Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» Clean_DNS ( ... by g3n-h@ckm@n )
Dom Jul 16, 2017 6:00 pm por joram

»  MCShield ( ... by Borislav Šurbat and Boban Spasić )
Qua Jul 12, 2017 3:22 pm por joram

» CheckDiskGUI ( ... by Emiel Wieldraaijer )
Seg Jul 10, 2017 11:08 am por joram

» Eset Online Scanner ( ... by Eset.com )
Sab Jul 08, 2017 9:32 am por joram

» Virus Total ( ... de virustotal.com )
Dom Jun 11, 2017 9:21 am por joram

» RogueKiller ( ... by adlice.com )
Dom Jun 04, 2017 8:36 pm por joram

» Sophos Virus Removal Tool ( ... by Sophos.com )
Dom Maio 21, 2017 4:44 pm por joram

» 9-Lab Malware Removal Tool ( ... by 9-lab.com )
Sab Dez 31, 2016 4:24 am por joram

» SFCFix ( ... de niemiro )
Sab Dez 24, 2016 9:29 am por joram

Julho 2017

SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Maquina infectada, log para analise.

    Compartilhe
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Maquina infectada, log para analise.

    Mensagem por Edvan em Sex Jun 07, 2013 11:17 am

    Passei essas ferramentas e gerei o log agora [Você precisa estar registrado e conectado para ver este link.]



    # AdwCleaner v2.302 - Relatório criado em 07/06/2013 às 11:59:54
    # Atualizado em 06/06/2013 por Xplode
    # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
    # Usuário : Willian - WILLIAN
    # Modo de Boot : Normal
    # Executado de : C:\Documents and Settings\Willian\Desktop\adwcleaner.exe
    # Opção [Remover]


    ***** [Serviços] *****


    ***** [Arquivos/Pastas] *****

    Arquivo Removido : C:\Arquivos de programas\Mozilla FireFox\searchplugins\Search_Results.xml
    Arquivo Removido : C:\DOCUME~1\Willian\CONFIG~1\Temp\Searchqu.ini
    Arquivo Removido : C:\DOCUME~1\Willian\CONFIG~1\Temp\searchqutoolbar-manifest.xml
    Arquivo Removido : C:\DOCUME~1\Willian\CONFIG~1\Temp\SetupDataMngr_Searchqu.exe
    Arquivo Removido : C:\Documents and Settings\All Users\Desktop\Get The Best Facebook Chat Messenger.lnk
    Arquivo Removido : C:\Documents and Settings\Willian\Dados de aplicativos\Mozilla\Firefox\Profiles\uvcjo6m7.default\searchplugins\Search_Results.xml
    Arquivo Removido : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    Pasta Removido : C:\Arquivos de programas\Ask.com
    Pasta Removido : C:\Arquivos de programas\FindLyrics
    Pasta Removido : C:\DOCUME~1\Willian\CONFIG~1\Temp\AskSearch
    Pasta Removido : C:\DOCUME~1\Willian\CONFIG~1\Temp\Iminent
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Ask
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
    Pasta Removido : C:\Documents and Settings\Willian\Configurações locais\Dados de aplicativos\AskToolbar
    Pasta Removido : C:\Documents and Settings\Willian\Configurações locais\Dados de aplicativos\lollipop
    Pasta Removido : C:\Documents and Settings\Willian\Configurações locais\Dados de aplicativos\OpenCandy
    Pasta Removido : C:\Documents and Settings\Willian\Dados de aplicativos\OpenCandy
    Pasta Removido : C:\Documents and Settings\Willian\Dados de aplicativos\searchquband
    Pasta Removido : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registro] *****

    Chave Removida : HKCU\Software\APN
    Chave Removida : HKCU\Software\Ask.com
    Chave Removida : HKCU\Software\AskToolbar
    Chave Removida : HKCU\Software\DataMngr
    Chave Removida : HKCU\Software\InstallCore
    Chave Removida : HKCU\Software\lollipop
    Chave Removida : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{398C01F1-E584-46AD-A649-4F78B435DCFE}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{398C01F1-E584-46AD-A649-4F78B435DCFE}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Chave Removida : HKLM\Software\APN
    Chave Removida : HKLM\Software\AskToolbar
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{398C01F1-E584-46AD-A649-4F78B435DCFE}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Removida : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Chave Removida : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Chave Removida : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Chave Removida : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\gnbcopcndefcccgdofjadnafjljgofam
    Chave Removida : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{398C01F1-E584-46AD-A649-4F78B435DCFE}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Navegadores] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registro está limpo.

    -\\ Mozilla Firefox v21.0 (pt-BR)

    Arquivo : C:\Documents and Settings\Willian\Dados de aplicativos\Mozilla\Firefox\Profiles\uvcjo6m7.default\prefs.js

    C:\Documents and Settings\Willian\Dados de aplicativos\Mozilla\Firefox\Profiles\uvcjo6m7.default\user.js ... Removido !

    Removida : user_pref("browser.search.defaultengine", "Ask.com");
    Removida : user_pref("browser.search.defaultenginename", "Search Results");
    Removida : user_pref("browser.search.order.1", "Search Results");
    Removida : user_pref("extensions.asktb.ff-original-keyword-url", "");
    Removida : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");

    *************************

    AdwCleaner[S1].txt - [10523 octets] - [07/06/2013 11:59:54]

    ########## EOF - C:\AdwCleaner[S1].txt - [10584 octets] ##########




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Willian on sex 07/06/2013 at 12:01:57,25
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-854245398-492894223-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6666E3BE-FC04-4EE3-9E4F-C6975D9C7284}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\Willian\appdata\locallow\datamngr"



    ~~~ FireFox

    Emptied folder: C:\Documents and Settings\Willian\Dados de aplicativos\mozilla\firefox\profiles\uvcjo6m7.default\minidumps [4 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on sex 07/06/2013 at 12:04:33,43
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ComboFix 13-06-07.02 - Willian 07/06/2013 12:08:29.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3318.2822 [GMT -3]
    Executando de: c:\documents and settings\Willian\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Criado um novo ponto de restauração
    .
    ADS - system32: deleted 2 bytes in 1 streams.
    ADS - drivers: deleted 224 bytes in 2 streams.
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\Config.ini
    c:\windows\system32\muzapp.exe
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-05-07 to 2013-06-07 ))))))))))))))))))))))))))))
    .
    .
    2013-06-07 15:05 . 2013-06-07 15:05 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
    2013-06-07 15:01 . 2013-06-07 15:01 -------- d-----w- c:\windows\ERUNT
    2013-06-07 15:01 . 2013-06-07 15:01 -------- d-----w- C:\JRT
    2013-06-07 14:44 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2013-06-07 14:44 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2013-06-07 14:44 . 2008-04-13 14:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2013-06-07 14:44 . 2008-04-13 14:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2013-05-27 21:45 . 2013-06-04 13:30 -------- d-----w- c:\arquivos de programas\LyricsFinder
    2013-05-19 16:31 . 2013-05-19 16:31 -------- d--h--w- c:\windows\system32\GroupPolicy
    2013-05-11 00:01 . 2013-05-30 22:19 -------- d-----w- c:\documents and settings\Willian\Dados de aplicativos\Skype
    2013-05-11 00:01 . 2013-05-11 00:01 -------- d-----r- c:\arquivos de programas\Skype
    2013-05-11 00:01 . 2013-05-11 00:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
    2013-05-11 00:00 . 2013-05-11 00:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
    2013-05-10 23:38 . 2013-05-10 23:38 -------- d-----w- c:\arquivos de programas\Baidu Security
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-07 15:08 . 2013-04-21 14:47 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
    2013-05-27 23:34 . 2012-05-19 13:31 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-27 23:34 . 2011-06-16 16:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KiesPreload"="c:\arquivos de programas\Samsung\Kies\Kies.exe" [2012-10-11 966072]
    "KiesAirMessage"="c:\arquivos de programas\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-03 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2012-03-06 296056]
    "KiesTrayAgent"="c:\arquivos de programas\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
    "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    c:\documents and settings\Willian\Menu Iniciar\Programas\Inicializar\
    Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GbPlugin\gbiehuni.dll" [2013-02-18 1364304]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
    2013-02-18 13:57 1364304 ----a-w- c:\arquivos de programas\GbPlugin\gbiehuni.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 21:36 30040 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2008-11-11 11:06 33521664 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-11-12 13:04 173592 ----a-r- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-11-12 13:05 141336 ----a-r- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-11-12 13:05 141336 ----a-r- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-07-03 18:32 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-03-06 03:20 296056 ----a-w- c:\arquivos de programas\Real\RealPlayer\Update\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
    .
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [10/4/2013 20:26 47696]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/3/2011 21:44 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14/3/2011 21:44 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/3/2011 21:44 21256]
    R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [10/4/2013 20:26 414544]
    R2 NAUpdate;@c:\arquivos de programas\Nero\Update\NASvc.exe,-200;c:\arquivos de programas\Nero\Update\NASvc.exe [4/5/2010 12:07 503080]
    R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [21/4/2013 11:47 31088]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [14/3/2011 21:57 878976]
    S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [28/2/2013 18:45 161384]
    S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [21/4/2013 11:47 31088]
    S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]
    S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]
    S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]
    S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]
    S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]
    S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]
    S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]
    S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]
    S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]
    S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [21/10/2012 16:21 51872]
    S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [11/11/2012 16:36 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [11/11/2012 16:36 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [11/11/2012 16:36 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [11/11/2012 16:36 114280]
    S3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\drivers\ZTEusbdvbh.sys [21/10/2012 16:21 105216]
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 23:34]
    .
    2013-06-07 c:\windows\Tasks\avast! Emergency Update.job
    - c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-10 22:50]
    .
    2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-07-03 18:32]
    .
    2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-07-03 18:32]
    .
    2013-06-07 c:\windows\Tasks\Lyrics Finder Update.job
    - c:\arquivos de programas\LyricsFinder\LyricsFinderUpdater.exe [2013-06-03 16:35]
    .
    2013-06-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-492894223-839522115-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-01-30 20:45]
    .
    2013-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-492894223-839522115-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-01-30 20:45]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = [Você precisa estar registrado e conectado para ver este link.]
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    Trusted Zone: itau.com.br\bankline
    Trusted Zone: itau.com.br\guardiao
    Trusted Zone: itau.com.br\www
    TCP: DhcpNameServer = 187.123.79.52 187.123.79.56 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Willian\Dados de aplicativos\Mozilla\Firefox\Profiles\uvcjo6m7.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - [Você precisa estar registrado e conectado para ver este link.]
    FF - ExtSQL: 2013-06-04 10:30; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\LyricsFinder\FF
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    AddRemove-FX - Video Converter - c:\arquiv~1\FOXTAB~1\Uninstall\Uninstall.exe
    AddRemove-01_Simmental - c:\arquivos de programas\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\arquivos de programas\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\arquivos de programas\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\arquivos de programas\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-07_Schorl - c:\arquivos de programas\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-09_Hsp - c:\arquivos de programas\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\arquivos de programas\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\arquivos de programas\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\arquivos de programas\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\arquivos de programas\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\arquivos de programas\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Você precisa estar registrado e conectado para ver este link.]
    Rootkit scan 2013-06-07 12:12
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializáveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
    .
    - - - - - - - > 'winlogon.exe'(960)
    c:\arquivos de programas\GbPlugin\gbiehuni.dll
    .
    Tempo para conclusão: 2013-06-07 12:13:45
    ComboFix-quarantined-files.txt 2013-06-07 15:13
    .
    Pré-execução: 14 pasta(s) 142.993.641.472 bytes disponíveis
    Pós execução: 17 pasta(s) 144.034.603.008 bytes disponíveis
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 9EB0D7C3B13AE41A17AC242FB505624F
    239FC8B1C26D5286165A956F5A98D8D7
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 617
    Data de inscrição : 14/08/2012
    Idade : 64
    Localização : Rio de Janeiro

    Re: Maquina infectada, log para analise.

    Mensagem por joram em Sex Jun 07, 2013 12:20 pm

    Boa Tarde! Edvan

    |- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.
    |- Salve-o,no desktop,com o nome: CFScript << Texto!

    KillAll::
    Firefox::
    FF - ExtSQL: 2013-06-04 10:30; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\LyricsFinder\FF

    File::
    c:\windows\Tasks\Lyrics Finder Update.job
    c:\arquivos de programas\LyricsFinder\LyricsFinderUpdater.exe

    Folder::
    c:\arquivos de programas\Baidu Security
    c:\arquivos de programas\LyricsFinder

    ClearJavaCache::

    Quit::
    |- Ps: Desabilite,temporariamente,seu antivírus.
    |- Ps: Não utilizem este script em outra máquina!
    |- Arraste,o CFScript.txt para o ícone/interior do ComboFix.
    |- Veja a demonstração!

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
    |- Ps: Faça o arraste,até surgir essa solicitação! ( janela )
    |- Caso apareça alguma mensagem para atualizar a ferramenta,clique Sim!
    |- Concluindo,poste: C:\ComboFix.txt <<

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

    [MD5.95E9245CCD99A09098CAF376152532B9] [APT] [Lyrics Finder Update] (.Lyrics Finder.) -- C:\Arquivos de programas\LyricsFinder\LyricsFinderUpdater.exe [118272]
    O43 - CFD: 10/5/2013 - 20:38:28 - [0] ----D C:\Arquivos de programas\Baidu Security
    O43 - CFD: 10/5/2013 - 20:13:13 - [0,003] ----D C:\Documents and Settings\Willian\Menu Iniciar\Programas\Hao123

    C:\Arquivos de programas\LyricsFinder
    C:\Arquivos de programas\Baidu Security
    C:\Documents and Settings\Willian\Menu Iniciar\Programas\Hao123

    [HKCU\Software\Baidu Security]

    proxyfix
    emptytemp
    emptyclsid
    emptyflash
    firewallraz
    sysrestore
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Maquina infectada, log para analise.

    Mensagem por Edvan em Sex Jun 07, 2013 2:55 pm

    ComboFix 13-06-07.03 - Willian 07/06/2013 15:43:51.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3318.2643 [GMT -3]
    Executando de: c:\documents and settings\Willian\Desktop\ComboFix.exe
    Comandos utilizados :: c:\documents and settings\Willian\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    FILE ::
    "c:\arquivos de programas\LyricsFinder\LyricsFinderUpdater.exe"
    "c:\windows\Tasks\Lyrics Finder Update.job"
    .
    ADS - drivers: deleted 212 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\arquivos de programas\Baidu Security
    c:\arquivos de programas\LyricsFinder
    c:\arquivos de programas\LyricsFinder\chrome.crx
    c:\arquivos de programas\LyricsFinder\chrome.manifest
    c:\arquivos de programas\LyricsFinder\FF\chrome.manifest
    c:\arquivos de programas\LyricsFinder\FF\chrome\content\icon.png
    c:\arquivos de programas\LyricsFinder\FF\chrome\content\main.js
    c:\arquivos de programas\LyricsFinder\FF\chrome\content\overlay.xul
    c:\arquivos de programas\LyricsFinder\FF\install.rdf
    c:\arquivos de programas\LyricsFinder\lfinder.dll
    c:\arquivos de programas\LyricsFinder\LyricsFinderUpdater.exe
    c:\arquivos de programas\LyricsFinder\Uninstall.exe
    c:\windows\Tasks\Lyrics Finder Update.job
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-05-07 to 2013-06-07 ))))))))))))))))))))))))))))
    .
    .
    2013-06-07 16:21 . 2013-06-07 16:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
    2013-06-07 16:21 . 2013-06-07 16:21 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-06-07 16:21 . 2013-06-07 16:21 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-06-07 16:21 . 2013-06-07 16:21 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-07 16:21 . 2013-06-07 16:21 -------- d-----w- c:\arquivos de programas\Java
    2013-06-07 15:33 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
    2013-06-07 15:33 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
    2013-06-07 15:23 . 2013-06-07 15:23 512 ----a-w- C:\PhysicalDisk0_MBR.bin
    2013-06-07 15:22 . 2013-06-07 15:23 -------- d-----w- C:\ZHP
    2013-06-07 15:21 . 2013-06-07 15:23 -------- d-----w- c:\arquivos de programas\ZHPDiag
    2013-06-07 15:01 . 2013-06-07 15:01 -------- d-----w- c:\windows\ERUNT
    2013-06-07 15:01 . 2013-06-07 15:01 -------- d-----w- C:\JRT
    2013-06-07 14:44 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2013-06-07 14:44 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2013-06-07 14:44 . 2008-04-13 14:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2013-06-07 14:44 . 2008-04-13 14:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2013-05-19 16:31 . 2013-05-19 16:31 -------- d--h--w- c:\windows\system32\GroupPolicy
    2013-05-11 00:01 . 2013-05-30 22:19 -------- d-----w- c:\documents and settings\Willian\Dados de aplicativos\Skype
    2013-05-11 00:01 . 2013-05-11 00:01 -------- d-----r- c:\arquivos de programas\Skype
    2013-05-11 00:01 . 2013-05-11 00:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
    2013-05-11 00:00 . 2013-05-11 00:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-07 18:49 . 2013-04-21 14:47 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
    2013-06-07 16:21 . 2012-03-25 00:25 788896 ----a-w- c:\windows\system32\deployJava1.dll
    2013-05-27 23:34 . 2012-05-19 13:31 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-27 23:34 . 2011-06-16 16:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-04-16 22:26 . 2004-08-04 03:45 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-04-16 22:26 . 2004-08-04 03:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-04-16 22:26 . 2004-08-04 03:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-04-12 23:30 . 2004-08-04 03:37 385024 ----a-w- c:\windows\system32\html.iec
    2013-04-12 14:01 . 2004-08-04 03:38 1876480 ----a-w- c:\windows\system32\win32k.sys
    2013-04-04 17:50 . 2012-05-10 17:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KiesPreload"="c:\arquivos de programas\Samsung\Kies\Kies.exe" [2012-10-11 966072]
    "KiesAirMessage"="c:\arquivos de programas\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-03 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2012-03-06 296056]
    "KiesTrayAgent"="c:\arquivos de programas\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
    "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    c:\documents and settings\Willian\Menu Iniciar\Programas\Inicializar\
    Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GbPlugin\gbiehuni.dll" [2013-02-18 1364304]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
    2013-02-18 13:57 1364304 ----a-w- c:\arquivos de programas\GbPlugin\gbiehuni.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 21:36 30040 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2008-11-11 11:06 33521664 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-11-12 13:04 173592 ----a-r- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-11-12 13:05 141336 ----a-r- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-11-12 13:05 141336 ----a-r- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-07-03 18:32 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-03-06 03:20 296056 ----a-w- c:\arquivos de programas\Real\RealPlayer\Update\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
    .
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [10/4/2013 20:26 47696]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/3/2011 21:44 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14/3/2011 21:44 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/3/2011 21:44 21256]
    R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [10/4/2013 20:26 414544]
    R2 NAUpdate;@c:\arquivos de programas\Nero\Update\NASvc.exe,-200;c:\arquivos de programas\Nero\Update\NASvc.exe [4/5/2010 12:07 503080]
    R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [21/4/2013 11:47 31088]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [14/3/2011 21:57 878976]
    S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [28/2/2013 18:45 161384]
    S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [21/4/2013 11:47 31088]
    S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]
    S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]
    S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]
    S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]
    S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]
    S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]
    S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]
    S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]
    S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]
    S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [21/10/2012 16:21 51872]
    S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [11/11/2012 16:36 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [11/11/2012 16:36 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [11/11/2012 16:36 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [11/11/2012 16:36 114280]
    S3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\drivers\ZTEusbdvbh.sys [21/10/2012 16:21 105216]
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 23:34]
    .
    2013-06-07 c:\windows\Tasks\avast! Emergency Update.job
    - c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-10 22:50]
    .
    2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-07-03 18:32]
    .
    2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-07-03 18:32]
    .
    2013-06-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-492894223-839522115-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-01-30 20:45]
    .
    2013-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-492894223-839522115-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-01-30 20:45]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = [Você precisa estar registrado e conectado para ver este link.]
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    Trusted Zone: itau.com.br\bankline
    Trusted Zone: itau.com.br\guardiao
    Trusted Zone: itau.com.br\www
    TCP: DhcpNameServer = 187.123.79.52 187.123.79.56 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Willian\Dados de aplicativos\Mozilla\Firefox\Profiles\uvcjo6m7.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - ExtSQL: 2013-06-04 10:30; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\LyricsFinder\FF
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    [Você precisa estar registrado e conectado para ver este link.] - c:\arquivos de programas\LyricsFinder\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Você precisa estar registrado e conectado para ver este link.]
    Rootkit scan 2013-06-07 15:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializáveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
    .
    - - - - - - - > 'winlogon.exe'(968)
    c:\arquivos de programas\GbPlugin\gbiehuni.dll
    .
    - - - - - - - > 'explorer.exe'(1644)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\arquivos de programas\GbPlugin\gbiehuni.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\arquivos de programas\AVAST Software\Avast\AvastSvc.exe
    c:\windows\System32\SCardSvr.exe
    c:\arquivos de programas\Java\jre7\bin\jqs.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2013-06-07 15:53:32 - Máquina reiniciou
    ComboFix-quarantined-files.txt 2013-06-07 18:53
    .
    Pré-execução: 16 pasta(s) 142.357.426.176 bytes disponíveis
    Pós execução: 17 pasta(s) 142.302.953.472 bytes disponíveis
    .
    - - End Of File - - F8F6417C104CF8D3E52C3D01ED49D8F6
    239FC8B1C26D5286165A956F5A98D8D7





    Rapport de ZHPFix 2013.6.4.1 par Nicolas Coolman, Update du 04/06/2013
    Fichier d'export Registre :
    Run by Willian at 7/6/2013 15:56:07
    High Elevated Privileges : OK
    Windows XP Professional Service Pack 3 (Build 2600)

    Recycle Files Deleted

    ========== Registry Key ==========
    DELETED Key: HKCU\Software\Baidu Security

    ========== Registry Value ==========
    ProxyFix : Proxy killed successfully
    DELETED ProxyServer Value
    DELETED ProxyEnable Value
    DELETED EnableHttp1_1 Value
    DELETED ProxyHttp1.1 Value
    DELETED ProxyOverride Value
    DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
    DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
    No Value in Firewall Exception Register Key (FirewallRaz)

    ========== Repertory ==========
    No Empty CLSID Directories
    DELETED Flash Cookies

    ========== File ==========
    NOT FOUND Folder/File: c:\arquivos de programas\lyricsfinder\lyricsfinderupdater.exe
    NOT FOUND Folder/File: c:\arquivos de programas\lyricsfinder
    NOT FOUND Folder/File: c:\arquivos de programas\baidu security
    NOT FOUND Folder/File: c:\documents and settings\willian\menu iniciar\programas\hao123
    DELETED Window Temporary
    DELETED Flash Cookies

    ========== Task ==========
    NOT FOUND Task: Lyrics Finder Update

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    1 : Registry Key
    11 : Registry Value
    2 : Repertory
    6 : File
    1 : Task
    1 : Restoration


    End of clean in 00mn 06s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 7/6/2013 15:56:07 [1666]
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 617
    Data de inscrição : 14/08/2012
    Idade : 64
    Localização : Rio de Janeiro

    Re: Maquina infectada, log para analise.

    Mensagem por joram em Sex Jun 07, 2013 3:09 pm

    Boa Tarde! Edvan

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download.
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute-a!
    |- Com as duas checkbox marcadas!
    |- Clique "Run".
    |- Tudo Ok?

    A+
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Maquina infectada, log para analise.

    Mensagem por Edvan em Sex Jun 07, 2013 3:13 pm

    tudo ok amigo.



    # DelFix v10.2 - Logfile created 07/06/2013 at 16:12:41
    # Updated 02/04/2013 by Xplode
    # Username : Willian - WILLIAN
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\Qoobox
    Deleted : C:\JRT
    Deleted : C:\ZHP
    Deleted : C:\Arquivos de programas\ZHPDiag
    Deleted : C:\ComboFix.txt
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\Documents and Settings\Willian\Desktop\adwcleaner.exe
    Deleted : C:\Documents and Settings\Willian\Desktop\ComboFix.exe
    Deleted : C:\Documents and Settings\Willian\Desktop\JRT.exe
    Deleted : C:\Documents and Settings\Willian\Desktop\ZHPDiag.txt
    Deleted : C:\Documents and Settings\Willian\Desktop\ZHPDiag2.exe
    Deleted : C:\Documents and Settings\Willian\Desktop\ZHPFixReport.txt
    Deleted : C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
    Deleted : C:\WINDOWS\grep.exe
    Deleted : C:\WINDOWS\PEV.exe
    Deleted : C:\WINDOWS\NIRCMD.exe
    Deleted : C:\WINDOWS\MBR.exe
    Deleted : C:\WINDOWS\SED.exe
    Deleted : C:\WINDOWS\SWREG.exe
    Deleted : C:\WINDOWS\SWSC.exe
    Deleted : C:\WINDOWS\SWXCACLS.exe
    Deleted : C:\WINDOWS\Zip.exe
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~ Cleaning system restore ...

    Deleted : RP #280 [Ponto de verificação do sistema | 03/11/2013 23:31:11]
    Deleted : RP #281 [Ponto de verificação do sistema | 03/13/2013 13:45:33]
    Deleted : RP #282 [Ponto de verificação do sistema | 03/14/2013 14:28:25]
    Deleted : RP #283 [Ponto de verificação do sistema | 03/15/2013 23:55:47]
    Deleted : RP #284 [Ponto de verificação do sistema | 03/17/2013 00:40:33]
    Deleted : RP #285 [Ponto de verificação do sistema | 03/18/2013 00:55:51]
    Deleted : RP #286 [Ponto de verificação do sistema | 03/19/2013 14:07:52]
    Deleted : RP #287 [Ponto de verificação do sistema | 03/21/2013 13:55:14]
    Deleted : RP #288 [Ponto de verificação do sistema | 03/22/2013 21:08:21]
    Deleted : RP #289 [Ponto de verificação do sistema | 03/24/2013 11:49:56]
    Deleted : RP #290 [Ponto de verificação do sistema | 03/25/2013 21:45:41]
    Deleted : RP #291 [Ponto de verificação do sistema | 03/28/2013 21:56:53]
    Deleted : RP #292 [Ponto de verificação do sistema | 03/31/2013 15:12:41]
    Deleted : RP #293 [Ponto de verificação do sistema | 04/07/2013 14:14:48]
    Deleted : RP #294 [Ponto de verificação do sistema | 04/09/2013 00:09:09]
    Deleted : RP #295 [Ponto de verificação do sistema | 04/10/2013 00:33:53]
    Deleted : RP #296 [Ponto de verificação do sistema | 04/11/2013 16:32:48]
    Deleted : RP #297 [Ponto de verificação do sistema | 04/14/2013 21:38:51]
    Deleted : RP #298 [Ponto de verificação do sistema | 04/21/2013 16:25:20]
    Deleted : RP #299 [Ponto de verificação do sistema | 04/22/2013 20:24:18]
    Deleted : RP #300 [Ponto de verificação do sistema | 04/24/2013 00:15:30]
    Deleted : RP #301 [Ponto de verificação do sistema | 04/25/2013 00:31:22]
    Deleted : RP #302 [Ponto de verificação do sistema | 04/28/2013 16:07:41]
    Deleted : RP #303 [Ponto de verificação do sistema | 04/29/2013 23:15:46]
    Deleted : RP #304 [Ponto de verificação do sistema | 05/01/2013 00:34:36]
    Deleted : RP #305 [Ponto de verificação do sistema | 05/02/2013 22:38:02]
    Deleted : RP #306 [Ponto de verificação do sistema | 05/04/2013 11:42:20]
    Deleted : RP #307 [Ponto de verificação do sistema | 05/05/2013 15:03:29]
    Deleted : RP #308 [Ponto de verificação do sistema | 05/06/2013 23:44:47]
    Deleted : RP #309 [Ponto de verificação do sistema | 05/08/2013 00:19:02]
    Deleted : RP #310 [Ponto de verificação do sistema | 05/09/2013 22:28:33]
    Deleted : RP #311 [Ponto de verificação do sistema | 05/10/2013 23:56:41]
    Deleted : RP #312 [Ponto de verificação do sistema | 05/19/2013 14:00:07]
    Deleted : RP #313 [Ponto de verificação do sistema | 05/22/2013 22:44:55]
    Deleted : RP #314 [Ponto de verificação do sistema | 05/25/2013 01:21:33]
    Deleted : RP #315 [Removed Ask Toolbar. | 05/27/2013 21:47:56]
    Deleted : RP #316 [Ponto de verificação do sistema | 05/29/2013 11:55:13]
    Deleted : RP #317 [Ponto de verificação do sistema | 05/30/2013 14:57:48]
    Deleted : RP #318 [Ponto de verificação do sistema | 06/04/2013 21:32:44]
    Deleted : RP #319 [ComboFix created restore point | 06/07/2013 15:06:15]
    Deleted : RP #320 [Software Distribution Service 3.0 | 06/07/2013 15:46:15]
    Deleted : RP #321 [Removed Java(TM) 6 Update 31 | 06/07/2013 16:20:20]
    Deleted : RP #322 [Installed Java 7 Update 21 | 06/07/2013 16:21:01]
    Deleted : RP #323 [P | 06/07/2013 18:56:05]

    New restore point created !

    ########## - EOF - ##########
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 617
    Data de inscrição : 14/08/2012
    Idade : 64
    Localização : Rio de Janeiro

    Re: Maquina infectada, log para analise.

    Mensagem por joram em Sex Jun 07, 2013 3:15 pm

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: Maquina infectada, log para analise.

    Mensagem por Conteúdo patrocinado


      Data/hora atual: Dom Jul 23, 2017 12:37 pm