Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

» Baidu lança buscador no Brasil!
Seg Ago 17, 2015 12:25 pm por joram

» Kaspersky é acusada de inventar vírus!
Sex Ago 14, 2015 3:32 pm por joram

Dezembro 2016

SegTerQuaQuiSexSabDom
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Pc infectado, log para analise

    Compartilhe

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Pc infectado, log para analise

    Mensagem por Edvan em Qua Jul 10, 2013 9:57 am

    Log para analise [Você precisa estar registrado e conectado para ver este link.]

    Amigo, desculpe aí, mais tem uma pilha de pcs aqui infectados, vou postando aos poucos os logs para vc aqui.

    P>S: parabéns pelo seu fórum, show de bola, estou indicando seu fórum a alguns amigos!



    # AdwCleaner v2.304 - Relatório criado em 10/07/2013 às 10:16:16
    # Atualizado em 03/07/2013 por Xplode
    # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
    # Usuário : f002045 - FUN0068
    # Modo de Boot : Normal
    # Executado de : C:\Documents and Settings\f002045\Meus documentos\Downloads\adwcleaner.exe
    # Opção [Remover]


    ***** [Serviços] *****

    Encerrado & Removido : IBUpdaterService

    ***** [Arquivos/Pastas] *****

    Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\.autoreg
    Arquivo Removido : C:\WINDOWS\system32\roboot.exe
    Pasta Removido : C:\Arquivos de programas\DealPly
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\IBUpdaterService
    Pasta Removido : C:\Documents and Settings\f002045\Dados de aplicativos\DealPly
    Pasta Removido : C:\Documents and Settings\f002045\Dados de aplicativos\file scout
    Pasta Removido : C:\Documents and Settings\f002045\Dados de aplicativos\Funmoods
    Pasta Removido : C:\Documents and Settings\f002045\Dados de aplicativos\PerformerSoft
    Pasta Removido : C:\Documents and Settings\f002045\Dados de aplicativos\SpeedanAlysis
    Removido Durante o reboot : C:\Documents and Settings\f002045\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon

    ***** [Registro] *****

    Chave Removida : HKCU\Software\DealPly
    Chave Removida : HKCU\Software\filescout
    Chave Removida : HKCU\Software\Funmoods
    Chave Removida : HKCU\Software\InstallCore
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Chave Removida : HKLM\Software\DealPly
    Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
    Chave Removida : HKLM\Software\InstallCore
    Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
    Valor Removida : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
    Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]

    ***** [Navegadores] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registro está limpo.

    -\\ Mozilla Firefox v2.0.0.20 (pt-BR)

    Arquivo : C:\Documents and Settings\f002045\Dados de aplicativos\Mozilla\Firefox\Profiles\9lxgnbzy.default\prefs.js

    C:\Documents and Settings\f002045\Dados de aplicativos\Mozilla\Firefox\Profiles\9lxgnbzy.default\user.js ... Removido !

    [OK] Arquivo está limpo.

    Arquivo : C:\Documents and Settings\f002873\Dados de aplicativos\Mozilla\Firefox\Profiles\r1kz32bv.default\prefs.js

    [OK] Arquivo está limpo.

    Arquivo : C:\Documents and Settings\e0035\Dados de aplicativos\Mozilla\Firefox\Profiles\5rinpb2g.default\prefs.js

    [OK] Arquivo está limpo.

    Arquivo : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\7le2y1b2.default\prefs.js

    [OK] Arquivo está limpo.

    -\\ Google Chrome v27.0.1453.116

    Arquivo : C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

    [OK] Arquivo está limpo.

    Arquivo : C:\Documents and Settings\f002045\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

    [OK] Arquivo está limpo.

    *************************

    AdwCleaner[S1].txt - [4069 octets] - [10/07/2013 10:16:16]

    ########## EOF - C:\AdwCleaner[S1].txt - [4129 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.0.3 (07.09.2013:2)
    OS: Microsoft Windows XP x86
    Ran by f002045 on 10/07/2013 at 10:27:29,42
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] dealplylive 
    Successfully deleted: [Service] dealplylive 
    Successfully stopped: [Service] dealplylivem 
    Successfully deleted: [Service] dealplylivem 



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\dealplylive.exe
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{80fabb17-63af-4655-9f07-b6509ee37af2}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{0d89de71-3d99-4288-84dc-f18f1047a7d8}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{1e0c9b2a-6447-452c-b012-2314a0c29412}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{34a8ceb6-89bb-49f1-b5e4-0d0d6c21f3b1}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3a4dbd3a-98cc-41ce-ad21-352d42b6f754}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{4f8a50f6-69de-4be3-a33a-a1079b9ac0db}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{501cb57a-d4e2-4855-96ad-edb0a9083395}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{6ff2c4dd-77a4-4bb5-ba4c-b42defbf9137}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80fabb17-63af-4655-9f07-b6509ee37af2}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{83aba270-8390-4ca6-ae48-fc089f55629e}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8b218a5f-1a3d-4347-94ef-a79575eb8094}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{9bdb5e09-4bba-4422-8c2b-529b281c32b8}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{c536f080-57b7-46d6-8894-c647553f2889}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ca5d945f-e738-4d0b-a0b5-25ac51c64659}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f7698761-4aba-45c2-a5bb-d2163922c725}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ffcc53e6-2655-47fc-a89b-54e8d7f305d1}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickctrl.9
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.update3webcontrol.3
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc.1.0
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mime\database\content type\application/x-vnd.dpliveupdate.oneclickctrl.9
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mime\database\content type\application/x-vnd.dpliveupdate.update3webcontrol.3
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows nt\currentversion\image file execution options\dealplylive.exe



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Arquivos de programas\dealplylive"





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10/07/2013 at 10:33:30,50
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Última edição por Edvan em Qua Jul 10, 2013 10:03 am, editado 1 vez(es)

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Pc infectado, log para analise

    Mensagem por Edvan em Qua Jul 10, 2013 9:58 am

    continuação:



    ComboFix 13-07-09.01 - f002045 10/07/2013  10:41:13.1.1 - x86
    Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.1983.1468 [GMT -3:00]
    Executando de: c:\documents and settings\f002045\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ADS - system32: deleted 6 bytes in 3 streams.
    ADS - drivers: deleted 412 bytes in 1 streams.
    .
    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\bancobrasil\officePLUGIN\index.html
    c:\windows\sys
    c:\windows\sys\An internal server error occurred. Please try again later
    c:\windows\sys\svcserv.exe
    c:\windows\sys\svctime.exe
    c:\windows\system\chron32.dll
    c:\windows\system\libeay32.dll
    c:\windows\system\ssleay32.dll
    D:\install.exe
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2013-06-10 to 2013-07-10  ))))))))))))))))))))))))))))
    .
    .
    2013-07-10 13:27 . 2013-07-10 13:27 -------- d-----w- c:\windows\ERUNT
    2013-07-09 10:50 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Windows Defender\Definition Updates\{78352295-71F2-4F51-AC28-380828D87383}\mpengine.dll
    2013-07-01 10:39 . 2013-07-01 10:39 -------- d-----w- c:\arquivos de programas\LyricsBot
    2013-06-19 18:30 . 2013-06-19 18:30 -------- d-----w- c:\documents and settings\f002045\Configurações locais\Dados de aplicativos\DealPlyLive
    2013-06-19 18:30 . 2013-06-19 18:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DealPlyLive
    2013-06-19 18:29 . 2013-07-01 10:39 -------- d-----w- c:\arquivos de programas\LyricsOn
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-07-10 13:41 . 2011-12-28 09:35 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
    2013-06-12 13:04 . 2012-11-23 09:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-06-12 13:04 . 2011-06-07 10:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-06-12 04:18 . 2010-07-26 18:37 7068072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-05-14 11:17 . 2013-05-14 11:17 31744 --sh--w- c:\windows\system32\FileZilla.dll
    2013-05-13 11:58 . 2009-09-15 17:06 47720 ----a-w- c:\windows\system32\drivers\gbpkm.sys
    2013-05-07 22:26 . 2004-08-04 03:45 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-05-07 22:26 . 2004-08-04 03:45 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-05-07 22:26 . 2004-08-04 03:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-05-07 21:53 . 2004-08-04 03:37 385024 ----a-w- c:\windows\system32\html.iec
    2013-05-03 05:39 . 2004-08-04 03:40 2197760 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-05-03 05:39 . 2004-08-04 00:40 2074368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-05-02 05:06 . 2010-07-26 18:37 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-12 14:01 . 2004-08-04 03:38 1876480 ----a-w- c:\windows\system32\win32k.sys
    2009-09-15 20:54 . 2009-09-10 18:37 67688 ----a-w- c:\arquivos de programas\mozilla firefox\components\jar50.dll
    2009-09-15 20:54 . 2009-09-10 18:37 54368 ----a-w- c:\arquivos de programas\mozilla firefox\components\jsd3250.dll
    2009-09-15 20:54 . 2009-09-10 18:37 34944 ----a-w- c:\arquivos de programas\mozilla firefox\components\myspell.dll
    2009-09-15 20:54 . 2009-09-10 18:37 46712 ----a-w- c:\arquivos de programas\mozilla firefox\components\spellchk.dll
    2009-09-15 20:54 . 2009-09-10 18:37 172136 ----a-w- c:\arquivos de programas\mozilla firefox\components\xpinstal.dll
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{224D7745-F4C6-4C98-A2C2-E4C1DEE8252F}]
    2013-05-14 11:17 31744 --sh--w- c:\windows\system32\FileZilla.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:12 121528 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2013-05-08 18680424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe" [2006-09-21 53248]
    "S3Trayp"="S3trayp.exe" [2007-02-05 176128]
    "HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-05-11 790528]
    "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
    Acrobat Assistant.lnk - c:\arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-4-7 217190]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{E37CB5F0-51F5-4395-A808-5FA49E399014}"= "c:\arquivos de programas\GbPlugin\gbiehbnb.dll" [2012-11-06 643008]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
    2013-05-23 13:47 1389096 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBnb]
    2012-11-06 12:26 643008 ----a-w- c:\arquivos de programas\GbPlugin\gbiehbnb.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
    2012-12-26 16:03 1652584 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\Canon\\DIAS\\CnxDIAS.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\f002045\\Configurações locais\\Temp\\ibtmpc810551\\component_613"=
    "c:\\Documents and Settings\\f002045\\Configurações locais\\Temp\\ibtmpc810551\\component_369"=
    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
    .
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [15/09/2009 14:06 47720]
    R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [10/09/2009 10:12 16896]
    R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [10/09/2009 10:12 52224]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04/10/2011 10:47 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/12/2010 08:40 355632]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/12/2010 08:40 21256]
    R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [19/05/2011 16:16 410152]
    R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [30/07/2010 15:38 99896]
    R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
    R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [30/07/2010 15:37 17408]
    R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [28/12/2011 06:35 31088]
    S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [01/03/2013 12:11 161384]
    S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [28/12/2011 06:35 31088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-20 11:08 1165776 ----a-w- c:\arquivos de programas\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-23 13:04]
    .
    2013-07-10 c:\windows\Tasks\avast! Emergency Update.job
    - c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-09-19 09:12]
    .
    2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-24 20:10]
    .
    2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-24 20:10]
    .
    2013-07-10 c:\windows\Tasks\Lyrics Bot Update.job
    - c:\arquivos de programas\LyricsBot\lyrcsBupd.exe [2013-06-24 14:27]
    .
    2013-07-10 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
    .
    2013-07-10 c:\windows\Tasks\User_Feed_Synchronization-{BD28933B-34E3-409A-BFD2-36150EE9A25D}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
    .
    2013-07-10 c:\windows\Tasks\User_Feed_Synchronization-{FE56C7E3-A609-476F-8785-9625E34296E7}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = [Você precisa estar registrado e conectado para ver este link.]
    uInternet Connection Wizard,ShellNext = iexplore
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: bancobrasil.com.br
    Trusted Zone: bancobrasil.com.br\www
    Trusted Zone: bancobrasil.com.br\www14
    Trusted Zone: bancobrasil.com.br\www2
    Trusted Zone: bb.com.br
    Trusted Zone: bb.com.br\www
    Trusted Zone: com.br\office.bancobrasil
    Trusted Zone: com.br\[Você precisa estar registrado e conectado para ver este link.]
    Trusted Zone: com.br\[Você precisa estar registrado e conectado para ver este link.]
    Trusted Zone: com.br\[Você precisa estar registrado e conectado para ver este link.]
    Trusted Zone: com.br\www2.bancobrasil
    TCP: DhcpNameServer = 10.4.65.16
    DPF: Microsoft XML Parser for Java - [Você precisa estar registrado e conectado para ver este link.]
    FF - ProfilePath - c:\documents and settings\f002045\Dados de aplicativos\Mozilla\Firefox\Profiles\9lxgnbzy.default\
    FF - prefs.js: network.proxy.type - 2
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Você precisa estar registrado e conectado para ver este link.]
    Rootkit scan 2013-07-10 10:49
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ... 
    .
    Procurando entradas auto inicializáveis ocultas ... 
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????????????? 
    .
    Procurando ficheiros/arquivos ocultos ... 
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]
    "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
    .
    - - - - - - - > 'winlogon.exe'(948)
    c:\arquivos de programas\GBPLUGIN\gbieh.dll
    c:\arquivos de programas\GbPlugin\gbiehbnb.dll
    c:\arquivos de programas\GBPLUGIN\gbiehcef.dll
    .
    Tempo para conclusão: 2013-07-10  10:51:45
    ComboFix-quarantined-files.txt  2013-07-10 13:51
    .
    Pré-execução: 11 pasta(s) 49.948.446.720 bytes disponíveis
    Pós execução: 13 pasta(s) 52.567.273.472 bytes disponíveis
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 763952300F4F8404524E9AC3C501CC6F
    239FC8B1C26D5286165A956F5A98D8D7

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Pc infectado, log para analise

    Mensagem por joram em Qua Jul 10, 2013 10:13 am

    Bom Dia! Edvan

    Amigo, desculpe aí, mais tem uma pilha de pcs aqui infectados, vou postando aos poucos os logs para vc aqui.

    P>S: parabéns pelo seu fórum, show de bola, estou indicando seu fórum a alguns amigos!
    |- Vamos,então,trabalhar! 
    |- Muito agradecido pela indicação e,dentro das limitações em que está o Fórum SecSecurity,não houve espaço para ampliações e maior conforto aos Usuários que está reduzido.

    -/-

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... by Smeenk )

    |- Ou aqui! < [Você precisa estar registrado e conectado para ver este link.] >

    |- Salve-o no desktop!
    |- Desabilite seu antivírus!
    |- Para Windows 7,execute zoek.exe como administrador.

    startupall; 
    autoclean; 
    filesrcm; 
    emptyalltemp;
     

    |- Copie e cole estas informações,em vermelho,no campo da ferramenta.
    |- Clique "Run Script". <- Aguarde!

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Aceite e/ou confirme o reboot!

    zoek.hta failed by unknown error.
    Restart computer, and try again.
    |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
    |- Poste o relatório,que estará em C:\zoek-results.txt << 

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Pc infectado, log para analise

    Mensagem por Edvan em Qua Jul 10, 2013 12:54 pm

    Zoek.exe Version 4.0.0.3 Updated 10-July-2013
    Tool run by f002045 on 10/07/2013 at 11:52:45,93.
    Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
    Running in: Normal Mode Internet Access Detected
    ==== System Restore Info ======================
    Failed to create System Restore Point
    ==== Deleting CLSID Registry Keys ======================

    ==== Deleting CLSID Registry Values ======================

    ==== Deleting Services ======================

    ==== Deleting Files \ Folders ======================
    "C:\Documents and Settings\f002045\Dados de aplicativos\desktop.ini" deleted
    "C:\WINDOWS\002948_.tmp" deleted
    "C:\WINDOWS\SET3.tmp" deleted
    "C:\WINDOWS\SET4.tmp" deleted
    "C:\WINDOWS\SET8.tmp" deleted
    "C:\WINDOWS\tasks\Lyrics Bot Update.job" deleted
    "C:\Arquivos de programas\LyricsBot" deleted
    "C:\Arquivos de programas\LyricsOn" deleted
    ==== Files Recently Created / Modified ======================
    ====== C:\WINDOWS ====
    2013-07-10 13:37:41 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
    2013-07-10 13:37:41 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
    2013-07-10 13:37:41 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
    2013-07-10 13:37:41 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
    2013-07-10 13:37:41 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
    ====== C:\DOCUME~1\f002045\CONFIG~1\Temp ====
    ====== C:\WINDOWS\system32 =====
    ====== C:\WINDOWS\system32\drivers =====
    2013-07-10 14:49:15 ED0E308083F35635C3ECBF8F89B4D9F6 1814 ----a-w- C:\WINDOWS\System32\drivers\ndisrd_m.inf
    ====== C:\WINDOWS\Tasks ======
    ====== C:\WINDOWS\Temp ======
    ======= C:\Arquivos de programas =====
    2013-07-10 14:00:06 -------- d-----w- C:\Arquivos de programas\ZHPDiag
    ======= C: =====
    2013-07-10 14:01:19 FF4231CFC7BC41258B81C16B80FF0360 512 ----a-w- C:\PhysicalDisk0_MBR.bin
    2013-07-10 13:39:34 FA579938B0733B87066546AFE951082C 211 ----a-w- C:\Boot.bak
    2013-07-10 13:39:31 C51A881398F29071239741AE16D07C1C 261856 --sha-r- C:\cmldr
    2013-07-10 13:16:16 891DF0BB4B484B1474043351F5E63797 4198 ----a-w- C:\AdwCleaner[S1].txt
    ====== C:\Documents and Settings\f002045\Dados de aplicativos ======
    2013-06-19 18:30:07 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\DealPlyLive
    ====== C:\Documents and Settings\f002045 ======
    2013-07-10 14:48:55 -------- d-sh--w- C:\Documents and Settings\NetworkService\Cookies
    ====== C: exe-files ==
    2013-07-10 14:00:10 AE326A97F634217CAC29739D376DF934 344187 ----a-w- C:\Documents and Settings\f002045\Desktop\Ferramenta para remoção de virus\ZHP_uninstall.exe
    2013-07-10 14:00:10 8747E33E978E91C7888364E95F53D977 370235 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPDiags.exe
    2013-07-10 14:00:10 74C3DFCC1C6BF8B0BD977EF6F4185208 2709504 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix.exe
    2013-07-10 14:00:09 56873D899C0707AA017AA2D74EC190AE 3770368 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe
    2013-07-10 14:00:07 E100F7F1AA506F91A3C64366EE290E33 555944 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl64.exe
    2013-07-10 14:00:07 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
    2013-07-10 14:00:07 C3D16F308C98CB3BDC315D996D7D89AD 706512 ----a-w- C:\Arquivos de programas\ZHPDiag\unins000.exe
    2013-07-10 14:00:07 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Arquivos de programas\ZHPDiag\mbr.exe
    2013-07-10 14:00:07 79C7BC4A7642D908A1527A0EB90138C9 452008 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl32.exe
    2013-07-10 14:00:07 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Arquivos de programas\ZHPDiag\pv.exe
    2013-07-10 14:00:07 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Arquivos de programas\ZHPDiag\subinacl.exe
    2013-07-10 14:00:07 417C1BE0BF4D7C505D60D2CEFCDF2347 231048 ----a-w- C:\Arquivos de programas\ZHPDiag\sigcheck.exe
    2013-07-10 14:00:06 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Arquivos de programas\ZHPDiag\catchme.exe
    2013-07-10 14:00:06 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Arquivos de programas\ZHPDiag\Lads.exe
    2013-07-10 14:00:06 5BBF2A0351E336646022D09009560CEF 143360 ----a-w- C:\Arquivos de programas\ZHPDiag\FileInfos.exe
    2013-07-10 13:59:10 E897110EE5E67FABB83B154DF9C68D6A 794216 ----a-w- C:\Documents and Settings\f002045\Desktop\Ferramenta para remoção de virus\ZHPDiag_silent.exe
    2013-07-10 13:39:30 F0C08E06A2A3EF0618E3990DE36BAB21 616960 ----a-w- C:\cmdcons\autochk.exe
    2013-07-10 13:39:30 A317FC1D2F892651DEC970B9CCCD6D92 608768 ----a-w- C:\cmdcons\autofmt.exe
    2013-07-10 13:37:41 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
    2013-07-10 13:37:41 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
    2013-07-10 13:37:41 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
    2013-07-10 13:37:41 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
    2013-07-10 13:37:41 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
    2013-07-10 13:26:55 F77796B412A0A0B436B210367FCE2AB3 552529 ----a-w- C:\Documents and Settings\f002045\Meus documentos\Downloads\JRT.exe
    2013-07-10 13:15:28 1078C8BD8C62CF4DEE6FE1058C3D56A7 650027 ----a-w- C:\Documents and Settings\f002045\Meus documentos\Downloads\adwcleaner.exe
    2013-07-05 19:07:43 CA35155F6B4C4DB2513AAAA868BAFF47 324488 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
    2013-07-05 19:07:43 C3190BA6ED6220369EEEED081A14DDFC 59784 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe
    2013-07-05 19:07:43 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdateSetup.exe
    2013-07-05 19:07:43 1017788353D8349BF6086B9CDDC8CB7B 59784 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdateBroker.exe
    2013-07-05 19:07:43 09C87F376507122A5FE1CBE06E015512 239496 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleCrashHandler.exe
    2013-07-05 19:07:42 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdate.exe
    2013-07-05 19:07:33 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Arquivos de programas\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.149\GoogleUpdateSetup.exe
    === C: other files ==
    2013-07-10 13:39:17 73B8308CF069709A76009E97C5C97D11 7513 ----a-w- C:\Qoobox\BackEnv\SetPath.bat
    ==== Startup Registry Enabled ======================
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
    [HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21088\Software\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe /minimized /regrun"
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe"
    "S3Trayp"="S3trayp.exe"
    "HDAudDeck"="C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1"
    "SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
    "Adobe ARM"="C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe /minimized /regrun"
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
    ==== Startup Folders ======================
    2009-09-10 13:23:22 1864 ----a-w- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Acrobat Assistant.lnk
    ==== Task Scheduler Jobs ======================
    C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/06/2013 10:04]
    C:\WINDOWS\tasks\avast\Undetermined Task.exe []
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [24/08/2011 17:10]
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
    C:\WINDOWS\tasks\MP Scheduled Scan.job --ah----- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe [03/11/2006 19:20]
    C:\WINDOWS\tasks\User_Feed_Synchronization-{BD28933B-34E3-409A-BFD2-36150EE9A25D}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 04:31]
    C:\WINDOWS\tasks\User_Feed_Synchronization-{FE56C7E3-A609-476F-8785-9625E34296E7}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 04:31]
    ==== Firefox Extensions ======================
    ProfilePath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\7le2y1b2.default
    - Java Quick Starter - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff
    - Java Console - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    - Undetermined - %ProfilePath%\extensions\staged-xpis
    - Undetermined - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    - Mdulo de segurana - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
    ProfilePath: C:\Documents and Settings\e0035\Dados de aplicativos\Mozilla\Firefox\Profiles\5rinpb2g.default
    - Java Quick Starter - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff
    - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    - Mdulo de Segurana - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
    ProfilePath: C:\Documents and Settings\f002045\Dados de aplicativos\Mozilla\Firefox\Profiles\9lxgnbzy.default
    - Java Console - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    - Java Quick Starter - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff
    - Undetermined - C:\Arquivos de programas\LyricsOn\FF
    - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    - Mdulo de segurana - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
    ProfilePath: C:\Documents and Settings\f002873\Dados de aplicativos\Mozilla\Firefox\Profiles\r1kz32bv.default
    - Java Quick Starter - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff
    - Undetermined - %ProfilePath%\extensions\staged-xpis
    - Undetermined - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    ==== Firefox Plugins ======================

    ==== Chrome Look ======================
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    hcjaoindegekegaeihocoidchhbgilbd - C:\Arquivos de programas\LyricsBot\116.crx[]
    icmlaeflemplmjndnaapfdbbnpncnbda - C:\Arquivos de programas\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[21/08/2012 06:10]
    ==== Set IE to Default ======================
    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="[Você precisa estar registrado e conectado para ver este link.]"
    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="[Você precisa estar registrado e conectado para ver este link.]"
    ==== All HKCU SearchScopes ======================
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{EB857973-D9B2-438A-B9FF-0F88AD32608F}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="[Você precisa estar registrado e conectado para ver este link.]"
    {4B10C427-ACAE-4FF8-B3E4-9DC287D087D5} Google  Url="[Você precisa estar registrado e conectado para ver este link.]"
    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="[Você precisa estar registrado e conectado para ver este link.]}"
    {EB857973-D9B2-438A-B9FF-0F88AD32608F} Yahoo//search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
    ==== Deleting Registry Keys ======================
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\hcjaoindegekegaeihocoidchhbgilbd deleted successfully
    ==== Empty IE Cache ======================
    C:\Documents and Settings\f002045\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\LocalService\Configurações locais\temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    ==== Empty FireFox Cache ======================
    No FireFox Cache found
    ==== Empty Chrome Cache ======================
    No Chrome User Data found
    ==== Empty All Flash Cache ======================
    Flash Cache Emptied Successfully
    ==== Empty All Java Cache ======================
    Java Cache cleared successfully
    ==== After Reboot ======================
    ==== Empty Temp Folders ======================
    C:\WINDOWS\Temp successfully emptied
    C:\DOCUME~1\f002045\CONFIG~1\Temp successfully emptied
    ==== Empty Recycle Bin ======================
    C:\RECYCLER successfully emptied
    ==== EOF on 10/07/2013 at 13:05:01,67 ======================

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Pc infectado, log para analise

    Mensagem por joram em Qua Jul 10, 2013 1:02 pm

    Olá! Edvan

    |- Mesmo procedimento ao finalizar!

    |- DelFix Arrow JetClean Arrow JetBoost.

    |- Tudo Ok?

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Pc infectado, log para analise

    Mensagem por Edvan em Qua Jul 10, 2013 1:04 pm

    O log do [Você precisa estar registrado e conectado para ver este link.] acusou alguma coisa?
    [Você precisa estar registrado e conectado para ver este link.]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Pc infectado, log para analise

    Mensagem por joram em Qua Jul 10, 2013 1:24 pm

    Olá! Edvan

    < C:\Documents and Settings\f002045\Dados de aplicativos\dwonehaumcsh.dat >

    |- Conheces este ficheiro?
    |- Desculpe-me! Esqueci de postar este script.

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
    #####

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key
    O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key
    O2 - BHO: (no name) - {224D7745-F4C6-4C98-A2C2-E4C1DEE8252F} Orphean Key
    O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} Orphean Key
    O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} Orphean Key
    O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} Orphean Key
    O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} Orphean Key
    O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} Orphean Key
    O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540014} Orphean Key
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key
    O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key
    O3 - Toolbar: (no name) - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (...) --  (.not file.)
    O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) --  (.not file.)
    O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\Lyrics Bot Update.job
    [MD5.133251844AE6772545AF8132609EA24A] [APT] [Lyrics Bot Update] (.APDMT LTD.) -- C:\Arquivos de programas\LyricsBot\lyrcsBupd.exe
    O43 - CFD: 01/07/2013 - 07:39:37 - [0,993] ----D C:\Arquivos de programas\LyricsBot
    O43 - CFD: 01/07/2013 - 07:39:21 - [0] ----D C:\Arquivos de programas\LyricsOn
    C:\Arquivos de programas\LyricsBot

    [HKCU\Software\LyricsBot]
    [HKLM\Software\Swearware]

    proxyfix
    emptytemp
    emptyclsid
    emptyflash
    firewallraz
    sysrestore

    #####
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Pc infectado, log para analise

    Mensagem por Edvan em Qua Jul 10, 2013 1:59 pm

    < C:\Documents and Settings\f002045\Dados de aplicativos\dwonehaumcsh.dat >

    Não conheço amigo.
     

    Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013
    Fichier d'export Registre : 
    Run by f001699 at 10/07/2013 14:59:45
    High Elevated Privileges : OK
    Windows XP Professional Service Pack 3 (Build 2600)

    Recycle Files Deleted

    ========== Registry Key ==========
    NOT FOUND Key: CLSID BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    DELETED  Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    NOT FOUND Key: CLSID BHO: {224D7745-F4C6-4C98-A2C2-E4C1DEE8252F}
    NOT FOUND Key: CLSID BHO: {2E3C3651-B19C-4DD9-A979-901EC3E930AF}
    NOT FOUND Key: CLSID BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
    NOT FOUND Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
    NOT FOUND Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}
    NOT FOUND Key: CLSID BHO: {AE7CD045-E861-484f-8273-0445EE161910}
    NOT FOUND Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}
    NOT FOUND Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003}
    NOT FOUND Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540014}
    DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
    DELETED  Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    NOT FOUND Key: CLSID BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
    NOT FOUND Key: HKCU\Software\LyricsBot
    NOT FOUND Key: HKLM\Software\Swearware

    ========== Registry Value ==========
    NOT FOUND Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}
    NOT FOUND Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
    ProxyFix : Proxy killed successfully
    DELETED ProxyServer Value
    DELETED ProxyEnable Value
    DELETED EnableHttp1_1 Value
    DELETED ProxyHttp1.1 Value
    DELETED ProxyOverride Value
    DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
    DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
    DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
    No Value in Firewall Exception Register Key (FirewallRaz)

    ========== Repertory ==========
    No Empty CLSID Directories
    DELETED Flash Cookies

    ========== File ==========
    NOT FOUND File: c:\windows\tasks\lyrics bot update.job
    NOT FOUND Folder/File: c:\arquivos de programas\lyricsbot\lyrcsbupd.exe
    NOT FOUND Folder/File: c:\arquivos de programas\lyricsbot
    DELETED Window Temporary
    DELETED Flash Cookies

    ========== Task ==========
    NOT FOUND Task: Lyrics Bot Update

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    17 : Registry Key
    13 : Registry Value
    2 : Repertory
    5 : File
    1 : Task
    1 : Restoration


    End of clean in 00mn 14s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 10/07/2013 14:59:45 [2746]

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Pc infectado, log para analise

    Mensagem por Edvan em Qua Jul 10, 2013 2:25 pm

    Acho que fiz merda amigo..kkkk

    esse scrip do ZHPFix  passei em outro pc.  Será que vai dar algum problema?


    por isso que nao estava achando:

    C:\Documents and Settings\f002045\Dados de aplicativos\dwonehaumcsh.dat >

     Vou gerar um novo log para vc analisar, me atrapalhei todo, passar procedimento em duas maquinas distintas só dar nisso!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Pc infectado, log para analise

    Mensagem por Edvan em Qua Jul 10, 2013 2:45 pm

     Novo log [Você precisa estar registrado e conectado para ver este link.]

    Creio que esteja tudo normal!.

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Pc infectado, log para analise

    Mensagem por joram em Qua Jul 10, 2013 3:17 pm

    Edvan escreveu: Novo log [Você precisa estar registrado e conectado para ver este link.]

    Creio que esteja tudo normal!.

     Olá! Edvan

    |- Sem problemas,pois este script está direcionado à entradas inválidas,sendo inócuo em outra máquina.

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
    #####

    O43 - CFD: 19/06/2013 - 15:30:07 - [0] ----D C:\Documents and Settings\f002045\Configurações locais\Dados de aplicativos\DealPlyLive 

    C:\Documents and Settings\f002045\Configurações locais\Dados de aplicativos\DealPlyLive

    [HKCU\Software\LyricsBot] 

    firewallraz
    sysrestore

    #####
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Pc infectado, log para analise

    Mensagem por Edvan em Qui Jul 11, 2013 9:55 pm

    Amigo, amanhã as 08:30hs estarei passando a ferramenta no pc.
     
    P.S: Depois de rodar o script no ZHPFIX, posso finalizar passando o delfix?

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Pc infectado, log para analise

    Mensagem por joram em Sex Jul 12, 2013 9:47 am

    Edvan escreveu:Amigo, amanhã as 08:30hs estarei passando a ferramenta no pc.
     
    P.S: Depois de rodar o script no ZHPFIX, posso finalizar passando o delfix?

     Olá! Edvan

    |- Sim! Utilize DelFix e poste seu relatório.

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Pc infectado, log para analise

    Mensagem por Edvan em Sex Jul 12, 2013 2:37 pm

    pronto amigo, já rodei o script no ZHPFIX e o DelFix.

    Tudo ok agora.


     # DelFix v10.3 - Logfile created 12/07/2013 at 15:29:44
    # Updated 08/06/2013 by Xplode
    # Username : f002045 - FUN0068
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\ZHP
    Deleted : C:\Arquivos de programas\ZHPDiag
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\Documents and Settings\f002045\Desktop\ZHPFixReport.txt
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

    ~ Cleaning system restore ...

    Deleted : RP #886 [Software Distribution Service 3.0 | 07/10/2013 18:27:10]
    Deleted : RP #887 [Ponto de verificação do sistema | 07/10/2013 18:27:11]
    Deleted : RP #888 [Ponto de verificação do sistema | 07/10/2013 18:27:11]
    Deleted : RP #889 [Software Distribution Service 3.0 | 07/10/2013 18:27:11]
    Deleted : RP #890 [Ponto de verificação do sistema | 07/10/2013 18:27:12]
    Deleted : RP #891 [Ponto de verificação do sistema | 07/10/2013 18:27:12]
    Deleted : RP #892 [Software Distribution Service 3.0 | 07/10/2013 18:27:12]
    Deleted : RP #893 [Ponto de verificação do sistema | 07/10/2013 18:27:13]
    Deleted : RP #894 [Ponto de verificação do sistema | 07/10/2013 18:27:13]
    Deleted : RP #895 [Software Distribution Service 3.0 | 07/10/2013 18:27:13]
    Deleted : RP #896 [Software Distribution Service 3.0 | 07/10/2013 18:27:13]
    Deleted : RP #897 [Ponto de verificação do sistema | 07/10/2013 18:27:14]
    Deleted : RP #898 [Ponto de verificação do sistema | 07/10/2013 18:27:14]
    Deleted : RP #899 [Software Distribution Service 3.0 | 07/10/2013 18:27:14]
    Deleted : RP #900 [Ponto de verificação do sistema | 07/10/2013 18:27:15]
    Deleted : RP #901 [Software Distribution Service 3.0 | 07/10/2013 18:27:15]
    Deleted : RP #902 [Software Distribution Service 3.0 | 07/10/2013 18:27:15]
    Deleted : RP #903 [Ponto de verificação do sistema | 07/10/2013 18:27:16]
    Deleted : RP #904 [Ponto de verificação do sistema | 07/10/2013 18:27:16]
    Deleted : RP #905 [Software Distribution Service 3.0 | 07/10/2013 18:27:16]
    Deleted : RP #906 [Software Distribution Service 3.0 | 07/10/2013 18:27:17]
    Deleted : RP #907 [Software Distribution Service 3.0 | 07/10/2013 18:27:17]
    Deleted : RP #908 [Software Distribution Service 3.0 | 07/10/2013 18:27:17]
    Deleted : RP #909 [Software Distribution Service 3.0 | 07/10/2013 18:27:17]
    Deleted : RP #910 [Software Distribution Service 3.0 | 07/10/2013 18:27:18]
    Deleted : RP #911 [Software Distribution Service 3.0 | 07/10/2013 18:27:18]
    Deleted : RP #912 [Software Distribution Service 3.0 | 07/10/2013 18:27:18]
    Deleted : RP #913 [Software Distribution Service 3.0 | 07/10/2013 18:27:18]
    Deleted : RP #914 [Software Distribution Service 3.0 | 07/10/2013 18:27:19]
    Deleted : RP #915 [Ponto de verificação do sistema | 07/10/2013 18:27:19]
    Deleted : RP #916 [Software Distribution Service 3.0 | 07/10/2013 18:27:19]
    Deleted : RP #917 [Ponto de verificação do sistema | 07/10/2013 18:27:19]
    Deleted : RP #918 [Software Distribution Service 3.0 | 07/10/2013 18:27:20]
    Deleted : RP #919 [Software Distribution Service 3.0 | 07/10/2013 18:27:20]
    Deleted : RP #920 [Ponto de verificação do sistema | 07/10/2013 18:27:21]
    Deleted : RP #921 [Software Distribution Service 3.0 | 07/10/2013 18:27:21]
    Deleted : RP #922 [Software Distribution Service 3.0 | 07/10/2013 18:27:21]
    Deleted : RP #923 [Software Distribution Service 3.0 | 07/10/2013 18:27:22]
    Deleted : RP #924 [Ponto de verificação do sistema | 07/10/2013 18:27:22]
    Deleted : RP #925 [Software Distribution Service 3.0 | 07/10/2013 18:27:23]
    Deleted : RP #926 [Software Distribution Service 3.0 | 07/10/2013 18:27:24]
    Deleted : RP #927 [Ponto de verificação do sistema | 07/10/2013 18:27:24]
    Deleted : RP #928 [Software Distribution Service 3.0 | 07/10/2013 18:27:24]
    Deleted : RP #929 [Ponto de verificação do sistema | 07/10/2013 18:27:24]
    Deleted : RP #930 [Software Distribution Service 3.0 | 07/10/2013 18:27:25]
    Deleted : RP #931 [Ponto de verificação do sistema | 07/10/2013 18:27:25]
    Deleted : RP #932 [Software Distribution Service 3.0 | 07/10/2013 18:27:25]
    Deleted : RP #933 [Software Distribution Service 3.0 | 07/10/2013 18:27:25]
    Deleted : RP #934 [Windows Defender Checkpoint | 07/10/2013 18:27:26]
    Deleted : RP #935 [Ponto de verificação do sistema | 07/10/2013 18:27:26]
    Deleted : RP #936 [End of disinfection | 07/10/2013 18:27:30]
    Deleted : RP #937 [Software Distribution Service 3.0 | 07/12/2013 11:14:04]
    Deleted : RP #938 [Software Distribution Service 3.0 | 07/12/2013 12:01:48]
    Deleted : RP #939 [P | 07/12/2013 18:29:18]

    New restore point created !

    ########## - EOF - ##########

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Pc infectado, log para analise

    Mensagem por joram em Sex Jul 12, 2013 2:42 pm

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: Pc infectado, log para analise

    Mensagem por Conteúdo patrocinado Hoje à(s) 8:38 am


      Data/hora atual: Sab Dez 03, 2016 8:38 am