Maquina infectada, log para analise.

O usuário está reclamando que está abrindo varias paginas aleatorias.

Log ZHPDiag [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

# AdwCleaner v2.300 - Relatório criado em 29/04/2013 às 09:08:34
# Atualizado em 28/04/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : f002578 - FUN0132
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\f002578\Desktop\adwcleaner.exe
# Opção [Remover]


***** [Serviços] *****


***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Documents and Settings\f002578\Dados de aplicativos\Mozilla\Firefox\Profiles\euagqs3t.default\searchplugins\my-web-search.xml
Arquivo Removido : C:\Documents and Settings\f002578\Dados de aplicativos\Mozilla\Firefox\Profiles\euagqs3t.default\searchplugins\search.xml
Arquivo Removido : C:\Documents and Settings\f002578\Menu Iniciar\Programas\Inicializar\lollipop.lnk
Pasta Removido : C:\Arquivos de programas\Minibar
Pasta Removido : C:\Arquivos de programas\VideoDownloadConverter_4z
Pasta Removido : C:\Documents and Settings\f002578\Configurações locais\Dados de aplicativos\lollipop

***** [Registro] *****

Chave Removida : HKCU\Software\lollipop
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lollipop
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoDownloadConverter_4zbar Uninstall

***** [Navegadores] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro está limpo.

-\\ Mozilla Firefox v20.0.1 (pt-BR)

Arquivo : C:\Documents and Settings\Fun0131\Dados de aplicativos\Mozilla\Firefox\Profiles\z4e8s4wm.default\prefs.js

[OK] Arquivo está limpo.

Arquivo : C:\Documents and Settings\f002578\Dados de aplicativos\Mozilla\Firefox\Profiles\euagqs3t.default\prefs.js

Removida : user_pref("browser.search.defaultenginename", "My Web Search");
Removida : user_pref("browser.search.defaulturl", "hxxp://www.bigseekpro.com/search/toolbar/hao123/{ACC0CC59-08[...]
Removida : user_pref("browser.search.selectedEngine", "My Web Search");
Removida : user_pref("extensions.kango.storage.minibar.config", "{"name":"Hao123 toolbar","description":\[...]
Removida : user_pref("extensions.kango.storage.minibar.homepageSet", ""1"");
Removida : user_pref("extensions.kango.storage.minibar.searchassistSet", ""1"");
Removida : user_pref("extensions.kango.storage.minibar.searchengineSet", ""1"");
Removida : user_pref("extensions.kango.storage.ui.button.iconCache", ""data:image/png;base64,iVBORw0KGgoAAAANS[...]
Removida : user_pref("extensions.mywebsearch.prevDefaultEngine", "Search");
Removida : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Removida : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://www.bigseekpro.com/search/toolbar/hao123/{ACC[...]
Removida : user_pref("extensions.mywebsearch.prevSelectedEngine", "Search");
Removida : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Removida : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=61FA59EA[...]

-\\ Google Chrome v26.0.1410.64

Arquivo : C:\Documents and Settings\f002578\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[S1].txt - [742 octets] - [21/03/2013 11:27:48]
AdwCleaner[S2].txt - [4545 octets] - [29/04/2013 09:08:34]

########## EOF - C:\AdwCleaner[S2].txt - [4605 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.2 (04.29.2013:1)
OS: Microsoft Windows XP x86
Ran by f002578 on 29/04/2013 at 9:18:19,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}



~~~ Files

Successfully deleted: [File] C:\Arquivos de programas\4zres.dll
Successfully deleted: [File] C:\Arquivos de programas\4zUninstall VideoDownloadConverter.dll



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\f002578\Dados de aplicativos\mozilla\firefox\profiles\euagqs3t.default\prefs.js

user_pref("browser.newtab.url", "hxxp://br.hao123.com/?tn=smt_hp_hao123_br");
user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013041909");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm022^YY^br");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "61FA59EA-113D-4263-96AE-0CB6B860DAEB");
user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1367235320441");
user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "google||receita fazenda");
user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "videodownloadconverter@mindspark.com");
user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/04/2013 at 9:20:59,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ComboFix 13-04-28.01 - f002578 29/04/2013 9:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2013.1488 [GMT -3:00]
Executando de: c:\documents and settings\f002578\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Criado um novo ponto de restauração
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\bancobrasil\officePLUGIN\index.html
c:\windows\system\chron32.dll
c:\windows\system\libeay32.dll
c:\windows\system\ssleay32.dll
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\drivers\SROUTE.SYS
c:\windows\system32\drivers\tdlserv.sys
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-03-28 to 2013-04-29 ))))))))))))))))))))))))))))
.
.
2013-04-29 12:26 . 2013-04-29 12:26 0 ----a-w- c:\windows\system32\drivers\grande48.sys
2013-04-29 12:18 . 2013-04-29 12:18 -------- d-----w- c:\windows\ERUNT
2013-04-29 12:18 . 2013-04-29 12:18 -------- d-----w- C:\JRT
2013-04-29 12:05 . 2013-04-29 12:05 -------- d-----w- c:\documents and settings\f002578\Dados de aplicativos\Malwarebytes
2013-04-29 12:05 . 2013-04-29 12:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2013-04-29 12:05 . 2013-04-29 12:06 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2013-04-29 12:05 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-29 12:01 . 2013-04-19 12:29 186768 ----a-w- c:\arquivos de programas\4zres.dll
2013-04-29 12:01 . 2013-04-19 12:29 708168 ----a-w- c:\arquivos de programas\4zUninstall VideoDownloadConverter.dll
2013-04-19 19:29 . 2013-04-19 19:29 -------- d-----w- c:\documents and settings\f002578\Configurações locais\Dados de aplicativos\IAC
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-29 12:11 . 2012-10-02 12:12 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-29 12:11 . 2011-11-24 14:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2013-03-21 14:23 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-03-21 14:23 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2011-11-30 11:14 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2011-11-24 13:28 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2011-11-24 13:28 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2011-11-24 13:28 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2013-03-21 14:23 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2011-11-24 13:28 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2011-11-30 11:14 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-11-24 13:27 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-15 11:28 . 2013-04-15 11:28 263064 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-01-22 13:31 1684520 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Serviço Scheduler2]
2011-02-03 06:49 358808 ----a-w- c:\arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 22:03 152872 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-11-18 02:55 33697792 ----a-r- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-06-25 04:51 166912 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-06-25 04:52 134656 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-06-25 04:51 136192 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-11-30 11:19 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2011-02-03 06:49 5149840 ----a-w- c:\arquivos de programas\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\IRPF2013.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [21/03/2013 11:23 49248]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [30/11/2011 15:22 46888]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [24/11/2011 11:11 752128]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30/11/2011 08:14 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/11/2011 10:28 368176]
R2 afcdpsrv;Serviço de Acronis Nonstop Backup;c:\arquivos de programas\Arquivos comuns\Acronis\CDP\afcdpsrv.exe [24/11/2011 11:11 3246040]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/11/2011 10:28 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [21/03/2013 11:23 66336]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [30/11/2011 15:22 526888]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [24/11/2011 11:11 167968]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [28/12/2011 07:55 29432]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [24/11/2011 10:11 1425280]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [21/03/2013 11:23 164736]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [28/12/2011 07:55 29432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 15:50 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 12:11]
.
2013-04-29 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-10-02 23:32]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-11-30 11:19]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-11-30 11:19]
.
2013-04-29 c:\windows\Tasks\User_Feed_Synchronization-{4CB2B5D0-0F2A-46BD-907D-1DD329F46A3C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
2013-04-29 c:\windows\Tasks\User_Feed_Synchronization-{6774533E-4879-40FD-821A-2D70ED3C6AE7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
2013-04-29 c:\windows\Tasks\User_Feed_Synchronization-{6CD3C8CF-3BC1-4AE3-985D-F7023CB60F79}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 10.4.65.16
FF - ProfilePath - c:\documents and settings\f002578\Dados de aplicativos\Mozilla\Firefox\Profiles\euagqs3t.default\
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2013-04-29 09:28
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\68AB67CA7DA76401B7448A0100000030\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="READER8;[1]"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1056)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
.
Tempo para conclusão: 2013-04-29 09:29:43
ComboFix-quarantined-files.txt 2013-04-29 12:29
.
Pré-execução: 9 pasta(s) 76.009.402.368 bytes disponíveis
Pós execução: 11 pasta(s) 77.693.001.728 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9BB62D34F51ADADB87F34E24D2DBA402

Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: v2013.04.29.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
f002578 :: FUN0132 [administrador]

29/04/2013 09:38:22
mbam-log-2013-04-29 (09-38-22).txt

Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 272620
Tempo decorrido: 13 minuto(s), 38 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1
C:\WINDOWS\system32\drivers\grande48.sys (Rootkit.Agent) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Bom Dia! Edvan

|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão na quote,para o "Bloco de Notas".

[MD5.106E91799ACBA1A95FD082F780DCA997] [SPRF][29/04/2013] (.Swearware - ComboFix NSIS Installer.) -- C:\Documents and Settings\f002578\Desktop\ComboFix.exe [5060730]
[MD5.8C0D3BE90D304B71870A35F59BA580F1] [SPRF][19/04/2013] (.MindSpark - MindSpark Toolbar Platform.) -- C:\Arquivos de programas\4zUninstall VideoDownloadConverter.dll [708168]

proxyfix
emptytemp
emptyclsid
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique no menu,"Paste ClipBoard".

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Clique "GO" -> Oui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

Bom dia amigo!.

Rapport de ZHPFix 2013.3.9.1 par Nicolas Coolman, Update du 9/03/2013
Fichier d'export Registre :
Run by f002578 at 30/04/2013 08:11:27
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Recycle Files Deleted

========== Registry Value ==========
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
No Value in Firewall Exception Register Key (FirewallRaz)

========== Repertory ==========
No Empty CLSID Directories
DELETED Flash Cookies

========== File ==========
NOT FOUND Folder/File: c:\documents and settings\f002578\desktop\combofix.exe
NOT FOUND Folder/File: c:\arquivos de programas\4zuninstall videodownloadconverter.dll
DELETED Window Temporary
DELETED Flash Cookies

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
11 : Registry Value
2 : Repertory
4 : File
1 : Restoration


End of clean in 00mn 04s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 30/04/2013 08:11:27 [1357]

Boa Noite! Edvan

|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".

O usuário está reclamando que está abrindo varias paginas aleatorias.

|- Esse problema,ainda,ocorre?
|- Tudo Ok?

Abs!

Esse problema,ainda,ocorre?
|- Tudo Ok?

Tudo resolvido amigo, pode fechar o tópico.

CASO RESOLVIDO!

Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.