Portal
Maquina muito lenta e travando.
Log para analise [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ComboFix 13-05-14.01 - f002733 15/05/2013 8:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.598 [GMT -3:00]
Executando de: c:\documents and settings\f002733.FUNPEC.BR\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 4 bytes in 2 streams.
ADS - drivers: deleted 310 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\AA Antimalware
c:\arquivos de programas\AA Antimalware\AdwareAway_Scan_Result_20120321_110840.log
c:\arquivos de programas\AA Antimalware\Customize.log
c:\arquivos de programas\AA Antimalware\debug.log
c:\arquivos de programas\AA Antimalware\LastScanResult.log
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\windows\IsUn0416.exe
c:\windows\system\chron32.dll
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DIAGNOSTICSCAN
-------\Legacy_START1DRIVER
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-04-15 to 2013-05-15 ))))))))))))))))))))))))))))
.
.
2013-05-07 19:00 . 2013-05-08 11:57 -------- d-----w- c:\documents and settings\f002733
2013-04-29 16:50 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-04-29 16:50 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-04-29 16:50 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-04-29 16:50 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-04-26 14:31 . 2013-04-26 14:31 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google
2013-04-26 13:26 . 2013-04-26 13:26 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Sun
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 13:07 . 2012-04-10 10:36 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 13:07 . 2011-05-02 10:49 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2013-03-04 18:20 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-03-04 18:20 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2011-03-11 14:45 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2011-03-11 14:45 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2011-03-11 14:45 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2006-12-14 03:14 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2013-03-04 18:20 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2011-03-11 14:45 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2006-12-14 03:14 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-03-11 14:45 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-06 12:43 . 2013-03-06 12:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-03-06 12:43 . 2013-03-06 12:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-19 11:30 . 2011-04-19 11:24 4654592 ----a-w- c:\arquivos de programas\wllogin_32.msi
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Post-it(R) Digital Notes.lnk - c:\arquivos de programas\3M\PDNotes\PDNotes.exe [2006-3-21 6485528]
Post-it® Digital Notes.lnk - c:\arquivos de programas\3M\PDNotes\PDNotes.exe [2006-3-21 6485528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-01-22 13:31 1684520 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-12-26 16:03 1652584 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^f002733.FUNPEC.BR^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.2.lnk]
path=c:\documents and settings\f002733.FUNPEC.BR\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.2.lnk
backup=c:\windows\pss\BrOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2011-03-11 13:58 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2013-02-15 10:35 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-03-06 12:43 296096 ----a-w- c:\arquivos de programas\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2011-03-11 13:41 53248 ----a-w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2011-03-11 13:41 180224 ----a-w- c:\windows\system32\VTTrayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 22:20 866584 ----a-w- c:\arquivos de programas\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [04/03/2013 15:20 49248]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [11/03/2011 15:20 46888]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/12/2006 00:14 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/03/2011 11:45 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/03/2011 11:45 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [04/03/2013 15:20 66336]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [11/03/2011 15:20 526888]
R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [28/12/2011 07:06 29432]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [04/03/2013 15:20 164736]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [28/12/2011 07:06 29432]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-03 11:52 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 13:07]
.
2013-05-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-10 23:32]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-02-15 10:32]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-02-15 10:32]
.
2013-05-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
2013-05-15 c:\windows\Tasks\User_Feed_Synchronization-{FCC684E4-71F1-4190-839C-84972C4D4AA9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 10.4.65.16
DPF: Microsoft XML Parser for Java - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - ProfilePath - c:\documents and settings\f002733.FUNPEC.BR\Dados de aplicativos\Mozilla\Firefox\Profiles\agybosxd.default\
FF - prefs.js: browser.search.defaulturl - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - prefs.js: keyword.URL - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{742E70CF-7770-412D-86CB-230B322E807C} - (no file)
AddRemove-FoxTab PDF Converter - c:\arquivos de programas\FoxTabPDFConverter\\ftpdf_inst.exe
AddRemove-Mozilla Thunderbird (5.0) - c:\documents and settings\f002733.FUNPEC.BR\ThunderBird Padrão\App\thunderbird\uninstall\helper.exe
AddRemove-PrestContas - Transmissor_is1 - c:\documents and settings\f002733.FUNPEC.BR\Meus documentos\Programas PrestContas\Transmissor\unins000.exe
AddRemove-PrestContas - Validador_is1 - c:\documents and settings\f002733.FUNPEC.BR\Meus documentos\Programas PrestContas\Validador\unins000.exe
AddRemove-{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1 - c:\documents and settings\f002733.FUNPEC.BR\Meus documentos\Minhas imagens\xrecode II\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2013-05-15 09:14
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
.
c:\docume~1\F00273~1.BR\CONFIG~1\Temp\tmp15.tmp 15324 bytes
c:\windows\TEMP\_asw_aisI.tm~a03076\onefile.dld 0 bytes
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 2
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehCef.dll
.
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehCef.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroDigitalExt.dll
c:\arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
c:\arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-05-15 09:23:55 - Máquina reiniciou
ComboFix-quarantined-files.txt 2013-05-15 12:23
.
Pré-execução: 14 pasta(s) 10.280.030.208 bytes disponíveis
Pós execução: 19 pasta(s) 13.705.015.296 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 627C217FD0CD62E88479FBDB21B49BEB
# AdwCleaner v2.300 - Relatório criado em 15/05/2013 às 09:31:57
# Atualizado em 28/04/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : f002733 - FUN0023
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\f002733.FUNPEC.BR\Desktop\adwcleaner.exe
# Opção [Remover]
***** [Serviços] *****
***** [Arquivos/Pastas] *****
Pasta Removido : C:\Arquivos de programas\AddLyrics
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\InstallMate
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\SoftSafe
***** [Registro] *****
Chave Removida : HKCU\Software\AppDataLow\SProtector
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Chave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Removida : HKLM\Software\InstallCore
Chave Removida : HKLM\Software\SP Global
Chave Removida : HKLM\Software\SProtector
***** [Navegadores] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registro está limpo.
-\\ Mozilla Firefox v3.6.28 (pt-BR)
-\\ Google Chrome v26.0.1410.64
*************************
AdwCleaner[S1].txt - [1464 octets] - [15/05/2013 09:31:57]
########## EOF - C:\AdwCleaner[S1].txt - [1524 octets] ##########
Log para analise [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ComboFix 13-05-14.01 - f002733 15/05/2013 8:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.598 [GMT -3:00]
Executando de: c:\documents and settings\f002733.FUNPEC.BR\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 4 bytes in 2 streams.
ADS - drivers: deleted 310 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\AA Antimalware
c:\arquivos de programas\AA Antimalware\AdwareAway_Scan_Result_20120321_110840.log
c:\arquivos de programas\AA Antimalware\Customize.log
c:\arquivos de programas\AA Antimalware\debug.log
c:\arquivos de programas\AA Antimalware\LastScanResult.log
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\windows\IsUn0416.exe
c:\windows\system\chron32.dll
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DIAGNOSTICSCAN
-------\Legacy_START1DRIVER
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-04-15 to 2013-05-15 ))))))))))))))))))))))))))))
.
.
2013-05-07 19:00 . 2013-05-08 11:57 -------- d-----w- c:\documents and settings\f002733
2013-04-29 16:50 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-04-29 16:50 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-04-29 16:50 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-04-29 16:50 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-04-26 14:31 . 2013-04-26 14:31 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google
2013-04-26 13:26 . 2013-04-26 13:26 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Sun
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 13:07 . 2012-04-10 10:36 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 13:07 . 2011-05-02 10:49 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2013-03-04 18:20 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-03-04 18:20 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2011-03-11 14:45 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2011-03-11 14:45 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2011-03-11 14:45 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2006-12-14 03:14 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2013-03-04 18:20 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33 . 2011-03-11 14:45 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2006-12-14 03:14 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-03-11 14:45 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-06 12:43 . 2013-03-06 12:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-03-06 12:43 . 2013-03-06 12:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-19 11:30 . 2011-04-19 11:24 4654592 ----a-w- c:\arquivos de programas\wllogin_32.msi
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Post-it(R) Digital Notes.lnk - c:\arquivos de programas\3M\PDNotes\PDNotes.exe [2006-3-21 6485528]
Post-it® Digital Notes.lnk - c:\arquivos de programas\3M\PDNotes\PDNotes.exe [2006-3-21 6485528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-01-22 13:31 1684520 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-12-26 16:03 1652584 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^f002733.FUNPEC.BR^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.2.lnk]
path=c:\documents and settings\f002733.FUNPEC.BR\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.2.lnk
backup=c:\windows\pss\BrOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2011-03-11 13:58 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2013-02-15 10:35 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-03-06 12:43 296096 ----a-w- c:\arquivos de programas\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2011-03-11 13:41 53248 ----a-w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2011-03-11 13:41 180224 ----a-w- c:\windows\system32\VTTrayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 22:20 866584 ----a-w- c:\arquivos de programas\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [04/03/2013 15:20 49248]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [11/03/2011 15:20 46888]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/12/2006 00:14 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/03/2011 11:45 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/03/2011 11:45 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [04/03/2013 15:20 66336]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [11/03/2011 15:20 526888]
R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [28/12/2011 07:06 29432]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [04/03/2013 15:20 164736]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [28/12/2011 07:06 29432]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-03 11:52 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 13:07]
.
2013-05-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-10 23:32]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-02-15 10:32]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-02-15 10:32]
.
2013-05-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
2013-05-15 c:\windows\Tasks\User_Feed_Synchronization-{FCC684E4-71F1-4190-839C-84972C4D4AA9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 10.4.65.16
DPF: Microsoft XML Parser for Java - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - ProfilePath - c:\documents and settings\f002733.FUNPEC.BR\Dados de aplicativos\Mozilla\Firefox\Profiles\agybosxd.default\
FF - prefs.js: browser.search.defaulturl - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - prefs.js: keyword.URL - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{742E70CF-7770-412D-86CB-230B322E807C} - (no file)
AddRemove-FoxTab PDF Converter - c:\arquivos de programas\FoxTabPDFConverter\\ftpdf_inst.exe
AddRemove-Mozilla Thunderbird (5.0) - c:\documents and settings\f002733.FUNPEC.BR\ThunderBird Padrão\App\thunderbird\uninstall\helper.exe
AddRemove-PrestContas - Transmissor_is1 - c:\documents and settings\f002733.FUNPEC.BR\Meus documentos\Programas PrestContas\Transmissor\unins000.exe
AddRemove-PrestContas - Validador_is1 - c:\documents and settings\f002733.FUNPEC.BR\Meus documentos\Programas PrestContas\Validador\unins000.exe
AddRemove-{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1 - c:\documents and settings\f002733.FUNPEC.BR\Meus documentos\Minhas imagens\xrecode II\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2013-05-15 09:14
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
.
c:\docume~1\F00273~1.BR\CONFIG~1\Temp\tmp15.tmp 15324 bytes
c:\windows\TEMP\_asw_aisI.tm~a03076\onefile.dld 0 bytes
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 2
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehCef.dll
.
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehCef.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroDigitalExt.dll
c:\arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
c:\arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-05-15 09:23:55 - Máquina reiniciou
ComboFix-quarantined-files.txt 2013-05-15 12:23
.
Pré-execução: 14 pasta(s) 10.280.030.208 bytes disponíveis
Pós execução: 19 pasta(s) 13.705.015.296 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 627C217FD0CD62E88479FBDB21B49BEB
# AdwCleaner v2.300 - Relatório criado em 15/05/2013 às 09:31:57
# Atualizado em 28/04/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : f002733 - FUN0023
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\f002733.FUNPEC.BR\Desktop\adwcleaner.exe
# Opção [Remover]
***** [Serviços] *****
***** [Arquivos/Pastas] *****
Pasta Removido : C:\Arquivos de programas\AddLyrics
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\InstallMate
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\SoftSafe
***** [Registro] *****
Chave Removida : HKCU\Software\AppDataLow\SProtector
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Chave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Removida : HKLM\Software\InstallCore
Chave Removida : HKLM\Software\SP Global
Chave Removida : HKLM\Software\SProtector
***** [Navegadores] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registro está limpo.
-\\ Mozilla Firefox v3.6.28 (pt-BR)
-\\ Google Chrome v26.0.1410.64
*************************
AdwCleaner[S1].txt - [1464 octets] - [15/05/2013 09:31:57]
########## EOF - C:\AdwCleaner[S1].txt - [1524 octets] ##########
» KpRm ( ... by Kernel-panik )
» ESET Rogue Applications Remover ( ... by Eset.com )
» PW Clean 2.7 ( ... by Doutor PW )
» CKScanner ( ... by askey127 )
» AdwCleaner ( ... by XPlode )
» ZHPDiag ( ... de Nicolas Coolman )
» Argente - Registry Cleaner ( ... by Argente Software )
» ListChkdskResult ( ... by SleepyDude )