Pc infectado, log para analise

Log para analise [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Amigo, desculpe aí, mais tem uma pilha de pcs aqui infectados, vou postando aos poucos os logs para vc aqui.

P>S: parabéns pelo seu fórum, show de bola, estou indicando seu fórum a alguns amigos!



# AdwCleaner v2.304 - Relatório criado em 10/07/2013 às 10:16:16
# Atualizado em 03/07/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : f002045 - FUN0068
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\f002045\Meus documentos\Downloads\adwcleaner.exe
# Opção [Remover]


***** [Serviços] *****

Encerrado & Removido : IBUpdaterService

***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\.autoreg
Arquivo Removido : C:\WINDOWS\system32\roboot.exe
Pasta Removido : C:\Arquivos de programas\DealPly
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\IBUpdaterService
Pasta Removido : C:\Documents and Settings\f002045\Dados de aplicativos\DealPly
Pasta Removido : C:\Documents and Settings\f002045\Dados de aplicativos\file scout
Pasta Removido : C:\Documents and Settings\f002045\Dados de aplicativos\Funmoods
Pasta Removido : C:\Documents and Settings\f002045\Dados de aplicativos\PerformerSoft
Pasta Removido : C:\Documents and Settings\f002045\Dados de aplicativos\SpeedanAlysis
Removido Durante o reboot : C:\Documents and Settings\f002045\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon

***** [Registro] *****

Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\filescout
Chave Removida : HKCU\Software\Funmoods
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chave Removida : HKLM\Software\DealPly
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
Chave Removida : HKLM\Software\InstallCore
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Valor Removida : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]

***** [Navegadores] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro está limpo.

-\\ Mozilla Firefox v2.0.0.20 (pt-BR)

Arquivo : C:\Documents and Settings\f002045\Dados de aplicativos\Mozilla\Firefox\Profiles\9lxgnbzy.default\prefs.js

C:\Documents and Settings\f002045\Dados de aplicativos\Mozilla\Firefox\Profiles\9lxgnbzy.default\user.js ... Removido !

[OK] Arquivo está limpo.

Arquivo : C:\Documents and Settings\f002873\Dados de aplicativos\Mozilla\Firefox\Profiles\r1kz32bv.default\prefs.js

[OK] Arquivo está limpo.

Arquivo : C:\Documents and Settings\e0035\Dados de aplicativos\Mozilla\Firefox\Profiles\5rinpb2g.default\prefs.js

[OK] Arquivo está limpo.

Arquivo : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\7le2y1b2.default\prefs.js

[OK] Arquivo está limpo.

-\\ Google Chrome v27.0.1453.116

Arquivo : C:\Documents and Settings\f001699\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

Arquivo : C:\Documents and Settings\f002045\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[S1].txt - [4069 octets] - [10/07/2013 10:16:16]

########## EOF - C:\AdwCleaner[S1].txt - [4129 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.3 (07.09.2013:2)
OS: Microsoft Windows XP x86
Ran by f002045 on 10/07/2013 at 10:27:29,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] dealplylive 
Successfully deleted: [Service] dealplylive 
Successfully stopped: [Service] dealplylivem 
Successfully deleted: [Service] dealplylivem 



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\dealplylive.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{80fabb17-63af-4655-9f07-b6509ee37af2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{0d89de71-3d99-4288-84dc-f18f1047a7d8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{1e0c9b2a-6447-452c-b012-2314a0c29412}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{34a8ceb6-89bb-49f1-b5e4-0d0d6c21f3b1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3a4dbd3a-98cc-41ce-ad21-352d42b6f754}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{4f8a50f6-69de-4be3-a33a-a1079b9ac0db}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{501cb57a-d4e2-4855-96ad-edb0a9083395}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{6ff2c4dd-77a4-4bb5-ba4c-b42defbf9137}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80fabb17-63af-4655-9f07-b6509ee37af2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{83aba270-8390-4ca6-ae48-fc089f55629e}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8b218a5f-1a3d-4347-94ef-a79575eb8094}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{9bdb5e09-4bba-4422-8c2b-529b281c32b8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{c536f080-57b7-46d6-8894-c647553f2889}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ca5d945f-e738-4d0b-a0b5-25ac51c64659}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f7698761-4aba-45c2-a5bb-d2163922c725}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ffcc53e6-2655-47fc-a89b-54e8d7f305d1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickctrl.9
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.update3webcontrol.3
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc.1.0
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mime\database\content type\application/x-vnd.dpliveupdate.oneclickctrl.9
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mime\database\content type\application/x-vnd.dpliveupdate.update3webcontrol.3
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\internet explorer\low rights\elevationpolicy\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows nt\currentversion\image file execution options\dealplylive.exe



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Arquivos de programas\dealplylive"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/07/2013 at 10:33:30,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

continuação:



ComboFix 13-07-09.01 - f002045 10/07/2013  10:41:13.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.1983.1468 [GMT -3:00]
Executando de: c:\documents and settings\f002045\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 6 bytes in 3 streams.
ADS - drivers: deleted 412 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\bancobrasil\officePLUGIN\index.html
c:\windows\sys
c:\windows\sys\An internal server error occurred. Please try again later
c:\windows\sys\svcserv.exe
c:\windows\sys\svctime.exe
c:\windows\system\chron32.dll
c:\windows\system\libeay32.dll
c:\windows\system\ssleay32.dll
D:\install.exe
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-06-10 to 2013-07-10  ))))))))))))))))))))))))))))
.
.
2013-07-10 13:27 . 2013-07-10 13:27 -------- d-----w- c:\windows\ERUNT
2013-07-09 10:50 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Windows Defender\Definition Updates\{78352295-71F2-4F51-AC28-380828D87383}\mpengine.dll
2013-07-01 10:39 . 2013-07-01 10:39 -------- d-----w- c:\arquivos de programas\LyricsBot
2013-06-19 18:30 . 2013-06-19 18:30 -------- d-----w- c:\documents and settings\f002045\Configurações locais\Dados de aplicativos\DealPlyLive
2013-06-19 18:30 . 2013-06-19 18:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DealPlyLive
2013-06-19 18:29 . 2013-07-01 10:39 -------- d-----w- c:\arquivos de programas\LyricsOn
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-10 13:41 . 2011-12-28 09:35 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2013-06-12 13:04 . 2012-11-23 09:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 13:04 . 2011-06-07 10:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 04:18 . 2010-07-26 18:37 7068072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-05-14 11:17 . 2013-05-14 11:17 31744 --sh--w- c:\windows\system32\FileZilla.dll
2013-05-13 11:58 . 2009-09-15 17:06 47720 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2013-05-07 22:26 . 2004-08-04 03:45 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:26 . 2004-08-04 03:45 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 22:26 . 2004-08-04 03:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 21:53 . 2004-08-04 03:37 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:39 . 2004-08-04 03:40 2197760 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39 . 2004-08-04 00:40 2074368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 05:06 . 2010-07-26 18:37 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 14:01 . 2004-08-04 03:38 1876480 ----a-w- c:\windows\system32\win32k.sys
2009-09-15 20:54 . 2009-09-10 18:37 67688 ----a-w- c:\arquivos de programas\mozilla firefox\components\jar50.dll
2009-09-15 20:54 . 2009-09-10 18:37 54368 ----a-w- c:\arquivos de programas\mozilla firefox\components\jsd3250.dll
2009-09-15 20:54 . 2009-09-10 18:37 34944 ----a-w- c:\arquivos de programas\mozilla firefox\components\myspell.dll
2009-09-15 20:54 . 2009-09-10 18:37 46712 ----a-w- c:\arquivos de programas\mozilla firefox\components\spellchk.dll
2009-09-15 20:54 . 2009-09-10 18:37 172136 ----a-w- c:\arquivos de programas\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{224D7745-F4C6-4C98-A2C2-E4C1DEE8252F}]
2013-05-14 11:17 31744 --sh--w- c:\windows\system32\FileZilla.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2013-05-08 18680424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" [2007-02-05 176128]
"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-05-11 790528]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Acrobat Assistant.lnk - c:\arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-4-7 217190]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399014}"= "c:\arquivos de programas\GbPlugin\gbiehbnb.dll" [2012-11-06 643008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-05-23 13:47 1389096 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBnb]
2012-11-06 12:26 643008 ----a-w- c:\arquivos de programas\GbPlugin\gbiehbnb.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-12-26 16:03 1652584 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Canon\\DIAS\\CnxDIAS.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\f002045\\Configurações locais\\Temp\\ibtmpc810551\\component_613"=
"c:\\Documents and Settings\\f002045\\Configurações locais\\Temp\\ibtmpc810551\\component_369"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [15/09/2009 14:06 47720]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [10/09/2009 10:12 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [10/09/2009 10:12 52224]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04/10/2011 10:47 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/12/2010 08:40 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/12/2010 08:40 21256]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [19/05/2011 16:16 410152]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [30/07/2010 15:38 99896]
R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [30/07/2010 15:37 17408]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [28/12/2011 06:35 31088]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [01/03/2013 12:11 161384]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [28/12/2011 06:35 31088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 11:08 1165776 ----a-w- c:\arquivos de programas\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-23 13:04]
.
2013-07-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-09-19 09:12]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-24 20:10]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-24 20:10]
.
2013-07-10 c:\windows\Tasks\Lyrics Bot Update.job
- c:\arquivos de programas\LyricsBot\lyrcsBupd.exe [2013-06-24 14:27]
.
2013-07-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
2013-07-10 c:\windows\Tasks\User_Feed_Synchronization-{BD28933B-34E3-409A-BFD2-36150EE9A25D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
2013-07-10 c:\windows\Tasks\User_Feed_Synchronization-{FE56C7E3-A609-476F-8785-9625E34296E7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br
Trusted Zone: bb.com.br\www
Trusted Zone: com.br\office.bancobrasil
Trusted Zone: com.br\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Trusted Zone: com.br\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Trusted Zone: com.br\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Trusted Zone: com.br\www2.bancobrasil
TCP: DhcpNameServer = 10.4.65.16
DPF: Microsoft XML Parser for Java - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - ProfilePath - c:\documents and settings\f002045\Dados de aplicativos\Mozilla\Firefox\Profiles\9lxgnbzy.default\
FF - prefs.js: network.proxy.type - 2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2013-07-10 10:49
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ... 
.
Procurando entradas auto inicializáveis ocultas ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????????????? 
.
Procurando ficheiros/arquivos ocultos ... 
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GbPlugin\gbiehbnb.dll
c:\arquivos de programas\GBPLUGIN\gbiehcef.dll
.
Tempo para conclusão: 2013-07-10  10:51:45
ComboFix-quarantined-files.txt  2013-07-10 13:51
.
Pré-execução: 11 pasta(s) 49.948.446.720 bytes disponíveis
Pós execução: 13 pasta(s) 52.567.273.472 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 763952300F4F8404524E9AC3C501CC6F
239FC8B1C26D5286165A956F5A98D8D7

Bom Dia! Edvan

Amigo, desculpe aí, mais tem uma pilha de pcs aqui infectados, vou postando aos poucos os logs para vc aqui.

P>S: parabéns pelo seu fórum, show de bola, estou indicando seu fórum a alguns amigos!

|- Vamos,então,trabalhar! 
|- Muito agradecido pela indicação e,dentro das limitações em que está o Fórum SecSecurity,não houve espaço para ampliações e maior conforto aos Usuários que está reduzido.

-/-

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )

|- Ou aqui! < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

startupall; 
autoclean; 
filesrcm; 
emptyalltemp; 

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script". <- Aguarde!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt << 

A+

Zoek.exe Version 4.0.0.3 Updated 10-July-2013
Tool run by f002045 on 10/07/2013 at 11:52:45,93.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
Failed to create System Restore Point
==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================
"C:\Documents and Settings\f002045\Dados de aplicativos\desktop.ini" deleted
"C:\WINDOWS\002948_.tmp" deleted
"C:\WINDOWS\SET3.tmp" deleted
"C:\WINDOWS\SET4.tmp" deleted
"C:\WINDOWS\SET8.tmp" deleted
"C:\WINDOWS\tasks\Lyrics Bot Update.job" deleted
"C:\Arquivos de programas\LyricsBot" deleted
"C:\Arquivos de programas\LyricsOn" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2013-07-10 13:37:41 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
2013-07-10 13:37:41 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
2013-07-10 13:37:41 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
2013-07-10 13:37:41 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
2013-07-10 13:37:41 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
====== C:\DOCUME~1\f002045\CONFIG~1\Temp ====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
2013-07-10 14:49:15 ED0E308083F35635C3ECBF8F89B4D9F6 1814 ----a-w- C:\WINDOWS\System32\drivers\ndisrd_m.inf
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Arquivos de programas =====
2013-07-10 14:00:06 -------- d-----w- C:\Arquivos de programas\ZHPDiag
======= C: =====
2013-07-10 14:01:19 FF4231CFC7BC41258B81C16B80FF0360 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-07-10 13:39:34 FA579938B0733B87066546AFE951082C 211 ----a-w- C:\Boot.bak
2013-07-10 13:39:31 C51A881398F29071239741AE16D07C1C 261856 --sha-r- C:\cmldr
2013-07-10 13:16:16 891DF0BB4B484B1474043351F5E63797 4198 ----a-w- C:\AdwCleaner[S1].txt
====== C:\Documents and Settings\f002045\Dados de aplicativos ======
2013-06-19 18:30:07 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\DealPlyLive
====== C:\Documents and Settings\f002045 ======
2013-07-10 14:48:55 -------- d-sh--w- C:\Documents and Settings\NetworkService\Cookies
====== C: exe-files ==
2013-07-10 14:00:10 AE326A97F634217CAC29739D376DF934 344187 ----a-w- C:\Documents and Settings\f002045\Desktop\Ferramenta para remoção de virus\ZHP_uninstall.exe
2013-07-10 14:00:10 8747E33E978E91C7888364E95F53D977 370235 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPDiags.exe
2013-07-10 14:00:10 74C3DFCC1C6BF8B0BD977EF6F4185208 2709504 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPFix.exe
2013-07-10 14:00:09 56873D899C0707AA017AA2D74EC190AE 3770368 ----a-w- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe
2013-07-10 14:00:07 E100F7F1AA506F91A3C64366EE290E33 555944 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl64.exe
2013-07-10 14:00:07 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
2013-07-10 14:00:07 C3D16F308C98CB3BDC315D996D7D89AD 706512 ----a-w- C:\Arquivos de programas\ZHPDiag\unins000.exe
2013-07-10 14:00:07 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Arquivos de programas\ZHPDiag\mbr.exe
2013-07-10 14:00:07 79C7BC4A7642D908A1527A0EB90138C9 452008 ----a-w- C:\Arquivos de programas\ZHPDiag\setacl32.exe
2013-07-10 14:00:07 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Arquivos de programas\ZHPDiag\pv.exe
2013-07-10 14:00:07 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Arquivos de programas\ZHPDiag\subinacl.exe
2013-07-10 14:00:07 417C1BE0BF4D7C505D60D2CEFCDF2347 231048 ----a-w- C:\Arquivos de programas\ZHPDiag\sigcheck.exe
2013-07-10 14:00:06 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Arquivos de programas\ZHPDiag\catchme.exe
2013-07-10 14:00:06 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Arquivos de programas\ZHPDiag\Lads.exe
2013-07-10 14:00:06 5BBF2A0351E336646022D09009560CEF 143360 ----a-w- C:\Arquivos de programas\ZHPDiag\FileInfos.exe
2013-07-10 13:59:10 E897110EE5E67FABB83B154DF9C68D6A 794216 ----a-w- C:\Documents and Settings\f002045\Desktop\Ferramenta para remoção de virus\ZHPDiag_silent.exe
2013-07-10 13:39:30 F0C08E06A2A3EF0618E3990DE36BAB21 616960 ----a-w- C:\cmdcons\autochk.exe
2013-07-10 13:39:30 A317FC1D2F892651DEC970B9CCCD6D92 608768 ----a-w- C:\cmdcons\autofmt.exe
2013-07-10 13:37:41 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
2013-07-10 13:37:41 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
2013-07-10 13:37:41 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
2013-07-10 13:37:41 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
2013-07-10 13:37:41 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
2013-07-10 13:26:55 F77796B412A0A0B436B210367FCE2AB3 552529 ----a-w- C:\Documents and Settings\f002045\Meus documentos\Downloads\JRT.exe
2013-07-10 13:15:28 1078C8BD8C62CF4DEE6FE1058C3D56A7 650027 ----a-w- C:\Documents and Settings\f002045\Meus documentos\Downloads\adwcleaner.exe
2013-07-05 19:07:43 CA35155F6B4C4DB2513AAAA868BAFF47 324488 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
2013-07-05 19:07:43 C3190BA6ED6220369EEEED081A14DDFC 59784 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe
2013-07-05 19:07:43 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdateSetup.exe
2013-07-05 19:07:43 1017788353D8349BF6086B9CDDC8CB7B 59784 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdateBroker.exe
2013-07-05 19:07:43 09C87F376507122A5FE1CBE06E015512 239496 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleCrashHandler.exe
2013-07-05 19:07:42 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Arquivos de programas\Google\Update\1.3.21.149\GoogleUpdate.exe
2013-07-05 19:07:33 5F42FBCE3A8D9ED552E9852A23CA382F 800024 ----a-w- C:\Arquivos de programas\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.149\GoogleUpdateSetup.exe
=== C: other files ==
2013-07-10 13:39:17 73B8308CF069709A76009E97C5C97D11 7513 ----a-w- C:\Qoobox\BackEnv\SetPath.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21088\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe /minimized /regrun"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe"
"S3Trayp"="S3trayp.exe"
"HDAudDeck"="C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1"
"SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
"Adobe ARM"="C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe /minimized /regrun"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
==== Startup Folders ======================
2009-09-10 13:23:22 1864 ----a-w- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Acrobat Assistant.lnk
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/06/2013 10:04]
C:\WINDOWS\tasks\avast\Undetermined Task.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [24/08/2011 17:10]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\MP Scheduled Scan.job --ah----- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe [03/11/2006 19:20]
C:\WINDOWS\tasks\User_Feed_Synchronization-{BD28933B-34E3-409A-BFD2-36150EE9A25D}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 04:31]
C:\WINDOWS\tasks\User_Feed_Synchronization-{FE56C7E3-A609-476F-8785-9625E34296E7}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 04:31]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\7le2y1b2.default
- Java Quick Starter - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff
- Java Console - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - %ProfilePath%\extensions\staged-xpis
- Undetermined - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Mdulo de segurana - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
ProfilePath: C:\Documents and Settings\e0035\Dados de aplicativos\Mozilla\Firefox\Profiles\5rinpb2g.default
- Java Quick Starter - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Mdulo de Segurana - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
ProfilePath: C:\Documents and Settings\f002045\Dados de aplicativos\Mozilla\Firefox\Profiles\9lxgnbzy.default
- Java Console - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Java Quick Starter - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff
- Undetermined - C:\Arquivos de programas\LyricsOn\FF
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Mdulo de segurana - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
ProfilePath: C:\Documents and Settings\f002873\Dados de aplicativos\Mozilla\Firefox\Profiles\r1kz32bv.default
- Java Quick Starter - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff
- Undetermined - %ProfilePath%\extensions\staged-xpis
- Undetermined - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
==== Firefox Plugins ======================

==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hcjaoindegekegaeihocoidchhbgilbd - C:\Arquivos de programas\LyricsBot\116.crx[]
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Arquivos de programas\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[21/08/2012 06:10]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{EB857973-D9B2-438A-B9FF-0F88AD32608F}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]"
{4B10C427-ACAE-4FF8-B3E4-9DC287D087D5} Google  Url="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]}"
{EB857973-D9B2-438A-B9FF-0F88AD32608F} Yahoo//search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\hcjaoindegekegaeihocoidchhbgilbd deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\f002045\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\f002045\CONFIG~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== EOF on 10/07/2013 at 13:05:01,67 ======================

Olá! Edvan

|- Mesmo procedimento ao finalizar!

|- DelFix  JetClean  JetBoost.

|- Tudo Ok?

A+

O log do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] acusou alguma coisa?
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Olá! Edvan

< C:\Documents and Settings\f002045\Dados de aplicativos\dwonehaumcsh.dat >

|- Conheces este ficheiro?
|- Desculpe-me! Esqueci de postar este script.

-/-

|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
#####

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key
O2 - BHO: (no name) - {224D7745-F4C6-4C98-A2C2-E4C1DEE8252F} Orphean Key
O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} Orphean Key
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} Orphean Key
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540014} Orphean Key
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key
O3 - Toolbar: (no name) - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (...) --  (.not file.)
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) --  (.not file.)
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\Lyrics Bot Update.job
[MD5.133251844AE6772545AF8132609EA24A] [APT] [Lyrics Bot Update] (.APDMT LTD.) -- C:\Arquivos de programas\LyricsBot\lyrcsBupd.exe
O43 - CFD: 01/07/2013 - 07:39:37 - [0,993] ----D C:\Arquivos de programas\LyricsBot
O43 - CFD: 01/07/2013 - 07:39:21 - [0] ----D C:\Arquivos de programas\LyricsOn
C:\Arquivos de programas\LyricsBot

[HKCU\Software\LyricsBot]
[HKLM\Software\Swearware]

proxyfix
emptytemp
emptyclsid
emptyflash
firewallraz
sysrestore

#####
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique no menu,"Paste ClipBoard".
|- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Clique "GO" -> Oui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

Abs!

< C:\Documents and Settings\f002045\Dados de aplicativos\dwonehaumcsh.dat >

Não conheço amigo.
 

Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013
Fichier d'export Registre : 
Run by f001699 at 10/07/2013 14:59:45
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Recycle Files Deleted

========== Registry Key ==========
NOT FOUND Key: CLSID BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
DELETED  Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
NOT FOUND Key: CLSID BHO: {224D7745-F4C6-4C98-A2C2-E4C1DEE8252F}
NOT FOUND Key: CLSID BHO: {2E3C3651-B19C-4DD9-A979-901EC3E930AF}
NOT FOUND Key: CLSID BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
NOT FOUND Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
NOT FOUND Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}
NOT FOUND Key: CLSID BHO: {AE7CD045-E861-484f-8273-0445EE161910}
NOT FOUND Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}
NOT FOUND Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003}
NOT FOUND Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540014}
DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
DELETED  Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
NOT FOUND Key: CLSID BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
NOT FOUND Key: HKCU\Software\LyricsBot
NOT FOUND Key: HKLM\Software\Swearware

========== Registry Value ==========
NOT FOUND Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}
NOT FOUND Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
No Value in Firewall Exception Register Key (FirewallRaz)

========== Repertory ==========
No Empty CLSID Directories
DELETED Flash Cookies

========== File ==========
NOT FOUND File: c:\windows\tasks\lyrics bot update.job
NOT FOUND Folder/File: c:\arquivos de programas\lyricsbot\lyrcsbupd.exe
NOT FOUND Folder/File: c:\arquivos de programas\lyricsbot
DELETED Window Temporary
DELETED Flash Cookies

========== Task ==========
NOT FOUND Task: Lyrics Bot Update

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
17 : Registry Key
13 : Registry Value
2 : Repertory
5 : File
1 : Task
1 : Restoration


End of clean in 00mn 14s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 10/07/2013 14:59:45 [2746]

Acho que fiz merda amigo..kkkk

esse scrip do ZHPFix  passei em outro pc.  Será que vai dar algum problema?


por isso que nao estava achando:

C:\Documents and Settings\f002045\Dados de aplicativos\dwonehaumcsh.dat >

 Vou gerar um novo log para vc analisar, me atrapalhei todo, passar procedimento em duas maquinas distintas só dar nisso!

 Novo log [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Creio que esteja tudo normal!.

Edvan escreveu: Novo log [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Creio que esteja tudo normal!.

 Olá! Edvan

|- Sem problemas,pois este script está direcionado à entradas inválidas,sendo inócuo em outra máquina.

-/-

|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
#####

O43 - CFD: 19/06/2013 - 15:30:07 - [0] ----D C:\Documents and Settings\f002045\Configurações locais\Dados de aplicativos\DealPlyLive 

C:\Documents and Settings\f002045\Configurações locais\Dados de aplicativos\DealPlyLive

[HKCU\Software\LyricsBot] 

firewallraz
sysrestore

#####
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique no menu,"Paste ClipBoard".
|- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Clique "GO" -> Oui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

Abs!

Amigo, amanhã as 08:30hs estarei passando a ferramenta no pc.
 
P.S: Depois de rodar o script no ZHPFIX, posso finalizar passando o delfix?

Edvan escreveu:Amigo, amanhã as 08:30hs estarei passando a ferramenta no pc.
 
P.S: Depois de rodar o script no ZHPFIX, posso finalizar passando o delfix?

 Olá! Edvan

|- Sim! Utilize DelFix e poste seu relatório.

Abs!

pronto amigo, já rodei o script no ZHPFIX e o DelFix.

Tudo ok agora.


 # DelFix v10.3 - Logfile created 12/07/2013 at 15:29:44
# Updated 08/06/2013 by Xplode
# Username : f002045 - FUN0068
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\ZHP
Deleted : C:\Arquivos de programas\ZHPDiag
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\Documents and Settings\f002045\Desktop\ZHPFixReport.txt
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Cleaning system restore ...

Deleted : RP #886 [Software Distribution Service 3.0 | 07/10/2013 18:27:10]
Deleted : RP #887 [Ponto de verificação do sistema | 07/10/2013 18:27:11]
Deleted : RP #888 [Ponto de verificação do sistema | 07/10/2013 18:27:11]
Deleted : RP #889 [Software Distribution Service 3.0 | 07/10/2013 18:27:11]
Deleted : RP #890 [Ponto de verificação do sistema | 07/10/2013 18:27:12]
Deleted : RP #891 [Ponto de verificação do sistema | 07/10/2013 18:27:12]
Deleted : RP #892 [Software Distribution Service 3.0 | 07/10/2013 18:27:12]
Deleted : RP #893 [Ponto de verificação do sistema | 07/10/2013 18:27:13]
Deleted : RP #894 [Ponto de verificação do sistema | 07/10/2013 18:27:13]
Deleted : RP #895 [Software Distribution Service 3.0 | 07/10/2013 18:27:13]
Deleted : RP #896 [Software Distribution Service 3.0 | 07/10/2013 18:27:13]
Deleted : RP #897 [Ponto de verificação do sistema | 07/10/2013 18:27:14]
Deleted : RP #898 [Ponto de verificação do sistema | 07/10/2013 18:27:14]
Deleted : RP #899 [Software Distribution Service 3.0 | 07/10/2013 18:27:14]
Deleted : RP #900 [Ponto de verificação do sistema | 07/10/2013 18:27:15]
Deleted : RP #901 [Software Distribution Service 3.0 | 07/10/2013 18:27:15]
Deleted : RP #902 [Software Distribution Service 3.0 | 07/10/2013 18:27:15]
Deleted : RP #903 [Ponto de verificação do sistema | 07/10/2013 18:27:16]
Deleted : RP #904 [Ponto de verificação do sistema | 07/10/2013 18:27:16]
Deleted : RP #905 [Software Distribution Service 3.0 | 07/10/2013 18:27:16]
Deleted : RP #906 [Software Distribution Service 3.0 | 07/10/2013 18:27:17]
Deleted : RP #907 [Software Distribution Service 3.0 | 07/10/2013 18:27:17]
Deleted : RP #908 [Software Distribution Service 3.0 | 07/10/2013 18:27:17]
Deleted : RP #909 [Software Distribution Service 3.0 | 07/10/2013 18:27:17]
Deleted : RP #910 [Software Distribution Service 3.0 | 07/10/2013 18:27:18]
Deleted : RP #911 [Software Distribution Service 3.0 | 07/10/2013 18:27:18]
Deleted : RP #912 [Software Distribution Service 3.0 | 07/10/2013 18:27:18]
Deleted : RP #913 [Software Distribution Service 3.0 | 07/10/2013 18:27:18]
Deleted : RP #914 [Software Distribution Service 3.0 | 07/10/2013 18:27:19]
Deleted : RP #915 [Ponto de verificação do sistema | 07/10/2013 18:27:19]
Deleted : RP #916 [Software Distribution Service 3.0 | 07/10/2013 18:27:19]
Deleted : RP #917 [Ponto de verificação do sistema | 07/10/2013 18:27:19]
Deleted : RP #918 [Software Distribution Service 3.0 | 07/10/2013 18:27:20]
Deleted : RP #919 [Software Distribution Service 3.0 | 07/10/2013 18:27:20]
Deleted : RP #920 [Ponto de verificação do sistema | 07/10/2013 18:27:21]
Deleted : RP #921 [Software Distribution Service 3.0 | 07/10/2013 18:27:21]
Deleted : RP #922 [Software Distribution Service 3.0 | 07/10/2013 18:27:21]
Deleted : RP #923 [Software Distribution Service 3.0 | 07/10/2013 18:27:22]
Deleted : RP #924 [Ponto de verificação do sistema | 07/10/2013 18:27:22]
Deleted : RP #925 [Software Distribution Service 3.0 | 07/10/2013 18:27:23]
Deleted : RP #926 [Software Distribution Service 3.0 | 07/10/2013 18:27:24]
Deleted : RP #927 [Ponto de verificação do sistema | 07/10/2013 18:27:24]
Deleted : RP #928 [Software Distribution Service 3.0 | 07/10/2013 18:27:24]
Deleted : RP #929 [Ponto de verificação do sistema | 07/10/2013 18:27:24]
Deleted : RP #930 [Software Distribution Service 3.0 | 07/10/2013 18:27:25]
Deleted : RP #931 [Ponto de verificação do sistema | 07/10/2013 18:27:25]
Deleted : RP #932 [Software Distribution Service 3.0 | 07/10/2013 18:27:25]
Deleted : RP #933 [Software Distribution Service 3.0 | 07/10/2013 18:27:25]
Deleted : RP #934 [Windows Defender Checkpoint | 07/10/2013 18:27:26]
Deleted : RP #935 [Ponto de verificação do sistema | 07/10/2013 18:27:26]
Deleted : RP #936 [End of disinfection | 07/10/2013 18:27:30]
Deleted : RP #937 [Software Distribution Service 3.0 | 07/12/2013 11:14:04]
Deleted : RP #938 [Software Distribution Service 3.0 | 07/12/2013 12:01:48]
Deleted : RP #939 [P | 07/12/2013 18:29:18]

New restore point created !

########## - EOF - ##########

CASO RESOLVIDO!

Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.