Portal
Log para analise [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Microsoft Windows XP x86
Ran by f003289 on 24/04/2013 at 9:47:44,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Documents and Settings\f003289\Dados de aplicativos\mozilla\firefox\profiles\5q71isfv.default\user.js
Successfully deleted: [Folder] C:\Documents and Settings\f003289\Dados de aplicativos\mozilla\firefox\profiles\5q71isfv.default\extensions\staged
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/04/2013 at 9:54:11,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 13-04-24.02 - f003289 24/04/2013 9:58.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1982.1612 [GMT -3:00]
Executando de: c:\documents and settings\f003289\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\documents and settings\All Users\Dados de aplicativos\TEMP\gbplugin_ie_bb_setup.exe
c:\windows\system\chron32.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-03-24 to 2013-04-24 ))))))))))))))))))))))))))))
.
.
2013-04-24 12:47 . 2013-04-24 12:47 -------- d-----w- c:\windows\ERUNT
2013-04-24 12:47 . 2013-04-24 12:47 -------- d-----w- C:\JRT
2013-04-24 12:28 . 2013-01-22 13:40 46888 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2013-04-24 12:28 . 2013-04-24 12:28 -------- d-----w- c:\arquivos de programas\GbPlugin
2013-04-24 12:28 . 2013-04-24 12:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2013-04-23 18:37 . 2013-04-23 18:37 -------- d-----w- c:\documents and settings\f003289\Dados de aplicativos\Malwarebytes
2013-04-23 18:37 . 2013-04-23 18:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2013-04-23 18:37 . 2013-04-23 18:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2013-04-23 18:37 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-23 18:19 . 2013-04-23 18:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-23 18:18 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-23 18:18 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-23 18:17 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-22 18:07 . 2013-04-22 18:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2013-04-19 19:55 . 2013-04-19 19:55 -------- d-----w- c:\arquivos de programas\Dropbox
2013-04-19 19:32 . 2013-04-19 19:32 524288 ----a-w- c:\windows\system32\Holding Pattern Coach Class.scr
2013-04-19 19:32 . 2013-04-19 19:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Screentime
2013-04-19 19:32 . 2013-04-19 19:32 -------- d-----w- c:\documents and settings\f003289\Configurações locais\Dados de aplicativos\Screentime
2013-04-19 19:31 . 2013-04-19 19:31 -------- d-----w- c:\documents and settings\f003289\Dados de aplicativos\0B1T1L2V1T1J1L
2013-04-19 19:31 . 2013-04-19 19:31 -------- d-----w- c:\arquivos de programas\FindLyrics
2013-04-09 20:29 . 2013-04-23 14:46 -------- d-----w- c:\documents and settings\f003289\Dados de aplicativos\Media Player Classic
2013-04-09 14:55 . 2013-04-09 14:55 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2013-04-02 14:37 . 2013-04-02 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\gas
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-24 12:44 . 2012-11-28 14:05 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-24 12:44 . 2012-11-28 14:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-23 18:19 . 2012-11-27 18:44 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-23 18:19 . 2012-11-27 18:44 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-23 18:19 . 2012-11-27 18:24 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 23:33 . 2012-11-27 19:31 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-11-27 19:31 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-11-27 19:31 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-11-27 19:31 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-11-27 19:31 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-11-27 19:31 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-11-27 19:31 228600 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-05 13:36 . 2012-12-05 13:36 262112 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\f003289\Dados de aplicativos\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\f003289\Dados de aplicativos\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\f003289\Dados de aplicativos\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\f003289\Dados de aplicativos\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\f003289\Menu Iniciar\Programas\Inicializar\
Dropbox.lnk - c:\documents and settings\f003289\Dados de aplicativos\Dropbox\bin\Dropbox.exe [2013-4-10 27151288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-01-22 13:31 1684520 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 21:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 17:21 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 21:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 17:35 716800 ----a-w- c:\arquivos de programas\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 11:11 925696 ----a-r- c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 05:33 53248 ----a-w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-11-01 06:15 163840 ----a-w- c:\windows\system32\VTTrayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\f003289\\Dados de aplicativos\\Dropbox\\bin\\Dropbox.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [23/04/2013 15:18 49248]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [24/04/2013 09:28 46888]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/11/2012 16:31 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/11/2012 16:31 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/11/2012 16:31 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [23/04/2013 15:17 66336]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [24/04/2013 09:28 526888]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [23/04/2013 15:18 164736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 17:26 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-28 12:44]
.
2013-04-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-28 23:32]
.
2013-04-24 c:\windows\Tasks\FindLyrics Update.job
- c:\arquivos de programas\FindLyrics\flcsur.exe [2013-04-23 15:57]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-29 11:16]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-29 11:16]
.
2013-04-24 c:\windows\Tasks\PandaUSBVaccine.job
- c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2012-11-27 19:45]
.
2013-04-24 c:\windows\Tasks\User_Feed_Synchronization-{EA87DFD2-F24F-444F-A34A-0438D99EFC36}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 06:31]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.4.65.16
FF - ProfilePath - c:\documents and settings\f003289\Dados de aplicativos\Mozilla\Firefox\Profiles\5q71isfv.default\
FF - ExtSQL: 2013-04-02 11:37; {87F8774F-B485-47E2-A755-A40A8A5E886C}; c:\documents and settings\f003289\Dados de aplicativos\Mozilla\Firefox\Profiles\5q71isfv.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
FF - ExtSQL: 2013-04-19 16:31; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\arquivos de programas\FindLyrics\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2013-04-24 10:07
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\arquivos de programas\GbPlugin\gbieh.dll
.
Tempo para conclusão: 2013-04-24 10:09:56
ComboFix-quarantined-files.txt 2013-04-24 13:09
.
Pré-execução: 6 pasta(s) 50.747.174.912 bytes disponíveis
Pós execução: 8 pasta(s) 50.797.801.472 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EE82DB749CABA30C72137389FCBF6C57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Microsoft Windows XP x86
Ran by f003289 on 24/04/2013 at 9:47:44,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Documents and Settings\f003289\Dados de aplicativos\mozilla\firefox\profiles\5q71isfv.default\user.js
Successfully deleted: [Folder] C:\Documents and Settings\f003289\Dados de aplicativos\mozilla\firefox\profiles\5q71isfv.default\extensions\staged
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/04/2013 at 9:54:11,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 13-04-24.02 - f003289 24/04/2013 9:58.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1982.1612 [GMT -3:00]
Executando de: c:\documents and settings\f003289\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\documents and settings\All Users\Dados de aplicativos\TEMP\gbplugin_ie_bb_setup.exe
c:\windows\system\chron32.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-03-24 to 2013-04-24 ))))))))))))))))))))))))))))
.
.
2013-04-24 12:47 . 2013-04-24 12:47 -------- d-----w- c:\windows\ERUNT
2013-04-24 12:47 . 2013-04-24 12:47 -------- d-----w- C:\JRT
2013-04-24 12:28 . 2013-01-22 13:40 46888 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2013-04-24 12:28 . 2013-04-24 12:28 -------- d-----w- c:\arquivos de programas\GbPlugin
2013-04-24 12:28 . 2013-04-24 12:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2013-04-23 18:37 . 2013-04-23 18:37 -------- d-----w- c:\documents and settings\f003289\Dados de aplicativos\Malwarebytes
2013-04-23 18:37 . 2013-04-23 18:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2013-04-23 18:37 . 2013-04-23 18:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2013-04-23 18:37 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-23 18:19 . 2013-04-23 18:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-23 18:18 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-23 18:18 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-23 18:17 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-22 18:07 . 2013-04-22 18:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2013-04-19 19:55 . 2013-04-19 19:55 -------- d-----w- c:\arquivos de programas\Dropbox
2013-04-19 19:32 . 2013-04-19 19:32 524288 ----a-w- c:\windows\system32\Holding Pattern Coach Class.scr
2013-04-19 19:32 . 2013-04-19 19:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Screentime
2013-04-19 19:32 . 2013-04-19 19:32 -------- d-----w- c:\documents and settings\f003289\Configurações locais\Dados de aplicativos\Screentime
2013-04-19 19:31 . 2013-04-19 19:31 -------- d-----w- c:\documents and settings\f003289\Dados de aplicativos\0B1T1L2V1T1J1L
2013-04-19 19:31 . 2013-04-19 19:31 -------- d-----w- c:\arquivos de programas\FindLyrics
2013-04-09 20:29 . 2013-04-23 14:46 -------- d-----w- c:\documents and settings\f003289\Dados de aplicativos\Media Player Classic
2013-04-09 14:55 . 2013-04-09 14:55 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2013-04-02 14:37 . 2013-04-02 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\gas
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-24 12:44 . 2012-11-28 14:05 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-24 12:44 . 2012-11-28 14:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-23 18:19 . 2012-11-27 18:44 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-23 18:19 . 2012-11-27 18:44 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-23 18:19 . 2012-11-27 18:24 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 23:33 . 2012-11-27 19:31 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-11-27 19:31 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-11-27 19:31 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-11-27 19:31 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-11-27 19:31 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-11-27 19:31 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-11-27 19:31 228600 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-05 13:36 . 2012-12-05 13:36 262112 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\f003289\Dados de aplicativos\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\f003289\Dados de aplicativos\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\f003289\Dados de aplicativos\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\documents and settings\f003289\Dados de aplicativos\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\f003289\Menu Iniciar\Programas\Inicializar\
Dropbox.lnk - c:\documents and settings\f003289\Dados de aplicativos\Dropbox\bin\Dropbox.exe [2013-4-10 27151288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-01-22 13:31 1684520 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 21:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 17:21 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 21:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 17:35 716800 ----a-w- c:\arquivos de programas\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 11:11 925696 ----a-r- c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 05:33 53248 ----a-w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-11-01 06:15 163840 ----a-w- c:\windows\system32\VTTrayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\f003289\\Dados de aplicativos\\Dropbox\\bin\\Dropbox.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [23/04/2013 15:18 49248]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [24/04/2013 09:28 46888]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/11/2012 16:31 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/11/2012 16:31 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/11/2012 16:31 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [23/04/2013 15:17 66336]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [24/04/2013 09:28 526888]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [23/04/2013 15:18 164736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 17:26 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-28 12:44]
.
2013-04-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-28 23:32]
.
2013-04-24 c:\windows\Tasks\FindLyrics Update.job
- c:\arquivos de programas\FindLyrics\flcsur.exe [2013-04-23 15:57]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-29 11:16]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-29 11:16]
.
2013-04-24 c:\windows\Tasks\PandaUSBVaccine.job
- c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2012-11-27 19:45]
.
2013-04-24 c:\windows\Tasks\User_Feed_Synchronization-{EA87DFD2-F24F-444F-A34A-0438D99EFC36}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 06:31]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.4.65.16
FF - ProfilePath - c:\documents and settings\f003289\Dados de aplicativos\Mozilla\Firefox\Profiles\5q71isfv.default\
FF - ExtSQL: 2013-04-02 11:37; {87F8774F-B485-47E2-A755-A40A8A5E886C}; c:\documents and settings\f003289\Dados de aplicativos\Mozilla\Firefox\Profiles\5q71isfv.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
FF - ExtSQL: 2013-04-19 16:31; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\arquivos de programas\FindLyrics\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2013-04-24 10:07
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\arquivos de programas\GbPlugin\gbieh.dll
.
Tempo para conclusão: 2013-04-24 10:09:56
ComboFix-quarantined-files.txt 2013-04-24 13:09
.
Pré-execução: 6 pasta(s) 50.747.174.912 bytes disponíveis
Pós execução: 8 pasta(s) 50.797.801.472 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EE82DB749CABA30C72137389FCBF6C57
» KpRm ( ... by Kernel-panik )
» ESET Rogue Applications Remover ( ... by Eset.com )
» PW Clean 2.7 ( ... by Doutor PW )
» CKScanner ( ... by askey127 )
» AdwCleaner ( ... by XPlode )
» ZHPDiag ( ... de Nicolas Coolman )
» Argente - Registry Cleaner ( ... by Argente Software )
» ListChkdskResult ( ... by SleepyDude )