Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

» Baidu lança buscador no Brasil!
Seg Ago 17, 2015 12:25 pm por joram

» Kaspersky é acusada de inventar vírus!
Sex Ago 14, 2015 3:32 pm por joram

Dezembro 2016

SegTerQuaQuiSexSabDom
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Maquina infectada, log para analise.

    Compartilhe

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Maquina infectada, log para analise.

    Mensagem por Edvan em Sex Jun 07, 2013 11:17 am

    Passei essas ferramentas e gerei o log agora [Você precisa estar registrado e conectado para ver este link.]



    # AdwCleaner v2.302 - Relatório criado em 07/06/2013 às 11:59:54
    # Atualizado em 06/06/2013 por Xplode
    # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
    # Usuário : Willian - WILLIAN
    # Modo de Boot : Normal
    # Executado de : C:\Documents and Settings\Willian\Desktop\adwcleaner.exe
    # Opção [Remover]


    ***** [Serviços] *****


    ***** [Arquivos/Pastas] *****

    Arquivo Removido : C:\Arquivos de programas\Mozilla FireFox\searchplugins\Search_Results.xml
    Arquivo Removido : C:\DOCUME~1\Willian\CONFIG~1\Temp\Searchqu.ini
    Arquivo Removido : C:\DOCUME~1\Willian\CONFIG~1\Temp\searchqutoolbar-manifest.xml
    Arquivo Removido : C:\DOCUME~1\Willian\CONFIG~1\Temp\SetupDataMngr_Searchqu.exe
    Arquivo Removido : C:\Documents and Settings\All Users\Desktop\Get The Best Facebook Chat Messenger.lnk
    Arquivo Removido : C:\Documents and Settings\Willian\Dados de aplicativos\Mozilla\Firefox\Profiles\uvcjo6m7.default\searchplugins\Search_Results.xml
    Arquivo Removido : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    Pasta Removido : C:\Arquivos de programas\Ask.com
    Pasta Removido : C:\Arquivos de programas\FindLyrics
    Pasta Removido : C:\DOCUME~1\Willian\CONFIG~1\Temp\AskSearch
    Pasta Removido : C:\DOCUME~1\Willian\CONFIG~1\Temp\Iminent
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Ask
    Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
    Pasta Removido : C:\Documents and Settings\Willian\Configurações locais\Dados de aplicativos\AskToolbar
    Pasta Removido : C:\Documents and Settings\Willian\Configurações locais\Dados de aplicativos\lollipop
    Pasta Removido : C:\Documents and Settings\Willian\Configurações locais\Dados de aplicativos\OpenCandy
    Pasta Removido : C:\Documents and Settings\Willian\Dados de aplicativos\OpenCandy
    Pasta Removido : C:\Documents and Settings\Willian\Dados de aplicativos\searchquband
    Pasta Removido : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registro] *****

    Chave Removida : HKCU\Software\APN
    Chave Removida : HKCU\Software\Ask.com
    Chave Removida : HKCU\Software\AskToolbar
    Chave Removida : HKCU\Software\DataMngr
    Chave Removida : HKCU\Software\InstallCore
    Chave Removida : HKCU\Software\lollipop
    Chave Removida : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{398C01F1-E584-46AD-A649-4F78B435DCFE}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{398C01F1-E584-46AD-A649-4F78B435DCFE}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Chave Removida : HKLM\Software\APN
    Chave Removida : HKLM\Software\AskToolbar
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{398C01F1-E584-46AD-A649-4F78B435DCFE}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Removida : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Chave Removida : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Chave Removida : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Chave Removida : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Chave Removida : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\gnbcopcndefcccgdofjadnafjljgofam
    Chave Removida : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{398C01F1-E584-46AD-A649-4F78B435DCFE}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
    Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Navegadores] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registro está limpo.

    -\\ Mozilla Firefox v21.0 (pt-BR)

    Arquivo : C:\Documents and Settings\Willian\Dados de aplicativos\Mozilla\Firefox\Profiles\uvcjo6m7.default\prefs.js

    C:\Documents and Settings\Willian\Dados de aplicativos\Mozilla\Firefox\Profiles\uvcjo6m7.default\user.js ... Removido !

    Removida : user_pref("browser.search.defaultengine", "Ask.com");
    Removida : user_pref("browser.search.defaultenginename", "Search Results");
    Removida : user_pref("browser.search.order.1", "Search Results");
    Removida : user_pref("extensions.asktb.ff-original-keyword-url", "");
    Removida : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");

    *************************

    AdwCleaner[S1].txt - [10523 octets] - [07/06/2013 11:59:54]

    ########## EOF - C:\AdwCleaner[S1].txt - [10584 octets] ##########




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Willian on sex 07/06/2013 at 12:01:57,25
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-854245398-492894223-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6666E3BE-FC04-4EE3-9E4F-C6975D9C7284}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\Willian\appdata\locallow\datamngr"



    ~~~ FireFox

    Emptied folder: C:\Documents and Settings\Willian\Dados de aplicativos\mozilla\firefox\profiles\uvcjo6m7.default\minidumps [4 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on sex 07/06/2013 at 12:04:33,43
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ComboFix 13-06-07.02 - Willian 07/06/2013 12:08:29.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3318.2822 [GMT -3]
    Executando de: c:\documents and settings\Willian\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Criado um novo ponto de restauração
    .
    ADS - system32: deleted 2 bytes in 1 streams.
    ADS - drivers: deleted 224 bytes in 2 streams.
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\Config.ini
    c:\windows\system32\muzapp.exe
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-05-07 to 2013-06-07 ))))))))))))))))))))))))))))
    .
    .
    2013-06-07 15:05 . 2013-06-07 15:05 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
    2013-06-07 15:01 . 2013-06-07 15:01 -------- d-----w- c:\windows\ERUNT
    2013-06-07 15:01 . 2013-06-07 15:01 -------- d-----w- C:\JRT
    2013-06-07 14:44 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2013-06-07 14:44 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2013-06-07 14:44 . 2008-04-13 14:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2013-06-07 14:44 . 2008-04-13 14:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2013-05-27 21:45 . 2013-06-04 13:30 -------- d-----w- c:\arquivos de programas\LyricsFinder
    2013-05-19 16:31 . 2013-05-19 16:31 -------- d--h--w- c:\windows\system32\GroupPolicy
    2013-05-11 00:01 . 2013-05-30 22:19 -------- d-----w- c:\documents and settings\Willian\Dados de aplicativos\Skype
    2013-05-11 00:01 . 2013-05-11 00:01 -------- d-----r- c:\arquivos de programas\Skype
    2013-05-11 00:01 . 2013-05-11 00:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
    2013-05-11 00:00 . 2013-05-11 00:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
    2013-05-10 23:38 . 2013-05-10 23:38 -------- d-----w- c:\arquivos de programas\Baidu Security
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-07 15:08 . 2013-04-21 14:47 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
    2013-05-27 23:34 . 2012-05-19 13:31 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-27 23:34 . 2011-06-16 16:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KiesPreload"="c:\arquivos de programas\Samsung\Kies\Kies.exe" [2012-10-11 966072]
    "KiesAirMessage"="c:\arquivos de programas\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-03 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2012-03-06 296056]
    "KiesTrayAgent"="c:\arquivos de programas\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
    "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    c:\documents and settings\Willian\Menu Iniciar\Programas\Inicializar\
    Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GbPlugin\gbiehuni.dll" [2013-02-18 1364304]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
    2013-02-18 13:57 1364304 ----a-w- c:\arquivos de programas\GbPlugin\gbiehuni.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 21:36 30040 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2008-11-11 11:06 33521664 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-11-12 13:04 173592 ----a-r- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-11-12 13:05 141336 ----a-r- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-11-12 13:05 141336 ----a-r- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-07-03 18:32 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-03-06 03:20 296056 ----a-w- c:\arquivos de programas\Real\RealPlayer\Update\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
    .
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [10/4/2013 20:26 47696]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/3/2011 21:44 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14/3/2011 21:44 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/3/2011 21:44 21256]
    R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [10/4/2013 20:26 414544]
    R2 NAUpdate;@c:\arquivos de programas\Nero\Update\NASvc.exe,-200;c:\arquivos de programas\Nero\Update\NASvc.exe [4/5/2010 12:07 503080]
    R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [21/4/2013 11:47 31088]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [14/3/2011 21:57 878976]
    S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [28/2/2013 18:45 161384]
    S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [21/4/2013 11:47 31088]
    S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]
    S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]
    S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]
    S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]
    S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]
    S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]
    S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]
    S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]
    S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]
    S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [21/10/2012 16:21 51872]
    S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [11/11/2012 16:36 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [11/11/2012 16:36 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [11/11/2012 16:36 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [11/11/2012 16:36 114280]
    S3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\drivers\ZTEusbdvbh.sys [21/10/2012 16:21 105216]
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 23:34]
    .
    2013-06-07 c:\windows\Tasks\avast! Emergency Update.job
    - c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-10 22:50]
    .
    2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-07-03 18:32]
    .
    2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-07-03 18:32]
    .
    2013-06-07 c:\windows\Tasks\Lyrics Finder Update.job
    - c:\arquivos de programas\LyricsFinder\LyricsFinderUpdater.exe [2013-06-03 16:35]
    .
    2013-06-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-492894223-839522115-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-01-30 20:45]
    .
    2013-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-492894223-839522115-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-01-30 20:45]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = [Você precisa estar registrado e conectado para ver este link.]
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    Trusted Zone: itau.com.br\bankline
    Trusted Zone: itau.com.br\guardiao
    Trusted Zone: itau.com.br\www
    TCP: DhcpNameServer = 187.123.79.52 187.123.79.56 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Willian\Dados de aplicativos\Mozilla\Firefox\Profiles\uvcjo6m7.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - [Você precisa estar registrado e conectado para ver este link.]
    FF - ExtSQL: 2013-06-04 10:30; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\LyricsFinder\FF
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    AddRemove-FX - Video Converter - c:\arquiv~1\FOXTAB~1\Uninstall\Uninstall.exe
    AddRemove-01_Simmental - c:\arquivos de programas\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\arquivos de programas\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\arquivos de programas\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\arquivos de programas\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-07_Schorl - c:\arquivos de programas\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-09_Hsp - c:\arquivos de programas\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\arquivos de programas\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\arquivos de programas\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\arquivos de programas\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\arquivos de programas\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\arquivos de programas\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Você precisa estar registrado e conectado para ver este link.]
    Rootkit scan 2013-06-07 12:12
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializáveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
    .
    - - - - - - - > 'winlogon.exe'(960)
    c:\arquivos de programas\GbPlugin\gbiehuni.dll
    .
    Tempo para conclusão: 2013-06-07 12:13:45
    ComboFix-quarantined-files.txt 2013-06-07 15:13
    .
    Pré-execução: 14 pasta(s) 142.993.641.472 bytes disponíveis
    Pós execução: 17 pasta(s) 144.034.603.008 bytes disponíveis
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 9EB0D7C3B13AE41A17AC242FB505624F
    239FC8B1C26D5286165A956F5A98D8D7

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Maquina infectada, log para analise.

    Mensagem por joram em Sex Jun 07, 2013 12:20 pm

    Boa Tarde! Edvan

    |- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.
    |- Salve-o,no desktop,com o nome: CFScript << Texto!

    KillAll::
    Firefox::
    FF - ExtSQL: 2013-06-04 10:30; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\LyricsFinder\FF

    File::
    c:\windows\Tasks\Lyrics Finder Update.job
    c:\arquivos de programas\LyricsFinder\LyricsFinderUpdater.exe

    Folder::
    c:\arquivos de programas\Baidu Security
    c:\arquivos de programas\LyricsFinder

    ClearJavaCache::

    Quit::
    |- Ps: Desabilite,temporariamente,seu antivírus.
    |- Ps: Não utilizem este script em outra máquina!
    |- Arraste,o CFScript.txt para o ícone/interior do ComboFix.
    |- Veja a demonstração!

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
    |- Ps: Faça o arraste,até surgir essa solicitação! ( janela )
    |- Caso apareça alguma mensagem para atualizar a ferramenta,clique Sim!
    |- Concluindo,poste: C:\ComboFix.txt <<

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

    [MD5.95E9245CCD99A09098CAF376152532B9] [APT] [Lyrics Finder Update] (.Lyrics Finder.) -- C:\Arquivos de programas\LyricsFinder\LyricsFinderUpdater.exe [118272]
    O43 - CFD: 10/5/2013 - 20:38:28 - [0] ----D C:\Arquivos de programas\Baidu Security
    O43 - CFD: 10/5/2013 - 20:13:13 - [0,003] ----D C:\Documents and Settings\Willian\Menu Iniciar\Programas\Hao123

    C:\Arquivos de programas\LyricsFinder
    C:\Arquivos de programas\Baidu Security
    C:\Documents and Settings\Willian\Menu Iniciar\Programas\Hao123

    [HKCU\Software\Baidu Security]

    proxyfix
    emptytemp
    emptyclsid
    emptyflash
    firewallraz
    sysrestore
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Maquina infectada, log para analise.

    Mensagem por Edvan em Sex Jun 07, 2013 2:55 pm

    ComboFix 13-06-07.03 - Willian 07/06/2013 15:43:51.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3318.2643 [GMT -3]
    Executando de: c:\documents and settings\Willian\Desktop\ComboFix.exe
    Comandos utilizados :: c:\documents and settings\Willian\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    FILE ::
    "c:\arquivos de programas\LyricsFinder\LyricsFinderUpdater.exe"
    "c:\windows\Tasks\Lyrics Finder Update.job"
    .
    ADS - drivers: deleted 212 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\arquivos de programas\Baidu Security
    c:\arquivos de programas\LyricsFinder
    c:\arquivos de programas\LyricsFinder\chrome.crx
    c:\arquivos de programas\LyricsFinder\chrome.manifest
    c:\arquivos de programas\LyricsFinder\FF\chrome.manifest
    c:\arquivos de programas\LyricsFinder\FF\chrome\content\icon.png
    c:\arquivos de programas\LyricsFinder\FF\chrome\content\main.js
    c:\arquivos de programas\LyricsFinder\FF\chrome\content\overlay.xul
    c:\arquivos de programas\LyricsFinder\FF\install.rdf
    c:\arquivos de programas\LyricsFinder\lfinder.dll
    c:\arquivos de programas\LyricsFinder\LyricsFinderUpdater.exe
    c:\arquivos de programas\LyricsFinder\Uninstall.exe
    c:\windows\Tasks\Lyrics Finder Update.job
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-05-07 to 2013-06-07 ))))))))))))))))))))))))))))
    .
    .
    2013-06-07 16:21 . 2013-06-07 16:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
    2013-06-07 16:21 . 2013-06-07 16:21 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-06-07 16:21 . 2013-06-07 16:21 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-06-07 16:21 . 2013-06-07 16:21 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-07 16:21 . 2013-06-07 16:21 -------- d-----w- c:\arquivos de programas\Java
    2013-06-07 15:33 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
    2013-06-07 15:33 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
    2013-06-07 15:23 . 2013-06-07 15:23 512 ----a-w- C:\PhysicalDisk0_MBR.bin
    2013-06-07 15:22 . 2013-06-07 15:23 -------- d-----w- C:\ZHP
    2013-06-07 15:21 . 2013-06-07 15:23 -------- d-----w- c:\arquivos de programas\ZHPDiag
    2013-06-07 15:01 . 2013-06-07 15:01 -------- d-----w- c:\windows\ERUNT
    2013-06-07 15:01 . 2013-06-07 15:01 -------- d-----w- C:\JRT
    2013-06-07 14:44 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2013-06-07 14:44 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2013-06-07 14:44 . 2008-04-13 14:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2013-06-07 14:44 . 2008-04-13 14:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2013-05-19 16:31 . 2013-05-19 16:31 -------- d--h--w- c:\windows\system32\GroupPolicy
    2013-05-11 00:01 . 2013-05-30 22:19 -------- d-----w- c:\documents and settings\Willian\Dados de aplicativos\Skype
    2013-05-11 00:01 . 2013-05-11 00:01 -------- d-----r- c:\arquivos de programas\Skype
    2013-05-11 00:01 . 2013-05-11 00:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
    2013-05-11 00:00 . 2013-05-11 00:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-07 18:49 . 2013-04-21 14:47 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
    2013-06-07 16:21 . 2012-03-25 00:25 788896 ----a-w- c:\windows\system32\deployJava1.dll
    2013-05-27 23:34 . 2012-05-19 13:31 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-27 23:34 . 2011-06-16 16:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-04-16 22:26 . 2004-08-04 03:45 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-04-16 22:26 . 2004-08-04 03:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-04-16 22:26 . 2004-08-04 03:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-04-12 23:30 . 2004-08-04 03:37 385024 ----a-w- c:\windows\system32\html.iec
    2013-04-12 14:01 . 2004-08-04 03:38 1876480 ----a-w- c:\windows\system32\win32k.sys
    2013-04-04 17:50 . 2012-05-10 17:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KiesPreload"="c:\arquivos de programas\Samsung\Kies\Kies.exe" [2012-10-11 966072]
    "KiesAirMessage"="c:\arquivos de programas\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
    "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-03 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2012-03-06 296056]
    "KiesTrayAgent"="c:\arquivos de programas\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
    "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    c:\documents and settings\Willian\Menu Iniciar\Programas\Inicializar\
    Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GbPlugin\gbiehuni.dll" [2013-02-18 1364304]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
    2013-02-18 13:57 1364304 ----a-w- c:\arquivos de programas\GbPlugin\gbiehuni.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 21:36 30040 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2008-11-11 11:06 33521664 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-11-12 13:04 173592 ----a-r- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-11-12 13:05 141336 ----a-r- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-11-12 13:05 141336 ----a-r- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-07-03 18:32 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-03-06 03:20 296056 ----a-w- c:\arquivos de programas\Real\RealPlayer\Update\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
    .
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [10/4/2013 20:26 47696]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/3/2011 21:44 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14/3/2011 21:44 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/3/2011 21:44 21256]
    R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [10/4/2013 20:26 414544]
    R2 NAUpdate;@c:\arquivos de programas\Nero\Update\NASvc.exe,-200;c:\arquivos de programas\Nero\Update\NASvc.exe [4/5/2010 12:07 503080]
    R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [21/4/2013 11:47 31088]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [14/3/2011 21:57 878976]
    S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [28/2/2013 18:45 161384]
    S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [21/4/2013 11:47 31088]
    S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]
    S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]
    S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]
    S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]
    S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]
    S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]
    S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]
    S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]
    S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]
    S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [21/10/2012 16:21 51872]
    S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [11/11/2012 16:36 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [11/11/2012 16:36 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [11/11/2012 16:36 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [11/11/2012 16:36 114280]
    S3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\drivers\ZTEusbdvbh.sys [21/10/2012 16:21 105216]
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 23:34]
    .
    2013-06-07 c:\windows\Tasks\avast! Emergency Update.job
    - c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-10 22:50]
    .
    2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-07-03 18:32]
    .
    2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-07-03 18:32]
    .
    2013-06-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-492894223-839522115-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-01-30 20:45]
    .
    2013-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-492894223-839522115-1003.job
    - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-01-30 20:45]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = [Você precisa estar registrado e conectado para ver este link.]
    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    Trusted Zone: itau.com.br\bankline
    Trusted Zone: itau.com.br\guardiao
    Trusted Zone: itau.com.br\www
    TCP: DhcpNameServer = 187.123.79.52 187.123.79.56 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Willian\Dados de aplicativos\Mozilla\Firefox\Profiles\uvcjo6m7.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - ExtSQL: 2013-06-04 10:30; [Você precisa estar registrado e conectado para ver este link.]; c:\arquivos de programas\LyricsFinder\FF
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    [Você precisa estar registrado e conectado para ver este link.] - c:\arquivos de programas\LyricsFinder\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Você precisa estar registrado e conectado para ver este link.]
    Rootkit scan 2013-06-07 15:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Procurando processos ocultos ...
    .
    Procurando entradas auto inicializáveis ocultas ...
    .
    Procurando ficheiros/arquivos ocultos ...
    .
    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0
    .
    **************************************************************************
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
    .
    - - - - - - - > 'winlogon.exe'(968)
    c:\arquivos de programas\GbPlugin\gbiehuni.dll
    .
    - - - - - - - > 'explorer.exe'(1644)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\arquivos de programas\GbPlugin\gbiehuni.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\arquivos de programas\AVAST Software\Avast\AvastSvc.exe
    c:\windows\System32\SCardSvr.exe
    c:\arquivos de programas\Java\jre7\bin\jqs.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2013-06-07 15:53:32 - Máquina reiniciou
    ComboFix-quarantined-files.txt 2013-06-07 18:53
    .
    Pré-execução: 16 pasta(s) 142.357.426.176 bytes disponíveis
    Pós execução: 17 pasta(s) 142.302.953.472 bytes disponíveis
    .
    - - End Of File - - F8F6417C104CF8D3E52C3D01ED49D8F6
    239FC8B1C26D5286165A956F5A98D8D7





    Rapport de ZHPFix 2013.6.4.1 par Nicolas Coolman, Update du 04/06/2013
    Fichier d'export Registre :
    Run by Willian at 7/6/2013 15:56:07
    High Elevated Privileges : OK
    Windows XP Professional Service Pack 3 (Build 2600)

    Recycle Files Deleted

    ========== Registry Key ==========
    DELETED Key: HKCU\Software\Baidu Security

    ========== Registry Value ==========
    ProxyFix : Proxy killed successfully
    DELETED ProxyServer Value
    DELETED ProxyEnable Value
    DELETED EnableHttp1_1 Value
    DELETED ProxyHttp1.1 Value
    DELETED ProxyOverride Value
    DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
    DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
    DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
    No Value in Firewall Exception Register Key (FirewallRaz)

    ========== Repertory ==========
    No Empty CLSID Directories
    DELETED Flash Cookies

    ========== File ==========
    NOT FOUND Folder/File: c:\arquivos de programas\lyricsfinder\lyricsfinderupdater.exe
    NOT FOUND Folder/File: c:\arquivos de programas\lyricsfinder
    NOT FOUND Folder/File: c:\arquivos de programas\baidu security
    NOT FOUND Folder/File: c:\documents and settings\willian\menu iniciar\programas\hao123
    DELETED Window Temporary
    DELETED Flash Cookies

    ========== Task ==========
    NOT FOUND Task: Lyrics Finder Update

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    1 : Registry Key
    11 : Registry Value
    2 : Repertory
    6 : File
    1 : Task
    1 : Restoration


    End of clean in 00mn 06s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 7/6/2013 15:56:07 [1666]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Maquina infectada, log para analise.

    Mensagem por joram em Sex Jun 07, 2013 3:09 pm

    Boa Tarde! Edvan

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download.
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver este link.]

    |- Execute-a!
    |- Com as duas checkbox marcadas!
    |- Clique "Run".
    |- Tudo Ok?

    A+

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Maquina infectada, log para analise.

    Mensagem por Edvan em Sex Jun 07, 2013 3:13 pm

    tudo ok amigo.



    # DelFix v10.2 - Logfile created 07/06/2013 at 16:12:41
    # Updated 02/04/2013 by Xplode
    # Username : Willian - WILLIAN
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\Qoobox
    Deleted : C:\JRT
    Deleted : C:\ZHP
    Deleted : C:\Arquivos de programas\ZHPDiag
    Deleted : C:\ComboFix.txt
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\Documents and Settings\Willian\Desktop\adwcleaner.exe
    Deleted : C:\Documents and Settings\Willian\Desktop\ComboFix.exe
    Deleted : C:\Documents and Settings\Willian\Desktop\JRT.exe
    Deleted : C:\Documents and Settings\Willian\Desktop\ZHPDiag.txt
    Deleted : C:\Documents and Settings\Willian\Desktop\ZHPDiag2.exe
    Deleted : C:\Documents and Settings\Willian\Desktop\ZHPFixReport.txt
    Deleted : C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
    Deleted : C:\WINDOWS\grep.exe
    Deleted : C:\WINDOWS\PEV.exe
    Deleted : C:\WINDOWS\NIRCMD.exe
    Deleted : C:\WINDOWS\MBR.exe
    Deleted : C:\WINDOWS\SED.exe
    Deleted : C:\WINDOWS\SWREG.exe
    Deleted : C:\WINDOWS\SWSC.exe
    Deleted : C:\WINDOWS\SWXCACLS.exe
    Deleted : C:\WINDOWS\Zip.exe
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~ Cleaning system restore ...

    Deleted : RP #280 [Ponto de verificação do sistema | 03/11/2013 23:31:11]
    Deleted : RP #281 [Ponto de verificação do sistema | 03/13/2013 13:45:33]
    Deleted : RP #282 [Ponto de verificação do sistema | 03/14/2013 14:28:25]
    Deleted : RP #283 [Ponto de verificação do sistema | 03/15/2013 23:55:47]
    Deleted : RP #284 [Ponto de verificação do sistema | 03/17/2013 00:40:33]
    Deleted : RP #285 [Ponto de verificação do sistema | 03/18/2013 00:55:51]
    Deleted : RP #286 [Ponto de verificação do sistema | 03/19/2013 14:07:52]
    Deleted : RP #287 [Ponto de verificação do sistema | 03/21/2013 13:55:14]
    Deleted : RP #288 [Ponto de verificação do sistema | 03/22/2013 21:08:21]
    Deleted : RP #289 [Ponto de verificação do sistema | 03/24/2013 11:49:56]
    Deleted : RP #290 [Ponto de verificação do sistema | 03/25/2013 21:45:41]
    Deleted : RP #291 [Ponto de verificação do sistema | 03/28/2013 21:56:53]
    Deleted : RP #292 [Ponto de verificação do sistema | 03/31/2013 15:12:41]
    Deleted : RP #293 [Ponto de verificação do sistema | 04/07/2013 14:14:48]
    Deleted : RP #294 [Ponto de verificação do sistema | 04/09/2013 00:09:09]
    Deleted : RP #295 [Ponto de verificação do sistema | 04/10/2013 00:33:53]
    Deleted : RP #296 [Ponto de verificação do sistema | 04/11/2013 16:32:48]
    Deleted : RP #297 [Ponto de verificação do sistema | 04/14/2013 21:38:51]
    Deleted : RP #298 [Ponto de verificação do sistema | 04/21/2013 16:25:20]
    Deleted : RP #299 [Ponto de verificação do sistema | 04/22/2013 20:24:18]
    Deleted : RP #300 [Ponto de verificação do sistema | 04/24/2013 00:15:30]
    Deleted : RP #301 [Ponto de verificação do sistema | 04/25/2013 00:31:22]
    Deleted : RP #302 [Ponto de verificação do sistema | 04/28/2013 16:07:41]
    Deleted : RP #303 [Ponto de verificação do sistema | 04/29/2013 23:15:46]
    Deleted : RP #304 [Ponto de verificação do sistema | 05/01/2013 00:34:36]
    Deleted : RP #305 [Ponto de verificação do sistema | 05/02/2013 22:38:02]
    Deleted : RP #306 [Ponto de verificação do sistema | 05/04/2013 11:42:20]
    Deleted : RP #307 [Ponto de verificação do sistema | 05/05/2013 15:03:29]
    Deleted : RP #308 [Ponto de verificação do sistema | 05/06/2013 23:44:47]
    Deleted : RP #309 [Ponto de verificação do sistema | 05/08/2013 00:19:02]
    Deleted : RP #310 [Ponto de verificação do sistema | 05/09/2013 22:28:33]
    Deleted : RP #311 [Ponto de verificação do sistema | 05/10/2013 23:56:41]
    Deleted : RP #312 [Ponto de verificação do sistema | 05/19/2013 14:00:07]
    Deleted : RP #313 [Ponto de verificação do sistema | 05/22/2013 22:44:55]
    Deleted : RP #314 [Ponto de verificação do sistema | 05/25/2013 01:21:33]
    Deleted : RP #315 [Removed Ask Toolbar. | 05/27/2013 21:47:56]
    Deleted : RP #316 [Ponto de verificação do sistema | 05/29/2013 11:55:13]
    Deleted : RP #317 [Ponto de verificação do sistema | 05/30/2013 14:57:48]
    Deleted : RP #318 [Ponto de verificação do sistema | 06/04/2013 21:32:44]
    Deleted : RP #319 [ComboFix created restore point | 06/07/2013 15:06:15]
    Deleted : RP #320 [Software Distribution Service 3.0 | 06/07/2013 15:46:15]
    Deleted : RP #321 [Removed Java(TM) 6 Update 31 | 06/07/2013 16:20:20]
    Deleted : RP #322 [Installed Java 7 Update 21 | 06/07/2013 16:21:01]
    Deleted : RP #323 [P | 06/07/2013 18:56:05]

    New restore point created !

    ########## - EOF - ##########

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Maquina infectada, log para analise.

    Mensagem por joram em Sex Jun 07, 2013 3:15 pm

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: Maquina infectada, log para analise.

    Mensagem por Conteúdo patrocinado Hoje à(s) 8:35 am


      Data/hora atual: Sab Dez 03, 2016 8:35 am