ComboFix 14-05-07.03 - User 09/05/2014  12:27:24.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.2013.1514 [GMT -3:00]
Executando de: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
[i] ADS - system32: deleted 2 bytes in 1 streams. [/i]
[i] ADS - drivers: deleted 212 bytes in 1 streams. [/i]
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleanup.exe
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\documents and settings\All Users\Dados de aplicativos\TEMP\GbpSetupUni.exe
c:\documents and settings\All Users\Dados de aplicativos\TEMP\sf.exe
c:\windows\system32\Logof.dll
c:\windows\Tasks\avtapi.dll
c:\windows\Tasks\sbgeus.dll
.
estava faltando c:\windows\system32\drivers\asyncmac.sys 
Cópia restaurada de - c:\windows\system32\dllcache\asyncmac.sys
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-04-09 to 2014-05-09  ))))))))))))))))))))))))))))
.
.
2014-05-09 15:29 . 2008-04-14 06:00	14336	-c--a-w-	c:\windows\system32\dllcache\asyncmac.sys
2014-05-09 15:29 . 2008-04-14 06:00	14336	----a-w-	c:\windows\system32\drivers\asyncmac.sys
2014-05-09 11:33 . 2014-05-09 11:33	--------	d-----w-	c:\windows\system32\NtmsData
2014-04-24 11:05 . 2014-04-24 11:05	--------	d-sh--w-	c:\documents and settings\Adminstrador\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-09 15:32 . 2013-11-22 10:22	31448	----a-w-	c:\windows\system32\drivers\GbpNdisrd.sys
2014-05-08 11:08 . 2014-05-09 11:04	1063936	----a-w-	c:\windows\tasks\2.tmp
2014-05-06 11:08 . 2014-05-08 11:08	1211904	----a-w-	c:\windows\tasks\1F.tmp
2014-05-05 11:07 . 2014-05-06 11:08	1176064	----a-w-	c:\windows\tasks\1E.tmp
2014-05-03 11:46 . 2014-05-05 11:07	1219584	----a-w-	c:\windows\tasks\1D.tmp
2014-05-02 11:04 . 2014-05-03 11:46	1243136	----a-w-	c:\windows\tasks\1C.tmp
2014-04-30 11:04 . 2014-05-02 11:04	1212928	----a-w-	c:\windows\tasks\1B.tmp
2014-04-29 12:36 . 2013-11-16 12:19	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 12:36 . 2013-11-16 12:19	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-04-29 12:36 . 2013-12-11 13:35	17338544	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2014-04-29 11:27 . 2014-04-30 11:04	1152000	----a-w-	c:\windows\tasks\1A.tmp
2014-04-28 11:54 . 2014-04-29 11:27	1169408	----a-w-	c:\windows\tasks\19.tmp
2014-04-28 11:08 . 2014-04-28 11:54	1257984	----a-w-	c:\windows\tasks\18.tmp
2014-04-26 11:35 . 2014-04-28 11:08	1086464	----a-w-	c:\windows\tasks\17.tmp
2014-04-25 12:23 . 2014-04-26 11:35	1234944	----a-w-	c:\windows\tasks\16.tmp
2014-04-25 11:02 . 2014-04-25 12:23	1130496	----a-w-	c:\windows\tasks\15.tmp
2014-04-17 10:47 . 2014-04-23 11:05	1169920	----a-w-	c:\windows\tasks\12.tmp
2014-04-16 11:04 . 2014-04-17 10:47	1323008	----a-w-	c:\windows\tasks\11.tmp
2014-04-15 11:03 . 2014-04-16 11:04	1128960	----a-w-	c:\windows\tasks\10.tmp
2014-04-14 11:04 . 2014-04-15 11:03	1167360	----a-w-	c:\windows\tasks\F.tmp
2014-04-12 10:58 . 2014-04-14 11:04	1211904	----a-w-	c:\windows\tasks\E.tmp
2014-04-11 10:53 . 2014-04-12 10:58	1194496	----a-w-	c:\windows\tasks\D.tmp
2014-04-10 10:48 . 2014-04-11 10:53	1216000	----a-w-	c:\windows\tasks\C.tmp
2014-04-09 10:51 . 2014-04-10 10:48	1193984	----a-w-	c:\windows\tasks\B.tmp
2014-04-08 10:45 . 2014-04-09 10:51	1105408	----a-w-	c:\windows\tasks\A.tmp
2014-04-05 11:29 . 2014-04-08 10:45	1236992	----a-w-	c:\windows\tasks\9.tmp
2014-04-04 10:59 . 2014-04-05 11:29	1232384	----a-w-	c:\windows\tasks\8.tmp
2014-04-03 11:03 . 2014-04-04 10:59	1276928	----a-w-	c:\windows\tasks\7.tmp
2014-04-02 10:46 . 2014-04-03 11:03	1255936	----a-w-	c:\windows\tasks\6.tmp
2014-04-01 10:57 . 2014-04-02 10:46	1218560	----a-w-	c:\windows\tasks\5.tmp
2014-03-31 10:57 . 2014-04-01 10:57	1081344	----a-w-	c:\windows\tasks\4.tmp
2014-03-29 11:31 . 2014-03-31 10:57	1258496	----a-w-	c:\windows\tasks\3.tmp
2014-03-28 19:57 . 2014-03-29 11:31	1209344	----a-w-	c:\windows\tasks\39.tmp
2014-02-24 18:37 . 2013-11-22 10:23	46392	----a-w-	c:\windows\system32\drivers\gbpkm.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-05-19 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\arquivos de programas\AskPartnerNetwork\Toolbar\searchhook.dll" [2014-04-05 74704]
.
[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]
[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}]
2014-04-05 20:57	12240	----a-w-	c:\arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F524A2D-5637-006A-76A7-7A786E7484D7}"= "c:\arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll" [2014-04-05 12240]
.
[HKEY_CLASSES_ROOT\clsid\{4f524a2d-5637-006a-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F524A2D-5637-006A-76A7-7A786E7484D7}"= "c:\arquivos de programas\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll" [2014-04-05 12240]
.
[HKEY_CLASSES_ROOT\clsid\{4f524a2d-5637-006a-76a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-22 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-22 163328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-22 138752]
"AVG_UI"="c:\arquivos de programas\AVG\AVG2013\avgui.exe" [2013-11-20 4411952]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\User\Menu Iniciar\Programas\Inicializar\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GbPlugin\gbiehuni.dll" [2014-02-24 1587768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2014-02-24 18:33	1587768	----a-w-	c:\arquivos de programas\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\arquiv~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
2014-04-05 20:57	1801168	----a-w-	c:\arquivos de programas\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 03:47	31016	----a-w-	c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 22:21	1695232	------w-	c:\arquivos de programas\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ImapiService"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [22/11/2013 07:23 46392]
R2 APNMCP;Serviço de atualização Ask;c:\arquivos de programas\AskPartnerNetwork\Toolbar\apnmcp.exe [05/04/2014 17:57 166352]
R2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2013\avgwdsvc.exe [20/11/2013 00:54 283136]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [22/11/2013 07:23 519224]
R2 TeamViewer8;TeamViewer 8;c:\arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe [06/10/2013 13:41 5093216]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [22/11/2013 07:22 31448]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys --> c:\windows\system32\DRIVERS\avglogx.sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S0 urcuj;urcuj;c:\windows\system32\drivers\gtrs.sys --> c:\windows\system32\drivers\gtrs.sys [?]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys --> c:\windows\system32\DRIVERS\avgidsdriverx.sys [?]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys --> c:\windows\system32\DRIVERS\avgidsshimx.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2013\avgidsagent.exe [04/07/2013 14:53 4939312]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [22/11/2013 07:22 31448]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-05-09 c:\windows\Tasks\Adobe Flash Player Update.job
- c:\windows\addins\drprov.cpl [2014-01-15 14:59]
.
2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-16 12:36]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-10-06 16:41]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2013-10-06 16:41]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
TCP: Interfaces\{A8D5FB70-8114-4119-AFF6-0451EACAA30C}: NameServer = 192.168.0.1
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\arquivos de programas\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
AddRemove-Google Chrome - c:\arquivos de programas\Google\Chrome\Application\32.0.1700.76\Installer\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-09 12:32
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ... 
.
Procurando entradas auto inicializáveis ocultas ... 
.
Procurando ficheiros/arquivos ocultos ... 
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1004)
c:\arquivos de programas\GbPlugin\gbiehuni.dll
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'explorer.exe'(120)
c:\windows\system32\ieframe.dll
c:\arquivos de programas\GbPlugin\gbiehuni.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\arquivos de programas\Scpad\scpLIB.dll
c:\arquivos de programas\Scpad\scpMIB.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Java\jre7\bin\jqs.exe
c:\arquivos de programas\AVG\AVG2013\avgemcx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
.
**************************************************************************
.
Tempo para conclusão: 2014-05-09  12:34:06 - Máquina reiniciou
ComboFix-quarantined-files.txt  2014-05-09 15:34
.
Pré-execução: 7 pasta(s) 482.975.780.864 bytes disponíveis
Pós execução: 11 pasta(s) 483.468.472.320 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1F26297D36C54FC7EBF0762AB3FA7215
239FC8B1C26D5286165A956F5A98D8D7