[Resolvido] &nbspLimpar notebook que estava sincronizado com um pc inf

[Spyder.RV 0]

Boa noite,

 

Tenho um notebook que estava com o Chrome sincronizado com um computador que estava infectado e o mesmo já foi limpo com ajuda aqui do forum... agora preciso limpar também o notebook.

 

Detalhe... o Chrome não tá mais sincronizando, pois descontectei a conta nele até fazer a limpeza.

 

Segue o log do hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:38:52, on 27/10/2013

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Zend Server CE\Apache2\bin\ApacheMonitor.exe

C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe

C:\Zend Server CE\ZendServer\bin\zendcontroller.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Wemerson\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Users\Wemerson\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Malware Removal Tools\Trend Micro\HiJackThis\HiJackThis.exe

C:\Users\Wemerson\AppData\Local\Google\Update\GoogleUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [Google Update] "C:\Users\Wemerson\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: Dropbox.lnk = Wemerson\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Apache Web Server Monitor.lnk = C:\Zend Server CE\Apache2\bin\ApacheMonitor.exe

O4 - Global Startup: Zend Controller.lnk = ?

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apache2.2-Zend - Apache Software Foundation - C:\Zend Server CE\Apache2\bin\httpd.exe

O23 - Service: Broadcom Card Reader Service (BrcmCardReader) - Broadcom Corp. - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MySQL_ZendServer51 - Unknown owner - C:\Zend.exe (file missing)

O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9285 bytes

[DigRam 144]

Boa Noite! Spyder.RV

 

Este Tópico foi Movido da Lixeira para esta Sala,já que foi confundido por Tópico DUPLICADO.

Dar-se-á,portanto,o seu seguimento na análise do caso exposto.

 

-/-

 

|- Baixe: < zoek > ( ... by Smeenk )

 

|- Ou aqui! < zoek.exe >

 

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

 

hijackthis;
iedefaults;
emptyCHRcache;
chrdefaults;
autoclean;
emptyclsid;
emptyalltemp;

 

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

 

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

 

|- Aceite e/ou confirme o reboot!

 

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

 

A+

[Spyder.RV 0]

Boa tarde.

Segue log do zoek

 

Zoek.exe Version 4.0.0.5 Updated 26-October-2013

Tool run by Wemerson on 28/10/2013 at 13:24:01,90.

Microsoft Windows 8 Single Language 6.2.9200 x64

Running in: Normal Mode Internet Access Detected

Launched: D:\Dados do PC\Wemerson\Downloads\zoek\zoek.exe [script inserted]

==== System Restore Info ======================

28/10/2013 13:25:05 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

"C:\ProgramData\boost_interprocess\Nobu64AgentService" deleted

"C:\ProgramData\boost_interprocess\Nobu64TrayIcon" deleted

"C:\ProgramData\boost_interprocess" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn" [28/10/2013 13:10]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx[20/07/2012 13:05]

Google Translate - Wemerson - Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

MeasureIt - Wemerson - Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma

Translator - Wemerson - Default\Extensions\baphblbjhblgjocinamnmbpceogpfedo

Video Downloader App - Wemerson - Default\Extensions\chbpmcamcadeeokgbicphbfemcobdkfb

Read Later Fast - Wemerson - Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji

Vimeo™ Download Videos - Wemerson - Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg

Climatempo - Wemerson - Default\Extensions\hdpadclmjnppejbenfgklgaganbefgad

AngularJS Batarang - Wemerson - Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk

HTML5 Web Development IDE - Wemerson - Default\Extensions\kheidghjolippfddjfloeinafjkcgcic

Norton Identity Protection - Wemerson - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Chrome In-App Payments service - Wemerson - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Feed Intent Viewer - Wemerson - Default\Extensions\oceapojkdgeophkjdijkpbjifdnfimdh

My Video Downloader - Wemerson - Default\Extensions\olmphffblbgmkppinaakhhmbmgjgamlm

Intel\u00AE XDK - Wemerson - Default\Extensions\onmkoldigcfmebcinpmineoadckalllb

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://acer13.msn.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://acer13.msn.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [Google Update] "C:\Users\Wemerson\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: Dropbox.lnk = Wemerson\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Apache Web Server Monitor.lnk = C:\Zend Server Free\Apache2\bin\ApacheMonitor.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apache2.2-Zend - Apache Software Foundation - C:\Zend Server Free\Apache2\bin\httpd.exe

O23 - Service: Broadcom Card Reader Service (BrcmCardReader) - Broadcom Corp. - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MySQL_ZendServer55 - Unknown owner - C:\Zend.exe (file missing)

O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Zend Deployment (ZendDeployment) - Zend Technologies Ltd. - C:\Zend Server Free\ZendServer\bin\zdd.exe

O23 - Service: Zend Job Queue (ZendJobQueue) - Zend Technologies Ltd - C:\Zend Server Free\ZendServer\bin\jqd.exe

O23 - Service: Zend Monitor (ZendMonitor) - Zend Technologies Ltd. - C:\Zend Server Free\ZendServer\bin\MonitorNode.exe

O23 - Service: Zend Server Daemon (ZendServerDaemon) - Zend Technologies Ltd. - C:\Zend Server Free\ZendServer\bin\zsd.exe

O23 - Service: Zend Session Clustering (ZendSessionClustering) - Zend Technologies Ltd - C:\Zend Server Free\ZendServer\bin\scd.exe

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Wemerson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Wemerson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Wemerson\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\boost_interprocess" not deleted

==== EOF on 28/10/2013 at 13:41:46,23 ======================

[DigRam 144]

Boa Noite! Spyder.RV

|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )

|- Execute o ícone do pergaminho. ( ZHPDiag )

|- Clique: "CONFIGURE"

|- Clique: "Options" >> "All" >> OK

|- Clique: "CONFIGURE" >> "Full Analysis"

|- Aguarde a conclusão!

|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.

|- Volte a janela principal da ferramenta.

|- Clique "SEARCH" e aguarde a conclusão!

|- Ou clique "Options" >> "None".

|- Marque,apenas,a opção "Additional Scan (O88)".

~ Unselected Option:

O1,039,O40,O41,O42,O43,O44,O45,O46,O47,

O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,

O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,

O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,

O89,O90,O91,O92

####

|- Desta forma,estas opções serão desabilitadas!

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )

|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

[Spyder.RV 0]

Segue log do ZHPdiag

 

http://cjoint.com/13oc/CJCxrbB5esN.htm

[DigRam 144]

Boa Noite! Spyder.RV

|- Execute este script na ferramenta ZHPFix.

script zhpfix

[MD5.07605ABEB10FC533881C91F19DECF69A] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [1923584] =>Trojan.Keygen

O4 - GS\TaskBar [Wemerson]: Gateway Device Fast-lane.lnk . (...) -- C:\Program Files (x86)\Gateway\Gateway Device Fast-lane\DeviceFastLaneUI.exe (.not file.)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [302] =>Hijacker.iHaveNet

O43 - CFD: 28/10/2013 - 13:40:06 - [0,040] ----D C:\ProgramData\boost_interprocess

O43 - CFD: 23/10/2013 - 13:25:13 - [0] ----D C:\ProgramData\OEM_YAHOO

O44 - LFC:[MD5.A0C70FACC05353E5F4C40FA418E399EB] - 28/10/2013 - 12:41:46 ---A- . (...) -- C:\zoek-results.log [14179]

O45 - LFCP:[MD5.E73745CE56DAFC825FE053E93703026A] - 23/10/2013 - 12:25:13 ---A- - C:\Windows\Prefetch\YAHOOTOY_13041010.EXE-F7C1276F.pf

C:\ProgramData\boost_interprocess

C:\Windows\Tasks\AutoKMS.job =>Hijacker.iHaveNet^

C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.Keygen^

[HKCU\Software\APN PIP] =>Toolbar.Ask

firewallraz

emptytemp

emptyclsid

sysrestore

|- Ao concluir,poste o relatório!

A+

[Spyder.RV 0]

Boa noite.

 

segue relatorio do zhpfix

 

Rapport de ZHPFix 2013.10.21.17 par Nicolas Coolman, Update du 21/10/2013

Fichier d'export Registre :

Run by Wemerson at 29/10/2013 01:06:51

High Elevated Privileges : OK

Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 09s)

========== Processo memória ==========

ELIMINÉ: Memory Process: C:\Windows\AutoKMS\AutoKMS.exe

========== Chaves do Registo ==========

ELIMINÉ: HKCU\Software\APN PIP

========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ: FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}

ELIMINÉ: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}

ELIMINÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope

ELIMINÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope

ELIMINÉ: FirewallRaz (None) : NetPres-WSD-In-UDP

ELIMINÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP

ELIMINÉ: FirewallRaz (Public) : NetPres-In-TCP

ELIMINÉ: FirewallRaz (Public) : NetPres-Out-TCP

ELIMINÉ: FirewallRaz (None) : MCX-Prov-Out-TCP

ELIMINÉ: FirewallRaz (None) : MCX-McrMgr-Out-TCP

ELIMINÉ: FirewallRaz (None) : {1ECBB951-2755-415D-83AC-6DD1905F1B24}

ELIMINÉ: FirewallRaz (None) : {DF0D8A94-D8BC-4582-B955-315CDA507EEC}

ELIMINÉ: FirewallRaz (None) : {9D099823-198E-4A0D-B347-17B04882F0A3}

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========

ELIMINÉ: c:\users\wemerson\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\gateway device fast-lane.lnk

ELIMINÉ: c:\zoek-results.log

ELIMINÉ: c:\windows\prefetch\yahootoy_13041010.exe-f7c1276f.pf

ELIMINÉ Temporários windows (0) (0 octets)

========== Tarefa planificada ==========

ELIMINÉ: AutoKMS

ELIMINÉ: AutoKMS

========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========

1 : Processo memória

1 : Chaves do Registo

15 : Valores do Registo

1 : Pastas

4 : Ficheiros

2 : Tarefa planificada

1 : Restauração Sistema

End of clean in 00mn 30s

========== Caminho do ficheiro do relatório ==========

C:\Users\Wemerson\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/10/2013 01:07:01 [2165]

[DigRam 144]

Boa Tarde! Spyder.RV

 

|- Desculpe-me a demora,pois estou sem Internet.

|- Tudo Ok?

|- Ps: Utilize a ferramenta DelFix,para concluir.

 

Abs!

[Spyder.RV 0]

Sem problemas cara... valeu!

 

Muito obrigado pelo apoio... problema resolvido

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.