[Resolvido] &nbspAnalise de log

[Jorgim 0]

Olá pessoal,

a bem tempo acompanho o fórum, e sempre que preciso encontro tutoriais que me são úteis,

porém esta semana me deparei com um problema no pc.

Ele tem estado muito lento, além de sempre dar erro em vários arquivos (update.exe ; Dwwin.exe ; etc)

e agora sempre que abro o navegador ele fecha automaticamente.

Procurei solução e até encontrei algo parecido, porém no tópico estava escrito que a solução era apenas para o pc com log descrito.

Posto aqui meu Log Hijackthis e Combofix, afim de que alguém possa me ajudar,

de antemão agradeço,

att,

Jorgim.

 

 

HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:24:47, on 5/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre7\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\MySQL\bin\mysqld.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\adm\Meus documentos\Downloads\runscanner.exe

C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\adm\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll (file missing)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: imagem.caixa.gov.br

O15 - Trusted Zone: internetbanking.caixa.gov.br

O15 - Trusted Zone: www.caixa.gov.br

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe

O23 - Service: MySQL - Unknown owner - C:\MySQL\bin\mysqld.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

 

--

End of file - 11823 bytes

 

 

 

 

 

COMBOFIX

 

 

ComboFix 12-12-04.01 - adm 05/12/2012 12:06:15.1.2 - x86 DSREPAIR

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1493 [GMT -2:00]

Executando de: c:\documents and settings\adm\Meus documentos\Downloads\ComboFix.exe

.

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\arquivos de programas\DealPly

c:\arquivos de programas\DealPly\sqlite3.dll

c:\arquivos de programas\Java\jre7\bin\ssv.dll

c:\documents and settings\adm\Dados de aplicativos\desktop.ini

c:\documents and settings\adm\Dados de aplicativos\Eqco

c:\documents and settings\adm\Dados de aplicativos\Eqco\ujag.exe

c:\documents and settings\adm\Dados de aplicativos\ntuser.dat

c:\documents and settings\adm\Dados de aplicativos\updates

c:\documents and settings\adm\Dados de aplicativos\updates\updates.exe

c:\documents and settings\adm\Dados de aplicativos\xmijks1zbsbe2pgibxkayzuxlcavxnv32

c:\documents and settings\adm\Dados de aplicativos\xmijks1zbsbe2pgibxkayzuxlcavxnv32\svcnost.exe

c:\documents and settings\adm\jojifxesamaq.exe

c:\documents and settings\adm\keaqehogeazu.exe

c:\documents and settings\adm\paiewa.exe

c:\documents and settings\adm\polsigqawewy.exe

c:\documents and settings\adm\ridusynoqalc.exe

c:\windows\system32\AutoRun.inf

c:\windows\system32\Cache

c:\windows\system32\Cache\0ef4c80335902771.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\file3.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_GOSLXPUF

-------\Service_goslxpuf

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-05 to 2012-12-05 ))))))))))))))))))))))))))))

.

.

2012-12-05 13:57 . 2012-12-05 13:57 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Runscanner.net

2012-12-05 13:37 . 2012-09-25 01:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-04 16:15 . 2012-12-04 16:15 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\KoshyJohn.com

2012-12-04 11:36 . 2012-10-04 16:07 47720 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2012-12-04 11:35 . 2012-12-04 11:36 -------- d-----w- c:\arquivos de programas\GbPlugin

2012-12-04 11:35 . 2012-12-04 11:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2012-12-03 17:27 . 2012-12-03 17:27 -------- d-----w- c:\documents and settings\adm\Configurações locais\Dados de aplicativos\Help

2012-12-03 14:42 . 2012-12-03 14:42 -------- d-----r- c:\documents and settings\NetworkService\Favoritos

2012-12-01 18:20 . 2012-12-01 18:20 191504 ----a-w- c:\windows\system32\DLL1805.dll

2012-11-30 17:44 . 2012-11-30 17:44 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Unity

2012-11-30 17:43 . 2012-11-30 17:43 -------- d-----w- c:\documents and settings\adm\Configurações locais\Dados de aplicativos\Unity

2012-11-29 13:50 . 2012-11-29 18:13 -------- d-----w- C:\MySQL

2012-11-29 13:50 . 2012-11-29 13:50 -------- d-----w- C:\TagSoft

2012-11-12 14:30 . 2012-11-12 14:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ubisoft

2012-11-12 14:30 . 2012-11-12 14:30 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Ubisoft

2012-11-08 18:15 . 2012-11-08 18:15 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2012-11-08 18:15 . 2012-11-08 18:15 -------- d-----w- c:\documents and settings\adm\SystemRequirementsLab

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-22 19:56 . 2002-09-09 16:44 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-10-09 14:21 . 2012-06-27 18:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 14:21 . 2012-06-27 18:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-06 15:47 . 2012-06-21 13:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-06 15:47 . 2012-06-21 13:08 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-02 18:04 . 2001-10-28 15:07 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-17 21:58 . 2012-10-25 22:32 64048 ----a-r- c:\windows\system32\drivers\360SpOEM.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\documents and settings\adm\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2012-07-02 1022352]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"Steam"="c:\arquivos de programas\Steam\Steam.exe" [2012-12-03 1354736]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2009-03-27 13684736]

"nwiz"="nwiz.exe" [2009-03-27 1657376]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2009-03-27 86016]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"LogMeIn Hamachi Ui"="c:\arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

.

c:\documents and settings\adm\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Wireless Configuration Utility HW.15.lnk - c:\arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe [2005-9-11 622592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-10-04 16:05 650088 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Capcom\\Street Fighter X Tekken\\SFTK.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\game\\Shank 2\\bin\\Shank2.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Shaun White Skateboarding\\Shaun White Skateboarding.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Shaun White Skateboarding\\GameSettings.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Shaun White Skateboarding\\gu.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Shaun White Skateboarding\\UPlayBrowser.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=

"c:\\Arquivos de programas\\THQ\\Saints Row The Third\\saintsrowthethird.exe"=

"c:\\Arquivos de programas\\Xfire\\Xfire.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\Documents and Settings\\adm\\Configurações locais\\Dados de aplicativos\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=

"c:\\Arquivos de programas\\Java\\jre7\\bin\\javaw.exe"=

"c:\\Documents and Settings\\adm\\Desktop\\CraftLandia\\bin\\minecraft.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"16047:UDP"= 16047:UDP:UDP 16047

"13712:TCP"= 13712:TCP:TCP 13712

"31975:TCP"= 31975:TCP:@xpsp2res.dll,-22009

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [4/12/2012 09:36 47720]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [4/12/2012 09:36 281448]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [27/6/2012 13:29 1385896]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2/10/2012 13:13 3064000]

S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [13/7/2012 14:28 160944]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 14:21]

.

2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-08-01 12:34]

.

2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-08-01 12:34]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: caixa.gov.br\imagem

Trusted Zone: caixa.gov.br\internetbanking

Trusted Zone: caixa.gov.br\www

TCP: DhcpNameServer = 201.17.128.71 201.17.128.76

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{40DF7932-D49E-D131-7CE7-88D1BEE98476} - c:\windows\system32\file3.dll

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-{E7221F0A-F30B-AD41-28C3-F0873A6FD395} - c:\documents and settings\adm\Dados de aplicativos\Eqco\ujag.exe

HKCU-Run-paiewa - c:\documents and settings\adm\paiewa.exe

HKCU-Run-jojifxesamaq - c:\documents and settings\adm\jojifxesamaq.exe

HKLM-Run-ROC_ROC_JULY_P1 - c:\arquivos de programas\AVG Secure Search\ROC_ROC_JULY_P1.exe

AddRemove-{AEC81925-9C76-4707-84A9-40696C613ED3} - c:\arquivos de programas\Arquivos comuns\BioWare\Uninstall Dragon Age.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-05 12:15

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(988)

c:\windows\SYSTEM32\Wireless\WirelessGina.DLL

c:\arquivos de programas\GbPlugin\gbiehcef.dll

.

- - - - - - - > 'explorer.exe'(1584)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\mswsock.dll

c:\windows\System32\wshtcpip.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre7\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

c:\mysql\bin\mysqld.exe

c:\windows\System32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\System32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-12-05 12:18:41 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-12-05 14:18

.

Pré-execução: 9 pasta(s) 290.186.342.400 bytes disponíveis

Pós execução: 12 pasta(s) 292.260.352.000 bytes disponíveis

.

- - End Of File - - 833F16557609C26B2AF34A11AB4F7AB0

[DigRam 144]

Boa Tarde! Jorgim

 

|- Abra o HijackThis.

|- Clique: "Do a system scan only"

 

#######

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

 

O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

#######

 

|- Marque estas entradas que estão em vermelho. ( ...as caixinhas! )

|- Clique: "Fix checked" -> Sim!

 

-/-

 

|- Baixe: < > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

 

|- Baixe: < > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

 

 

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

 

 

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

|- Ou acesse:

 

|- Ou acesse:

 

|- Maiores informações: < |Link| >

 

A+

[Jorgim 0]

Logs como pedido:

 

ADWCLEANER

# AdwCleaner v2.011 - Logfile created 12/05/2012 at 15:04:02

# Updated 02/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : adm - JORGE

# Boot Mode : Normal

# Running from : C:\Documents and Settings\adm\Meus documentos\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Documents and Settings\adm\Desktop\sweetpcfix.url

Folder Deleted : C:\Documents and Settings\adm\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\adm\Dados de aplicativos\OpenCandy

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Browser Manager

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\BrowserMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}

Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\Software\PIP

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_4&babsrc=NT_ss&mntrId=c02cd8920000000000007a7905cee8e6 --> hxxp://www.google.com

 

*************************

 

AdwCleaner[s2].txt - [4290 octets] - [05/12/2012 15:04:02]

 

########## EOF - C:\AdwCleaner[s2].txt - [4350 octets] ##########

 

 

ZHP

 

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20121205_h14d13k5h9g6

[DigRam 144]

Boa Tarde! Jorgim

 

|- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.

|- Salve-o,no desktop,com o nome: CFScript <-- Texto!

 

KillAll::

DeQuarantine::

C:\Qoobox\Quarantine\c:\arquivos de programas\Java\jre7\bin\ssv.dll.vir

 

File::

c:\documents and settings\adm\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe

c:\documents and settings\adm\Dados de aplicativos\KoshyJohn.com

c:\windows\system32\DLL1805.dll

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"=-

"SunJavaUpdateSched"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"16047:UDP"=-

"13712:TCP"=-

|- Ps: Desabilite,temporariamente,seu antivírus.

|- Ps: Não utilizem este script em outra máquina!

|- Arraste,o CFScript.txt para o ícone/interior do ComboFix.

|- Veja a demonstração!

 

 

|- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

|- Ps: Faça o arraste,até surgir essa solicitação! ( janela )

|- Ao surgir solicitação para atualizar a ferramenta,clique Sim!

|- Concluindo,poste: C:\ComboFix.txt

 

-/-

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

 

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

 

[MD5.E715412E47D20EB0EBF77B65F9157343] - (...) -- ystem32\RUNDLL32.exe   [0] [PID.260]
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Orphean Key
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} Orphean Key     
O2 - BHO: (no name) - {053F9267-DC04-4294-A72C-58F732D338C0} Orphean Key     
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key     
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key     
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key     
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} Orphean Key     
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key     
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key     
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} Orphean Key     
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Orphean Key     
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} Orphean Key     
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key 
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (...) --  (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe     
O4 - Global Startup: C:\Documents And Settings\adm\Desktop\Atalho para Minecraft_Server.lnk . (...)  -- C:\Documents and Settings\adm\Desktop\servercraft\Minecraft_Server.exe (.not file.)
O4 - Global Startup: C:\Documents And Settings\adm\Desktop\Atalho para Minecraft_Server.lnk . (...)  -- C:\Documents and Settings\adm\Desktop\servercraft\Minecraft_Server.exe (.not file.)
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O69 - SBI: SearchScopes [HKCU] {0AAE5027-AFF7-16B0-98BD-6EC85DF53419} - ({0AAE5027-AFF7-16B0-98BD-6EC85DF53419}) - http://search.babylon.com

[HKLM\Software\360Safe]    => Infection Diverse (Lozavita.Troj)
[HKCU\Software\SweetIM]    => Toolbar.SweetIM
[HKLM\Software\SweetIM]    => Toolbar.SweetIM

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

 

 

|- Clique "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

A+

[Jorgim 0]

COMBOFIX

 

ComboFix 12-12-04.01 - adm 05/12/2012 16:34:28.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1322 [GMT -2:00]

Executando de: c:\documents and settings\adm\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\adm\Desktop\CFScript.txt

.

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!

.

FILE ::

"c:\documents and settings\adm\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe"

"c:\documents and settings\adm\Dados de aplicativos\KoshyJohn.com"

"c:\windows\system32\DLL1805.dll"

.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\DLL1805.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-05 to 2012-12-05 ))))))))))))))))))))))))))))

.

.

2012-12-05 17:15 . 2012-12-05 17:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-12-05 17:10 . 2012-12-05 17:10 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2012-12-05 17:08 . 2012-12-05 17:10 -------- d-----w- C:\ZHP

2012-12-05 17:08 . 2012-12-05 17:10 -------- d-----w- c:\arquivos de programas\ZHPDiag

2012-12-05 13:57 . 2012-12-05 13:57 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Runscanner.net

2012-12-05 13:37 . 2012-09-25 01:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-04 16:15 . 2012-12-04 16:15 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\KoshyJohn.com

2012-12-04 11:36 . 2012-10-04 16:07 47720 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2012-12-04 11:35 . 2012-12-04 11:36 -------- d-----w- c:\arquivos de programas\GbPlugin

2012-12-04 11:35 . 2012-12-04 11:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2012-12-03 17:27 . 2012-12-03 17:27 -------- d-----w- c:\documents and settings\adm\Configurações locais\Dados de aplicativos\Help

2012-12-03 14:42 . 2012-12-03 14:42 -------- d-----r- c:\documents and settings\NetworkService\Favoritos

2012-11-30 17:44 . 2012-11-30 17:44 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Unity

2012-11-30 17:43 . 2012-11-30 17:43 -------- d-----w- c:\documents and settings\adm\Configurações locais\Dados de aplicativos\Unity

2012-11-29 13:50 . 2012-11-29 18:13 -------- d-----w- C:\MySQL

2012-11-29 13:50 . 2012-11-29 13:50 -------- d-----w- C:\TagSoft

2012-11-12 14:30 . 2012-11-12 14:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ubisoft

2012-11-12 14:30 . 2012-11-12 14:30 -------- d-----w- c:\documents and settings\adm\Dados de aplicativos\Ubisoft

2012-11-08 18:15 . 2012-11-08 18:15 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2012-11-08 18:15 . 2012-11-08 18:15 -------- d-----w- c:\documents and settings\adm\SystemRequirementsLab

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-22 19:56 . 2002-09-09 16:44 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-10-09 14:21 . 2012-06-27 18:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 14:21 . 2012-06-27 18:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-06 15:47 . 2012-06-21 13:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-06 15:47 . 2012-06-21 13:08 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-02 18:04 . 2001-10-28 15:07 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-17 21:58 . 2012-10-25 22:32 64048 ----a-r- c:\windows\system32\drivers\360SpOEM.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2012-07-02 1022352]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"Steam"="c:\arquivos de programas\Steam\Steam.exe" [2012-12-03 1354736]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2009-03-27 13684736]

"nwiz"="nwiz.exe" [2009-03-27 1657376]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2009-03-27 86016]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"LogMeIn Hamachi Ui"="c:\arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

.

c:\documents and settings\adm\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Wireless Configuration Utility HW.15.lnk - c:\arquivos de programas\802.11 Wireless LAN\802.11g Wireless CardBus & PCI Adapter HW.15 V.1.00\WlanCU.exe [2005-9-11 622592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-10-04 16:05 650088 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Capcom\\Street Fighter X Tekken\\SFTK.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\game\\Shank 2\\bin\\Shank2.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Shaun White Skateboarding\\Shaun White Skateboarding.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Shaun White Skateboarding\\GameSettings.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Shaun White Skateboarding\\gu.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Shaun White Skateboarding\\UPlayBrowser.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=

"c:\\Arquivos de programas\\THQ\\Saints Row The Third\\saintsrowthethird.exe"=

"c:\\Arquivos de programas\\Xfire\\Xfire.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\Documents and Settings\\adm\\Configurações locais\\Dados de aplicativos\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=

"c:\\Arquivos de programas\\Java\\jre7\\bin\\javaw.exe"=

"c:\\Documents and Settings\\adm\\Desktop\\CraftLandia\\bin\\minecraft.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"31975:TCP"= 31975:TCP:@xpsp2res.dll,-22009

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [4/12/2012 09:36 47720]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [4/12/2012 09:36 281448]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [27/6/2012 13:29 1385896]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2/10/2012 13:13 3064000]

S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [13/7/2012 14:28 160944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 14:21]

.

2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-08-01 12:34]

.

2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-08-01 12:34]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: caixa.gov.br\imagem

Trusted Zone: caixa.gov.br\internetbanking

Trusted Zone: caixa.gov.br\www

TCP: DhcpNameServer = 201.17.128.71 201.17.128.76

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-05 16:40

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(988)

c:\windows\SYSTEM32\Wireless\WirelessGina.DLL

c:\arquivos de programas\GbPlugin\gbiehcef.dll

.

- - - - - - - > 'explorer.exe'(2252)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre7\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

c:\mysql\bin\mysqld.exe

c:\windows\System32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wscntfy.exe

c:\windows\System32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-12-05 16:44:09 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-12-05 18:44

ComboFix2.txt 2012-12-05 14:18

.

Pré-execução: 12 pasta(s) 292.234.887.168 bytes disponíveis

Pós execução: 13 pasta(s) 292.233.990.144 bytes disponíveis

.

- - End Of File - - D11C1F3E1E557A469699083D2626BFAB

 

 

ZHPfix r1

 

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012

Fichier d'export Registre :

Run by adm at 5/12/2012 16:47:21

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://nicolascoolman.skyrock.com/

 

 

 

========== Registry Key ==========

DELETED Key: CLSID BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

DELETED Key: CLSID BHO: {0347C33E-8762-4905-BF09-768834316C61}

DELETED Key: CLSID BHO: {053F9267-DC04-4294-A72C-58F732D338C0}

DELETED Key: CLSID BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

DELETED Key: CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}

DELETED Key: CLSID BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

DELETED Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}

DELETED Key: CLSID BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7}

DELETED Key: CLSID BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003}

DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}

DELETED Key: SearchScopes :{0AAE5027-AFF7-16B0-98BD-6EC85DF53419}

DELETED Key: HKLM\Software\360Safe

DELETED Key: HKCU\Software\SweetIM

DELETED Key: HKLM\Software\SweetIM

 

========== Registry Value ==========

DELETED Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}

DELETED RunValue: CTFMON.EXE

NOT FOUND RunValue: CTFMON.EXE

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Repertory ==========

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETE on Reboot c:\windows\system32\ctfmon.exe

DELETED File: c:\documents and settings\adm\desktop\atalho para minecraft_server.lnk

NOT FOUND File: c:\documents and settings\adm\desktop\servercraft\minecraft_server.exe

DELETED File: c:\windows\tasks\adobe flash player updater.job

DELETED File: c:\windows\tasks\googleupdatetaskmachinecore.job

DELETED File: c:\windows\tasks\googleupdatetaskmachineua.job

[Jorgim 0]

Esqueci de Agradecer,

muito obrigado.

[DigRam 144]

Boa Tarde! Jorgim

 

|- Como está o PC? Tudo Ok?

 

-/-

 

|- Desabilite seu antivírus!

|- Vá em Iniciar -> Executar -> Digite ou cole: combofix.exe /uninstall -> Clique OK.

|- Clique em Executar -> Aguarde!

|- Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" -> Clique OK.

|- Caso encontre,apague: C:\ComboFix <- A pasta! + C:\ComboFix.txt <- Relatório!

|- Ou,vá em Iniciar -> Executar -> Digite ou cole ( Paste ):

 

|-

 

"%userprofile%\desktop\combofix" /uninstall

 

|- Clique OK.

|- Aguarde a desinstalação,e clique OK na mensagem.

|- Ps: Outra opção,seria renomear o Combofix.exe para uninstall.exe e executá-lo.

|- Ps: Muitos confundem com nova execução,mas a ferramenta fará a auto-desinstalação.

 

-/-

 

|- Acesse este site: < Virus Total >

|- Faça a análise deste ficheiro: C:\PhysicalDisk0_MBR.bin

|- Se já ocorreu,anteriormente,uma análise dessa amostra,clique em: "Reanalyse file now"

 

 

|- Ao concluir,poste o link ao relatório!

 

-/-

 

|- Baixe: < Pre_Scan > ( ... par g3n-h@ckm@n & Saachaa )

 

 

|- Ou aqui: < Pre-Scan > Mirror!

 

|- Ou aqui: < Pre-Scan > Mirror!

 

|- Ou aqui: < Pre_Scan.pif > Caso ocorra impedimentos por malwares!

 

|- Estando na página,clique na seta verde ou Mirror 1.

 

|- Salve-o no desktop! < ( winlogon ) >

 

|- Desabilite seu antivírus,antispyware,sandbox e/ou firewall.

|- Feche programas que estejam abertos e execute a ferramenta!

 

|- Duplo-clique em Pre_scan.exe. < >

 

|- Ps: Durante o scan,sua área de trabalho irá desaparecer e janelas pretas irão surgir na tela. Tudo isso é normal e faz parte do funcionamento da ferramenta.

 

 

|- Encontrando infecções,pode ocorrer reinicialização e aparecer essa tela,logo àcima.

|- Ps: Caso apareça e não mostre nenhuma solicitação,clique em "Kill".

|- Neste caso,haverá novo scan e,ao final,será disponibilizado o relatório.

|- Poderá haver reboot(s) e prosseguimento do scan. << Aguarde!

|- Poste ao concluir,o relatório! ( Pre_Scan.txt ) << Link ao relatório!

 

|- Para enviar,acesse!:

 

|- Ou...1fichier.com

 

|- Ou...myfile.tk

 

A+

[Jorgim 0]

VIRUS TOTAL

http://myfile.tk/3/virustotal.txt

 

PRE-SCAN

http://myfile.tk/3/Pre_Scan.txt

 

Obs.: Deixei o Pre-scan fazendo a varredura a noite inteira e agora pela manha o desktop ainda estava vazio sem a janela de scan e nenhum comando disponível.

[DigRam 144]

VIRUS TOTAL

http://myfile.tk/3/virustotal.txt

 

PRE-SCAN

http://myfile.tk/3/Pre_Scan.txt

 

Obs.: Deixei o Pre-scan fazendo a varredura a noite inteira e agora pela manha o desktop ainda estava vazio sem a janela de scan e nenhum comando disponível.

Olá!

 

|- Você está querendo dizer que travou a ferramenta e não consegue acessar seus ícones,que se encontram no desktop?

 

¤¤¤¤¤¤¤¤¤¤ | Associations

 

Repaired : [HKCR\InternetShortcut\shell\open\command] : rundll32.exe ieframe.dll,OpenURL %l -> "C:\WINDOWS\System32\rundll32.exe" "C:\WINDOWS\System32\ieframe.dll",OpenURL %l

Repaired : [HKCR\Folder\shell\open\command] : C:\WINDOWS\Explorer.exe /idlist,%I,%L -> C:\WINDOWS\Explorer.exe

 

 

¤

 

Repaired : [HKLM | Google Chrome\shell\open\command] : "C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe" -> "C:\Arquivos de programas\Google\Chrome\Application\Chrome.exe"

 

¤¤¤¤¤¤¤¤¤¤ | Registry

 

Repaired : [HKLM | Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0

Repaired : [HKLM | Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0

Repaired : [HKLM | Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0

Repaired : [HKLM | Microsoft\Windows\CurrentVersion\policies\Explorer]|[NoDriveTypeAutoRun] : 323 -> 145

Repaired : [HKU\S-1-5-21-436374069-1604221776-839522115-1003 | Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0

Repaired : [HKU\S-1-5-21-436374069-1604221776-839522115-1003 | Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoDriveTypeAutoRun] : 323 -> 145

Repaired : [HKU\S-1-5-18 | Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoDriveTypeAutoRun] : 323 -> 145

 

¤¤¤¤¤¤¤¤¤¤ | Services Corrections

 

Repaired : [HKLM | Services\Bits] : 3 -> 2

Repaired : [HKLM | Services\EapHost] : 3 -> 2

Repaired : [HKLM | Services\wudfsvc] : 3 -> 2

 

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

 

Repaired : [HKU\S-1-5-18 | Internet Explorer\Main]|[start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/'>http://www.google.com/

Repaired : [HKLM | Internet Explorer\Search]|[searchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/'>http://www.google.com/ie

Repaired : [HKLM | Internet Explorer\Main]|[start Page] : http://www.google.com/'>http://www.google.com/ -> http://go.microsoft.com/fwlink/?LinkId=69157

Repaired : [HKLM | Internet Explorer\AboutURLs]|[Tabs] : http://www.google.com -> res://ieframe.dll/tabswelcome.htm

 

¤

 

Repaired : [HKU\S-1-5-19 | Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1

Repaired : [HKU\S-1-5-20 | Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1

Repaired : [HKU\S-1-5-18 | Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1

Repaired : [HKU\S-1-5-18 | Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1

 

¤¤¤¤¤¤¤¤¤¤ | Hosts

 

C:\WINDOWS\System32\Drivers\etc\hosts : Replaced

 

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

 

Moved to quarantine successfully : C:\WINDOWS\002697_.tmp

Impossible to move : C:\WINDOWS\msdownld.tmp

Moved to quarantine successfully : C:\WINDOWS\SET3.tmp

Moved to quarantine successfully : C:\WINDOWS\SETA.tmp

Impossible to move : C:\DOCUME~1\adm\CONFIG~1\Temp\~DFEBB9.tmp

Moved to quarantine successfully : C:\Documents and Settings\adm\Dados de aplicativos\HPAppData\RegClean.dll

Impossible to move : C:\Documents and Settings\adm\Dados de aplicativos\KoshyJohn.com

Moved to quarantine successfully : C:\Documents and Settings\adm\Dados de aplicativos\MSN6\msndata.dat

Moved to quarantine successfully : C:\Documents and Settings\adm\Dados de aplicativos\MSN6\msndata001.dat

Moved to quarantine successfully : C:\Documents and Settings\adm\Dados de aplicativos\PnkBstrK.sys

Moved to quarantine successfully : C:\Documents and Settings\adm\Dados de aplicativos\Runscanner.net\VirusTotalUpload.exe

Moved to quarantine successfully : C:\Documents and Settings\All Users\Dados de aplicativos\Common Files\780B86BA-83B8-5605-C22D-D897B6337CF1.dat

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.1205 | g3n-h@ckm@n & Saachaa ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 

|- Muitas correções foram efetuadas por Pre_Scan e alguns objetos foram quarantinados.

 

A+

[Jorgim 0]

Olá!

 

|- Você está querendo dizer que travou a ferramenta e não consegue acessar seus ícones,que se encontram no desktop?

 

¤¤¤¤¤¤¤¤¤¤ | Associations

 

Repaired : [HKCR\InternetShortcut\shell\open\command] : rundll32.exe ieframe.dll,OpenURL %l -> "C:\WINDOWS\System32\rundll32.exe" "C:\WINDOWS\System32\ieframe.dll",OpenURL %l

Repaired : [HKCR\Folder\shell\open\command] : C:\WINDOWS\Explorer.exe /idlist,%I,%L -> C:\WINDOWS\Explorer.exe

 

 

¤

 

Repaired : [HKLM | Google Chrome\shell\open\command] : "C:\Documents and Settings\adm\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe" -> "C:\Arquivos de programas\Google\Chrome\Application\Chrome.exe"

 

¤¤¤¤¤¤¤¤¤¤ | Registry

 

Repaired : [HKLM | Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0

Repaired : [HKLM | Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0

Repaired : [HKLM | Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0

Repaired : [HKLM | Microsoft\Windows\CurrentVersion\policies\Explorer]|[NoDriveTypeAutoRun] : 323 -> 145

Repaired : [HKU\S-1-5-21-436374069-1604221776-839522115-1003 | Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0

Repaired : [HKU\S-1-5-21-436374069-1604221776-839522115-1003 | Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoDriveTypeAutoRun] : 323 -> 145

Repaired : [HKU\S-1-5-18 | Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoDriveTypeAutoRun] : 323 -> 145

 

¤¤¤¤¤¤¤¤¤¤ | Services Corrections

 

Repaired : [HKLM | Services\Bits] : 3 -> 2

Repaired : [HKLM | Services\EapHost] : 3 -> 2

Repaired : [HKLM | Services\wudfsvc] : 3 -> 2

 

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

 

Repaired : [HKU\S-1-5-18 | Internet Explorer\Main]|[start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/'>http://www.google.com/

Repaired : [HKLM | Internet Explorer\Search]|[searchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/'>http://www.google.com/ie

Repaired : [HKLM | Internet Explorer\Main]|[start Page] : http://www.google.com/'>http://www.google.com/ -> http://go.microsoft.com/fwlink/?LinkId=69157

Repaired : [HKLM | Internet Explorer\AboutURLs]|[Tabs] : http://www.google.com -> res://ieframe.dll/tabswelcome.htm

 

¤

 

Repaired : [HKU\S-1-5-19 | Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1

Repaired : [HKU\S-1-5-20 | Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1

Repaired : [HKU\S-1-5-18 | Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1

Repaired : [HKU\S-1-5-18 | Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1

 

¤¤¤¤¤¤¤¤¤¤ | Hosts

 

C:\WINDOWS\System32\Drivers\etc\hosts : Replaced

 

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

 

Moved to quarantine successfully : C:\WINDOWS\002697_.tmp

Impossible to move : C:\WINDOWS\msdownld.tmp

Moved to quarantine successfully : C:\WINDOWS\SET3.tmp

Moved to quarantine successfully : C:\WINDOWS\SETA.tmp

Impossible to move : C:\DOCUME~1\adm\CONFIG~1\Temp\~DFEBB9.tmp

Moved to quarantine successfully : C:\Documents and Settings\adm\Dados de aplicativos\HPAppData\RegClean.dll

Impossible to move : C:\Documents and Settings\adm\Dados de aplicativos\KoshyJohn.com

Moved to quarantine successfully : C:\Documents and Settings\adm\Dados de aplicativos\MSN6\msndata.dat

Moved to quarantine successfully : C:\Documents and Settings\adm\Dados de aplicativos\MSN6\msndata001.dat

Moved to quarantine successfully : C:\Documents and Settings\adm\Dados de aplicativos\PnkBstrK.sys

Moved to quarantine successfully : C:\Documents and Settings\adm\Dados de aplicativos\Runscanner.net\VirusTotalUpload.exe

Moved to quarantine successfully : C:\Documents and Settings\All Users\Dados de aplicativos\Common Files\780B86BA-83B8-5605-C22D-D897B6337CF1.dat

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.1205 | g3n-h@ckm@n & Saachaa ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 

|- Muitas correções foram efetuadas por Pre_Scan e alguns objetos foram quarantinados.

 

A+

 

Parece que sim, o Pc travou, reiniciei manualmente a pouco, os icones estão normais, agora esta aparecendo que o Microsoft Process Kill Utility precisou ser fechado, e outra coisa, ao reiniciar ele trava na primeira tela, (diagnostico ou post se não me engano), porem se desligar ele liga normalmente, seria algo relacionado?

[DigRam 144]

Boa Tarde! Jorgim

 

Parece que sim, o Pc travou, reiniciei manualmente a pouco, os icones estão normais, agora esta aparecendo que o Microsoft Process Kill Utility precisou ser fechado, e outra coisa, ao reiniciar ele trava na primeira tela, (diagnostico ou post se não me engano), porem se desligar ele liga normalmente, seria algo relacionado?

|- O Fórum entrou em manutenção,daí não pude lhe responder rápidamente!

|- Desinstale o Microsoft Process Kill Utility,já que consome recursos e não é software fundamental ao Windows.

 

-/-

 

|- Baixe: |DelFix| ( ... de Xplode )

 

 

|- Estando na página,clique na seta verde para o download. ( Seta verde! )

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

 

 

|- Clique em "Suppression".

|- Poste o relatório! ( C:\DelFixSuppr.txt )

|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".

|- Como está o seu computador? Tudo Ok?

 

A+

[Jorgim 0]

DELFIX

http://myfile.tk/3/DelFix_S1_.txt

 

Quanto ao Microsoft Process Kill Utility, não consegui localizar para desinstalar, usei inclusive o comando "Microsoft Process Kill Utility /unistall", e nao funcionou, ele apenas me remeteu a uma pasta vazia.

 

Até o momento o Pc não tem travado, e está mais rápido.

[DigRam 144]

DELFIX

http://myfile.tk/3/DelFix_S1_.txt

 

Quanto ao Microsoft Process Kill Utility, não consegui localizar para desinstalar, usei inclusive o comando "Microsoft Process Kill Utility /unistall", e nao funcionou, ele apenas me remeteu a uma pasta vazia.

 

Até o momento o Pc não tem travado, e está mais rápido.

Olá!

 

|- Tente localizá-lo com este programinha,que detecta instalações ou utilitários da Microsoft.

|- Baixe: < Windows Installer CleanUp >

 

 

|- Ao abrir o programa,busque referências ao software que queira remover.

|- Ps: No caso,ao Microsoft Process Kill Utility.

 

A+

[Jorgim 0]

Bom, acho que vou chamar um exorcista...rsrsr... :grin:/>

Brincadeira, seguinte baixei o aplicativo procurei por tudo relacionado ao Microsoft Process Kill Utility ( Kill.exe ; kill utility; etc)

e não encontrei, reiniciei o pc, e nao deu erro nele, dedução que ele foi removido anteriormente, porém meu mouse ps2 parou de funcionar.

Coloquei um mouse - USB/Bluetooth e funcionou normal, acho q o ps2 só um novo...

no mais só tenho a lhe agradecer. :graduated:/> :clap:/>

 

Clean Up

http://cjoint.com/?BLgrDeFJ3Wg

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.