigado.

[DigRam 144]

Boa Noite! Drsmith2000

 

|- Baixe: < > ( ... by sUBs )

|- Salve-o no desktop! ( Área de trabalho! )

|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )

|- Feche algum programa/arquivo que esteja aberto.

|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )

|- Ps: Esteja conectado(a) à Internet. <- Importante!

|- Execute ComboFix.exe,com um duplo clique.

|- Para Windows Vista e/ou 7,dê clique direito em ComboFix.exe e execute-o como administrador.

|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!

|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.

|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.

|- Abrir-se-á a janela Auto Scan.

 

 

|- Aguarde a finalização de todas as Etapas.

|- Durante o scan,evite utilizar o mouse ou teclado!

|- Concluindo,poste: C:\ComboFix.txt

|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

 

Abraços!

[Drsmith2000 0]

Bom dia DigRam.

 

Obrigado por alterar os usuários do relatório, ficou faltando apenas 1 na segunda linha. :grin:

 

Abaixo está o log gerado pelo ComboFix:

 

 

ComboFix 12-07-30.03 - Meu Usuario 31/07/2012 5:05.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.16340.13885 [GMT -3:00]

Executando de: c:\users\Meu Usuario\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

ADS - drivers: deleted 212 bytes in 1 streams.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-06-28 to 2012-07-31 ))))))))))))))))))))))))))))

.

.

2012-07-31 08:10 . 2012-07-31 08:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-31 04:36 . 2012-07-31 05:01 -------- d-----w- c:\programdata\Ubisoft

2012-07-31 04:31 . 2012-07-31 04:31 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-31 04:31 . 2012-07-31 04:31 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-07-31 03:48 . 2012-07-31 03:48 -------- d-----w- c:\program files (x86)\XMedia Recode

2012-07-30 18:56 . 2012-07-30 20:20 -------- d-----w- c:\program files (x86)\ZHPDiag

2012-07-30 02:52 . 2012-07-30 02:52 -------- d-----w- c:\program files (x86)\Ubisoft

2012-07-30 01:48 . 2012-07-30 01:48 -------- d-----w- c:\program files (x86)\Microsoft WSE

2012-07-28 07:18 . 2012-07-28 07:18 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2012-07-28 07:14 . 2007-04-04 22:39 442368 ----a-r- c:\windows\SysWow64\vp6vfw.dll

2012-07-26 18:02 . 2012-06-06 21:51 46016 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys

2012-07-26 18:02 . 2012-07-26 18:02 -------- d-----w- c:\program files (x86)\GbPlugin

2012-07-26 18:02 . 2012-07-26 18:02 -------- d-----w- c:\programdata\GbPlugin

2012-07-25 22:03 . 2011-09-29 09:30 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2012-07-25 21:45 . 2009-12-08 20:17 8151040 ------w- c:\windows\SysWow64\CM106.dll

2012-07-25 21:45 . 2009-04-02 18:59 143360 ------w- c:\windows\Vmix106.dll

2012-07-25 21:45 . 2009-01-16 20:12 221184 ------w- c:\windows\system\cm106eye.exe

2012-07-25 21:45 . 2008-07-23 21:00 389120 ------w- c:\windows\system32\CM106.cpl

2012-07-25 21:45 . 2006-09-13 15:08 491520 ------w- c:\windows\system\cmau106.dll

2012-07-25 21:45 . 2006-09-13 12:21 200704 ------w- c:\windows\SysWow64\cmpa106.dll

2012-07-25 21:39 . 2010-08-12 20:24 1310720 ----a-w- c:\windows\system32\drivers\CM10664.sys

2012-07-25 21:39 . 2004-04-14 13:28 315392 ----a-w- c:\windows\system\fltr106.dll

2012-07-25 21:39 . 2012-01-04 19:58 786200 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys

2012-07-25 21:39 . 2012-01-04 19:58 355096 ----a-w- c:\windows\system32\drivers\iusb3hub.sys

2012-07-25 21:10 . 2012-03-29 01:19 15128 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll

2012-07-25 21:10 . 2012-07-25 21:10 -------- d-----w- c:\programdata\Intel

2012-07-25 21:10 . 2012-07-25 21:10 -------- d-----w- c:\program files\Intel

2012-07-25 21:10 . 2012-07-25 21:10 -------- d-----w- c:\program files (x86)\Common Files\postureAgent

2012-07-25 20:59 . 2012-07-25 21:29 -------- d-----w- c:\windows\SysWow64\RTCOM

2012-07-25 20:59 . 2012-02-21 22:45 2605400 ----a-w- c:\windows\system32\WavesGUILib.dll

2012-07-25 20:59 . 2012-01-30 14:43 836544 ----a-w- c:\windows\system32\tadefxapo264.dll

2012-07-25 20:59 . 2012-01-10 13:20 65944 ----a-w- c:\windows\system32\tepeqapo64.dll

2012-07-25 20:59 . 2011-03-17 15:17 1361336 ----a-w- c:\windows\system32\tosade.dll

2012-07-25 20:59 . 2011-03-07 20:11 148416 ----a-w- c:\windows\system32\tadefxapo.dll

2012-07-25 20:59 . 2009-11-24 12:55 518896 ----a-w- c:\windows\system32\SRSTSX64.dll

2012-07-25 20:59 . 2009-11-24 12:55 211184 ----a-w- c:\windows\system32\SRSTSH64.dll

2012-07-25 20:59 . 2009-11-24 12:55 198896 ----a-w- c:\windows\system32\SRSHP64.dll

2012-07-25 20:59 . 2009-11-24 12:55 155888 ----a-w- c:\windows\system32\SRSWOW64.dll

2012-07-25 20:50 . 2012-07-25 21:30 -------- d-----w- c:\program files\CCleaner

2012-07-24 03:44 . 2012-07-25 21:30 -------- d-----w- c:\program files (x86)\SSH Explorer

2012-07-24 03:31 . 2012-07-24 03:31 -------- d-----w- c:\programdata\GlobalSCAPE

2012-07-24 03:30 . 2012-07-24 03:30 -------- d-----w- c:\program files (x86)\GlobalSCAPE

2012-07-24 00:34 . 2012-07-24 00:34 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-23 05:24 . 2012-07-23 05:24 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems

2012-07-23 05:23 . 2012-07-23 05:24 -------- d-----w- c:\program files (x86)\UltraISO

2012-07-23 05:16 . 2012-07-23 05:16 -------- d-----w- c:\programdata\RELOADED

2012-07-22 05:22 . 2012-07-25 21:32 -------- d-----w- c:\programdata\DriverGenius

2012-07-22 05:21 . 2012-07-22 05:21 -------- d-----w- c:\program files (x86)\Driver-Soft

2012-07-22 03:13 . 2012-07-22 03:13 -------- d-----w- c:\program files\Common Files\DESIGNER

2012-07-22 03:13 . 2012-07-22 03:13 -------- d-----w- c:\windows\PCHEALTH

2012-07-22 03:03 . 2012-07-22 03:03 -------- d-----w- c:\windows\system32\appmgmt

2012-07-22 01:50 . 2012-07-22 01:50 -------- d-----w- c:\programdata\REVOLT

2012-07-22 00:08 . 2012-07-22 00:08 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

2012-07-22 00:08 . 2012-07-22 00:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-07-22 00:07 . 2012-07-22 00:08 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2012-07-22 00:07 . 2012-07-22 00:07 -------- d-----w- c:\windows\SysWow64\xlive

2012-07-21 22:31 . 2012-07-21 22:31 -------- d-----w- c:\program files (x86)\Common Files\EAInstaller

2012-07-21 19:04 . 2012-07-31 05:33 -------- d-----w- c:\program files (x86)\Tribo Gamer

2012-07-21 17:57 . 2012-07-31 07:57 -------- d-----w- c:\program files (x86)\GameVicio

2012-07-21 17:30 . 2012-07-21 17:57 -------- d-----w- c:\program files (x86)\Duke Nukem Forever

2012-07-19 05:59 . 2012-07-19 05:59 -------- d-----w- c:\program files (x86)\Cooler Master

2012-07-19 05:23 . 2012-07-19 05:23 -------- d-----w- c:\program files (x86)\Rockstar Games

2012-07-19 04:50 . 2012-07-19 04:50 -------- d-----w- c:\programdata\Rockstar Games

2012-07-19 00:02 . 2012-07-19 00:02 834544 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-07-19 00:01 . 2012-07-19 00:02 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2012-07-19 00:01 . 2012-07-19 00:01 -------- d-----w- c:\programdata\DAEMON Tools Lite

2012-07-18 19:56 . 2012-07-18 19:56 -------- d-----w- c:\program files (x86)\Karmian

2012-07-17 02:10 . 2012-07-19 07:27 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-07-17 02:10 . 2012-07-31 07:44 -------- d-----w- c:\program files (x86)\Steam

2012-07-17 00:51 . 2012-07-17 00:51 -------- d-----w- c:\program files (x86)\Futuremark

2012-07-17 00:50 . 2010-05-26 14:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-07-17 00:50 . 2010-05-26 14:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-07-17 00:50 . 2006-09-28 19:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll

2012-07-17 00:47 . 2012-07-17 00:47 -------- d-----w- c:\program files\Futuremark

2012-07-15 02:17 . 2012-07-15 02:30 -------- d---a-w- c:\program files (x86)\ScreenHunter Portable

2012-07-15 01:41 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-15 01:33 . 2012-07-03 06:19 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-15 01:32 . 2012-06-18 06:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3054C62E-3CB4-4223-9127-1FF44942831C}\mpengine.dll

2012-07-15 01:31 . 2012-07-15 01:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-07-15 01:28 . 2011-05-04 05:25 2315776 ----a-w- c:\windows\system32\tquery.dll

2012-07-15 01:27 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll

2012-07-15 01:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-07-15 00:38 . 2012-07-31 08:12 -------- d-----w- c:\programdata\Kaspersky Lab

2012-07-15 00:38 . 2012-07-15 00:38 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2012-07-15 00:38 . 2012-07-15 00:38 615728 ----a-w- c:\windows\system32\drivers\klif.sys

2012-07-14 20:39 . 2012-07-14 20:39 -------- d-----w- c:\programdata\Xilisoft

2012-07-14 20:39 . 2012-07-14 20:39 -------- d-----w- c:\program files (x86)\Xilisoft

2012-07-14 18:53 . 2012-07-22 00:00 -------- d-----w- c:\program files (x86)\JDownloader

2012-07-14 08:02 . 2012-07-17 00:49 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-07-14 08:00 . 2012-07-14 08:00 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-07-14 08:00 . 2012-07-14 08:00 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-07-14 08:00 . 2012-07-29 20:26 -------- d-----w- c:\programdata\Microsoft Help

2012-07-14 08:00 . 2012-07-14 08:02 -------- d-----w- c:\program files\Microsoft Office

2012-07-14 08:00 . 2012-07-14 08:00 -------- d-----r- C:\MSOCache

2012-07-14 06:49 . 2012-07-14 06:49 -------- d-----w- c:\program files (x86)\DVDFab 7

2012-07-14 06:49 . 2012-07-19 02:49 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-07-14 06:47 . 2012-07-16 20:32 -------- d-----w- c:\program files (x86)\NIYoW

2012-07-14 06:47 . 2002-12-20 17:02 1077336 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-07-14 06:47 . 2001-07-05 18:05 40448 ----a-w- c:\windows\SysWow64\dsofile.dll

2012-07-14 06:47 . 2001-02-23 21:12 102400 ----a-w- c:\windows\SysWow64\MRActLabel.ocx

2012-07-14 06:47 . 2000-10-11 21:18 98304 ----a-w- c:\windows\SysWow64\ccrpDtp6.ocx

2012-07-14 06:47 . 2000-10-11 21:07 98304 ----a-w- c:\windows\SysWow64\ccrpUCW6.dll

2012-07-14 06:47 . 2000-05-22 03:00 140488 ----a-w- c:\windows\SysWow64\Comdlg32.ocx

2012-07-14 06:47 . 2000-05-22 03:00 115920 ----a-w- c:\windows\SysWow64\MSINET.OCX

2012-07-14 06:47 . 1999-10-30 04:00 159744 ----a-w- c:\windows\SysWow64\ccrpftv.ocx

2012-07-14 03:00 . 2012-07-14 03:00 -------- d-----w- c:\windows\Sun

2012-07-14 02:59 . 2012-07-14 02:59 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-14 02:59 . 2012-07-14 02:59 -------- d-----w- c:\program files (x86)\Oracle

2012-07-14 02:59 . 2012-07-06 01:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-14 02:59 . 2012-07-06 01:06 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-14 02:59 . 2012-07-14 02:59 -------- d-----w- c:\program files (x86)\Java

2012-07-14 02:43 . 2012-07-14 02:43 -------- d-----w- c:\programdata\Messenger Plus!

2012-07-14 02:41 . 2012-07-14 02:41 -------- d-----w- c:\program files (x86)\Nero

2012-07-14 02:40 . 2012-07-14 02:40 -------- d-----w- c:\program files (x86)\Common Files\Nero

2012-07-14 02:34 . 2011-07-21 14:42 35648 ----a-w- c:\windows\system32\drivers\jakndis.sys

2012-07-14 02:34 . 2012-07-14 02:34 -------- d-----w- c:\program files (x86)\Jaksta Technologies

2012-07-14 02:34 . 2012-07-14 02:34 -------- d-----w- c:\programdata\Applian

2012-07-14 02:33 . 2008-07-10 16:56 107864 ----a-w- c:\windows\SysWow64\tsccvid.dll

2012-07-14 02:33 . 2012-07-14 02:33 -------- d-----w- c:\windows\SysWow64\QuickTime

2012-07-14 02:33 . 2012-07-14 02:33 -------- d-----w- c:\program files (x86)\Foxit Software

2012-07-14 02:33 . 2012-07-14 02:33 -------- d-----w- c:\programdata\TechSmith

2012-07-14 02:33 . 2012-07-14 02:33 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared

2012-07-14 02:33 . 2012-07-14 02:33 -------- d-----w- c:\program files (x86)\TechSmith

2012-07-14 02:32 . 2012-07-14 02:32 -------- d-----w- c:\users\HomeGroupUser$

2012-07-14 02:32 . 2012-07-14 02:32 -------- d-----w- c:\users\Convidado

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-14 02:19 . 2011-03-28 21:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-05-31 15:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-21 03:24 . 2012-01-04 19:58 41984 ----a-w- c:\windows\system32\drivers\USB3Ver.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2010-08-30 2790400]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-26 16184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]

"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GbPlugin\gbiehuni.dll" [2012-06-06 615104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2012-06-06 21:49 615104 ----a-w- c:\program files (x86)\GbPlugin\gbiehuni.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer7"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

2;2 UNS;Intel® Management and Security Application User Notification Service [x]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]

R3 jakndis;Jaksta Service;c:\windows\system32\DRIVERS\jakndis.sys [2011-07-21 35648]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-19 834544]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]

S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2010-08-30 88200]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-06-06 213696]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-04-10 165144]

S2 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [2007-06-12 52592]

S3 iusb3hub;Driver para hub Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]

S3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]

S3 jakndisMP;jakndisMP;c:\windows\system32\DRIVERS\jakndis.sys [2011-07-21 35648]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]

S3 LMPC4;LMPC4; [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]

S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]

S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2010-08-12 1310720]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 22:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]

"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-12-08 8151040]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.uol.com.br/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Preencher - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{A172EFD9-1BE4-4A90-9C8B-C852B292F9F8}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Meu Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\33bwr4cu.default\

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-1164544338-3281865946-3170917630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1164544338-3281865946-3170917630-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files\Lock My PC 4\lockpc.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-07-31 05:19:06 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-07-31 08:19

.

Pré-execução: 105.098.821.632 bytes disponíveis

Pós execução: 106.152.660.992 bytes disponíveis

.

- - End Of File - - 427172511C8C7EEF7BAC5D39E20BEE8D

[DigRam 144]

Bom Dia! Drsmith2000

 

Drsmith2000, em 31 julho 2012 - 06:27 , disse:

Bom dia DigRam.

 

Obrigado por alterar os usuários do relatório, ficou faltando apenas 1 na segunda linha. :grin:

 

Abaixo está o log gerado pelo ComboFix:

|- Feito!

 

-/-

 

|- Renomeie o Combofix.exe para uninstall.exe e execute-o.

|- Ps: Muitos confundem com nova reinstalação,mas a ferramenta fará a desinstalação.

|- Seus logs estão limpos!

|- Tudo Ok?

 

Abraços!

[Drsmith2000 0]

Bom dia DigRam.

 

Muito obrigado pela ajuda, agora está tudo certo. :clap:

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.