Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
feflorio

Tambem problema com CCleaner,programas que nao abrem

Recommended Posts

Bom dia.

Meu problema é praticamente o mesmo que vários relatos recentes, com programas que abrem e fecham(CCleaner),atualização de Spybot que não roda,MSCONFIG idem. Seguem meus logs, mas quero ressaltar um detalhe e peço comentários - Nem o DDS.SCR e GERM eu conseguia rodar!!! Depois de muito fuçar achei uns programas chamados B1C.JS para os 4 usuários que tenho no micro nas pastas Roaming e sob a pasta do Menu Inicializar - SÓ ENTRANDO EM MODO DE SEGURANÇA COM PROMPT CONSEGUI APAGA-LOS, e finalmente rodar os logs que seguem.

Abs,

Fabio

DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2

Run by Fabio at 20:59:08 on 2013-07-16

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3317.1865 [GMT -3:00]

.

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

D:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

D:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WUDFHost.exe

D:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

D:\Program Files\AVG\AVG2013\avgcfgex.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://brasil-pesquisa.pw/r.asp#

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: {074C1DC5-9320-4A9A-947D-C042949C6216} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll

BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - d:\program files\microsoft office\office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - c:\program files\gbplugin\gbiehuni.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ed83] c:\users\fabio\appdata\roaming\fb9\ed83.js

uRun: [spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_UI] "d:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [bCSSync] "d:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avgbrasil.com.br/br-pt.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNjMyMTkyNDkzLVQxNS1CQSsxLUtWMys3LVhMKzEtQkFSOUcrMS1GTCs5LVhPMzYrMS1GOU03Qys1LUNJQTEwKzItTElDKzExLVNQMSsxLVNQMVRCKzEtRkwxMCsxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzE"&"prod=90"&"ver=10.0.1375

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - d:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - d:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - <orphaned>

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.elancers.net/erv2/vagas/activex/smsx.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 201.6.2.70 192.168.0.1

TCP: Interfaces\{8F0B99DA-D819-4CD7-99E8-1ED19A52C91B} : DHCPNameServer = 201.6.2.70 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginUni - c:\program files\gbplugin\gbiehUni.dll

Notify: igfxcui - igfxdev.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - c:\program files\gbplugin\gbiehuni.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:\program files\microsoft office\office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-4-24 46392]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]

R2 avgwd;Watchdog do AVG;d:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2013-6-28 409144]

R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-11-28 65657]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-7-2 1817560]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-7-2 1033688]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-7-2 171928]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2013-4-20 31088]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]

S2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2006-12-4 203264]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-15 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-22 36608]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2013-4-20 31088]

S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2011-9-13 1521544]

S3 StorSvc;Serviço de Armazenamento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2012-5-30 386560]

S3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2012-5-30 20992]

S3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2012-5-30 33792]

S3 Te.Service;Te.Service;c:\program files\windows kits\8.0\testing\runtimes\taef\Wex.Services.exe [2012-7-25 94208]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-27 52224]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1343400]

S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-22 233472]

S4 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2013-2-28 188760]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2013-07-15 23:04:43 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2013-07-15 23:01:53 -------- d-----w- c:\program files\CCleaner

2013-07-11 00:13:11 -------- d-----w- c:\programdata\Tarma Installer

2013-07-09 18:18:30 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-07-09 18:18:24 509440 ----a-w- c:\windows\system32\qedit.dll

2013-07-09 18:18:24 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-09 18:18:23 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-07-09 18:18:22 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2013-07-09 18:18:22 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll

2013-07-09 18:18:22 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2013-07-09 18:18:22 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL

2013-07-09 18:18:14 680960 ----a-w- c:\program files\windows defender\MpSvc.dll

2013-07-09 18:18:14 392704 ----a-w- c:\program files\windows defender\MpClient.dll

2013-07-09 18:18:14 224768 ----a-w- c:\program files\windows defender\MpCommu.dll

2013-07-03 01:13:30 15224 ----a-w- c:\windows\system32\sdnclean.exe

2013-07-03 01:13:26 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2013-06-23 17:08:06 -------- d-----w- c:\users\fabio\appdata\roaming\DSite

2013-06-22 12:39:47 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2013-07-16 22:51:53 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-07-13 11:38:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-13 11:38:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-22 12:39:42 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-06-22 12:39:42 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-06-10 17:42:22 46392 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll

2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll

2013-04-25 23:30:32 1505280 ----a-w- c:\windows\system32\d3d11.dll

2004-10-01 17:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 20:59:25,11 ===============

ATTACH.TXT

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/12/2009 19:12:14

System Uptime: 16/07/2013 19:51:09 (1 hours ago)

.

Motherboard: MSI | | Boston

Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2933/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 49 GiB total, 6,961 GiB free.

D: is FIXED (NTFS) - 417 GiB total, 166,463 GiB free.

E: is CDROM (CDFS)

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Tools for .Net 3.5

32 Bit HP CIO Components Installer

3D Canvas

Adobe Creative Suite 5.5 Master Collection

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03) - Português

Adobe Shockwave Player 11.5

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Apple Application Support

Apple Mobile Device Support

Apple Software Update

aTube Catcher

AutoUpdate

AVG 2012

AVG 2013

AVIcodec (remove only)

Blend for Visual Studio 2012

Blend for Visual Studio 2012 ENU resources

Bonjour

BufferChm

CCleaner

Compatibility Pack for the 2007 Office system

Controle ActiveX do Windows Live Mesh para Conexões Remotas

Copy

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DivX

DocProc

Dotfuscator and Analytics Community Edition

DreamStation DXi2

DVD Solution

eLicenser Control

Entity Framework Designer for Visual Studio 2012 - enu

F300

F300_Help

F300Trb

Fax

FormatFactory 2.50

Google Chrome

Google Earth Plug-in

Google Update Helper

GPBaseService2

Hao123.com

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

HP Print Diagnostic Utility

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Update

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

IIS 8.0 Express

IIS Express Application Compatibility Database for x86

Intel® Graphics Media Accelerator Driver

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

Java 7 Update 25

Java Auto Updater

JavaFX 2.1.1

Junk Mail filter update

LocalESPC

LocalESPCui for en-us

Módulo de Segurança DirectaInvest – CGD Investimentos CVC S.A - Internet Explorer

MarketResearch

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft .NET Framework 4.5

Microsoft .NET Framework 4.5 Multi-Targeting Pack

Microsoft .NET Framework 4.5 SDK

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 3

Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update

Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools

Microsoft ASP.NET MVC 4 Runtime

Microsoft ASP.NET Web Pages

Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools

Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools

Microsoft ASP.NET Web Pages 2 Runtime

Microsoft Help Viewer 2.0

Microsoft LightSwitch for Visual Studio 2012 Core

Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU

Microsoft NuGet - Visual Studio 2012

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Portable Library Multi-Targeting Pack

Microsoft Portable Library Multi-Targeting Pack Language Pack - enu

Microsoft Report Viewer Add-On for Visual Studio 2012

Microsoft Silverlight

Microsoft Silverlight 4 SDK

Microsoft Silverlight 5 SDK

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2012 Command Line Utilities

Microsoft SQL Server 2012 Data-Tier App Framework

Microsoft SQL Server 2012 Express LocalDB

Microsoft SQL Server 2012 Management Objects

Microsoft SQL Server 2012 Native Client

Microsoft SQL Server 2012 T-SQL Language Service

Microsoft SQL Server 2012 Transact-SQL Compiler Service

Microsoft SQL Server 2012 Transact-SQL ScriptDom

Microsoft SQL Server Compact 4.0 SP1 ENU

Microsoft SQL Server Data Tools - enu (11.1.20627.00)

Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)

Microsoft SQL Server Desktop Engine (PINNACLESYS)

Microsoft SQL Server System CLR Types

Microsoft System CLR Types for SQL Server 2012

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Compilers

Microsoft Visual C++ 2012 Compilers - ENU Resources

Microsoft Visual C++ 2012 Core Libraries

Microsoft Visual C++ 2012 Extended Libraries

Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft Visual Studio 2010 Office Developer Tools (x86)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB

Microsoft Visual Studio 2012 Devenv

Microsoft Visual Studio 2012 Devenv Resources

Microsoft Visual Studio 2012 Performance Collection Tools

Microsoft Visual Studio 2012 Performance Collection Tools - ENU

Microsoft Visual Studio 2012 Preparation

Microsoft Visual Studio 2012 SharePoint Developer Tools

Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack

Microsoft Visual Studio 2012 Shell (Minimum)

Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies

Microsoft Visual Studio 2012 Shell (Minimum) Resources

Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU

Microsoft Visual Studio Professional 2012

Microsoft Visual Studio Professional 2012 - ENU

Microsoft Visual Studio Team Foundation Server 2012 Object Model

Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU

Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core

Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources

Microsoft Web Deploy 3.0

Microsoft Web Deploy dbSqlPackage Provider - enu

Microsoft Web Developer Tools - Visual Studio 2012

Microsoft Web Platform Installer 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MP3 Karaoke 6.1.9

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

Multimedia Launcher

Network

Nokia Connectivity Cable Driver

Notepad++

OCR Software by I.R.I.S. 13.0

OGA Notifier 2.0.0048.0

Pacote de Driver do Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)

Pacote de Driver do Windows - Pinnacle Systems (BENDER) Media (11/21/2005 2.0.19.0)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - Português (Brasil)

Paint.NET v3.5.10

PC Remote

PDF Settings CS5

PDFCreator 2012 0220

PhotoScape

Pinnacle Bender 32-bit

Pinnacle device drivers

Pinnacle Instant DVD Recorder

Pinnacle MediaServer

PreEmptive Analytics Visual Studio Components

Prerequisites for SSDT

PxMergeModule

Realtek High Definition Audio Driver

Receitanet

Samsung New PC Studio

Samsung S5230 Wallpaper Creator

Scan

Secure Download Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4.5 (KB2729460)

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Security Update for Microsoft .NET Framework 4.5 (KB2742613)

Security Update for Microsoft .NET Framework 4.5 (KB2789648)

Security Update for Microsoft .NET Framework 4.5 (KB2804582)

Security Update for Microsoft .NET Framework 4.5 (KB2833957)

Security Update for Microsoft .NET Framework 4.5 (KB2840642)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)

SmartSound Quicktracks Plugin

SmartWebPrinting

SMath Studio

SolutionCenter

Spybot - Search & Destroy

Status

Steinberg Cubase LE 5

Steinberg HALionOne

Steinberg HALionOne Essential Set

Studio 10

Studio 10.8 Patch

Toolbox

TQI

TrayApp

TuneUp Utilities Language Pack (pt-BR)

Ulead Data-Add 2.0

Ulead DVD MovieFactory 4.0

Ulead VideoStudio SE DVD

Unity Web Player

UnloadSupport

Update for (KB2504637)

Update for Microsoft .NET Framework 4.5 (KB2750147)

Update for Microsoft .NET Framework 4.5 (KB2805221)

Update for Microsoft .NET Framework 4.5 (KB2805226)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Microsoft Visual Studio 2012 (KB2781514)

US-122 MKII / US-144 MKII

USB2.0 Capture Device

USB2.0 Grabber

Visual Studio Extensions for Windows Library for JavaScript

Visualizador do Microsoft PowerPoint

WCF Data Services 5.0 (for OData v3) Primary Components

WCF Data Services Tools for Microsoft Visual Studio 2012

WCF RIA Services V1.0 SP2

Web Assistant 2.0.0.568

WebReg

Windows App Certification Kit Native Components

Windows App Certification Kit x86

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

Windows Mobile Device Updater Component

Windows Runtime Intellisense Content - en-us

Windows Software Development Kit

Windows Software Development Kit DirectX x86 Remote

Windows Software Development Kit for Windows Store Apps

Windows Software Development Kit for Windows Store Apps DirectX x86 Remote

WinRAR 4.01 (32-bit)

WinUSB Drivers x86

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== End Of File ===========================

GMER.TXT

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-07-17 06:48:21

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.HP34 465,76GB

Running: gmer.exe; Driver: C:\Users\Fabio\AppData\Local\Temp\pxdiipob.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x910F35D0]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x910F3700]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x910F3010]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x910F3300]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x910F33E0]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x910F3120]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x910F3210]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x910F34D0]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E7E9F5 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB81F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82EBF69C 8 Bytes [D0, 35, 0F, 91, 00, 37, 0F, ...]

.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82EBF6E4 4 Bytes [10, 30, 0F, 91]

.text ntkrnlpa.exe!KeRemoveQueueEx + 165F 82EBF9A4 8 Bytes [00, 33, 0F, 91, E0, 33, 0F, ...] {ADD [EBX], DH; SETNO AL; XOR ECX, [EDI]; XCHG ECX, EAX}

.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82EBF9B4 8 Bytes [20, 31, 0F, 91, 10, 32, 0F, ...] {AND [ECX], DH; SETNO BYTE [EAX]; XOR CL, [EDI]; XCHG ECX, EAX}

.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82EBFA28 4 Bytes [D0, 34, 0F, 91] {SAL BYTE [EDI+ECX], 0x1; XCHG ECX, EAX}

? C:\Users\Fabio\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\services.exe[876] kernel32.dll!FreeLibraryAndExitThread 767E03B0 5 Bytes JMP 3C4ABF18 C:\Program Files\GbPlugin\gbiehuni.dll

.text C:\Windows\system32\services.exe[876] kernel32.dll!FreeLibrary 767EEF67 5 Bytes JMP 3C4ABFA0 C:\Program Files\GbPlugin\gbiehuni.dll

.text C:\Windows\Explorer.EXE[3708] kernel32.dll!FreeLibraryAndExitThread 767E03B0 5 Bytes JMP 3C4ABF18 C:\Program Files\GbPlugin\gbiehUni.dll

.text C:\Windows\Explorer.EXE[3708] kernel32.dll!FreeLibrary 767EEF67 5 Bytes JMP 3C4ABFA0 C:\Program Files\GbPlugin\gbiehUni.dll

.text C:\Windows\Explorer.EXE[3708] RPCRT4.dll!IUnknown_QueryInterface_Proxy 76B24FC2 6 Bytes JMP 71A8000A

.text C:\Windows\Explorer.EXE[3708] ole32.dll!CoUnmarshalInterface 76D3F150 6 Bytes JMP 71AB000A

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [738A24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7388562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [738856EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [738A2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [738985AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73894D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73895105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [738951DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73896707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73898301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73898850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [738990B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7389E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

IAT C:\Windows\Explorer.EXE[3708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73894C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-07-18.04 - Fabio 19/07/2013 19:18:52.1.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3317.1956 [GMT -3:00]

Executando de: c:\users\Fabio\Downloads\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\1doc2pdf.dll

c:\programdata\page

c:\programdata\page\page.ico

c:\programdata\page\page.URL

c:\programdata\WLSetup

c:\programdata\WLSetup\aJevjbEAqrIWKmxHD.cfg

c:\programdata\WLSetup\aJevjbEAqrIWKmxHD.usr

c:\programdata\WLSetup\axkLyaDmzHheCXNlj.cfg

c:\programdata\WLSetup\axkLyaDmzHheCXNlj.usr

c:\users\Antonio\AppData\Roaming\FLORIO_PC.pac

c:\users\Eliane\AppData\Roaming\Microsoft\~DFK237b09.tmp

c:\users\Eliane\AppData\Roaming\Microsoft\1eaadjc.dll

c:\users\Eliane\AppData\Roaming\Microsoft\bass.dll

c:\users\Eliane\AppData\Roaming\Microsoft\kfgresk.dll

c:\users\Eliane\AppData\Roaming\Microsoft\mjcriu.dll

c:\users\Eliane\AppData\Roaming\Microsoft\peaadje.dll

c:\users\Eliane\AppData\Roaming\Microsoft\qwadjb.dll

c:\users\Eliane\AppData\Roaming\Microsoft\rsaadjd.dll

c:\users\Eliane\Documents\~WRL1330.tmp

c:\users\Fabio\AppData\Roaming\Microsoft\~DFK21ef3e.tmp

c:\users\Fabio\AppData\Roaming\Microsoft\1eaadjc.dll

c:\users\Fabio\AppData\Roaming\Microsoft\bass.dll

c:\users\Fabio\AppData\Roaming\Microsoft\kfgresk.dll

c:\users\Fabio\AppData\Roaming\Microsoft\mjcriu.dll

c:\users\Fabio\AppData\Roaming\Microsoft\peaadje.dll

c:\users\Fabio\AppData\Roaming\Microsoft\qwadjb.dll

c:\users\Fabio\AppData\Roaming\Microsoft\rsaadjd.dll

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\chrome.manifest

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\loader.xul

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\install.rdf

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf

c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\rz2hej1t.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf

D:\install.exe

D:\Uninstall.exe

d:\usuarios\Eliane\Documents\~WRL0003.tmp

d:\usuarios\Eliane\Documents\~WRL0004.tmp

d:\usuarios\Eliane\Documents\~WRL0005.tmp

d:\usuarios\Eliane\Documents\~WRL0030.tmp

d:\usuarios\Eliane\Documents\~WRL0240.tmp

d:\usuarios\Eliane\Documents\~WRL0387.tmp

d:\usuarios\Eliane\Documents\~WRL0509.tmp

d:\usuarios\Eliane\Documents\~WRL0516.tmp

d:\usuarios\Eliane\Documents\~WRL0741.tmp

d:\usuarios\Eliane\Documents\~WRL0827.tmp

d:\usuarios\Eliane\Documents\~WRL0927.tmp

d:\usuarios\Eliane\Documents\~WRL1009.tmp

d:\usuarios\Eliane\Documents\~WRL1228.tmp

d:\usuarios\Eliane\Documents\~WRL1534.tmp

d:\usuarios\Eliane\Documents\~WRL1572.tmp

d:\usuarios\Eliane\Documents\~WRL1601.tmp

d:\usuarios\Eliane\Documents\~WRL2043.tmp

d:\usuarios\Eliane\Documents\~WRL2130.tmp

d:\usuarios\Eliane\Documents\~WRL2383.tmp

d:\usuarios\Eliane\Documents\~WRL2435.tmp

d:\usuarios\Eliane\Documents\~WRL2645.tmp

d:\usuarios\Eliane\Documents\~WRL2912.tmp

d:\usuarios\Eliane\Documents\~WRL3141.tmp

d:\usuarios\Eliane\Documents\~WRL3454.tmp

d:\usuarios\Eliane\Documents\~WRL3485.tmp

d:\usuarios\Eliane\Documents\~WRL3763.tmp

d:\usuarios\Eliane\Documents\~WRL3931.tmp

d:\usuarios\Eliane\Documents\~WRL4037.tmp

d:\usuarios\Eliane\Documents\~WRL4061.tmp

D:\WinRAR.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-06-19 to 2013-07-19 ))))))))))))))))))))))))))))

.

.

2013-07-19 22:24 . 2013-07-19 22:24 -------- d-----w- c:\users\Fabio\AppData\Local\temp

2013-07-19 22:15 . 2013-07-19 22:15 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2013-07-15 23:04 . 2013-07-15 23:04 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2013-07-15 23:01 . 2013-07-15 23:01 -------- d-----w- c:\program files\CCleaner

2013-07-11 00:13 . 2013-07-12 22:26 -------- d-----w- c:\programdata\Tarma Installer

2013-07-09 18:18 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-07-09 18:18 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll

2013-07-09 18:18 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-09 18:18 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-07-09 18:18 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-09 18:18 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-09 18:18 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-09 18:18 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-09 18:18 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-09 18:18 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-09 18:18 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-03 01:13 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe

2013-07-03 01:13 . 2013-07-03 01:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2013-06-23 17:08 . 2013-06-23 17:08 -------- d-----w- c:\users\Fabio\AppData\Roaming\DSite

2013-06-22 12:39 . 2013-06-22 12:39 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-19 22:08 . 2013-04-20 17:09 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-07-13 11:38 . 2012-04-15 21:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-13 11:38 . 2011-05-19 01:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-22 12:39 . 2012-06-12 21:52 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-06-22 12:39 . 2010-05-19 21:55 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-10 17:42 . 2012-04-24 19:16 46392 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2013-05-13 04:45 . 2013-06-12 13:30 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 04:45 . 2013-06-12 13:30 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 04:45 . 2013-06-12 13:30 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 03:08 . 2013-06-12 13:30 903168 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-12 13:30 43008 ----a-w- c:\windows\system32\certenc.dll

2013-05-10 03:20 . 2013-06-12 13:31 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-09 22:56 . 2010-06-24 13:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-08 05:38 . 2013-06-12 13:30 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-06 05:06 . 2013-06-12 13:30 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-06 05:06 . 2013-06-12 13:30 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-26 04:55 . 2013-06-12 13:30 492544 ----a-w- c:\windows\system32\win32spl.dll

2013-04-25 23:30 . 2013-06-12 13:31 1505280 ----a-w- c:\windows\system32\d3d11.dll

2004-10-01 17:00 . 2010-01-10 18:27 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"AVG_UI"="d:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]

"BCSSync"="d:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avgbrasil.com.br/br-pt.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNjMyMTkyNDkzLVQxNS1CQSsxLUtWMys3LVhMKzEtQkFSOUcrMS1GTCs5LVhPMzYrMS1GOU03Qys1LUNJQTEwKzItTElDKzExLVNQMSsxLVNQMVRCKzEtRkwxMCsxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzE∏=90&ver=10.0.1375" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoAutorun"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2013-06-10 1396792]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2013-06-10 17:36 1396792 ----a-w- c:\program files\GbPlugin\gbiehuni.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ed83]

c:\users\Fabio\AppData\Roaming\fb9\ed83.js [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2011-03-30 11:46 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]

2011-01-12 10:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2009-06-03 12:51 102400 ----a-w- d:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-07-22 20:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 16:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]

2006-08-09 13:27 36864 ------w- d:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

.

R2 AVGIDSAgent;AVGIDSAgent;d:\program files\AVG\AVG2013\avgidsagent.exe [2013-05-14 4937264]

R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2006-12-04 203264]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-18 36608]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]

R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-07-19 31088]

R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2010-04-16 1521544]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2009-07-30 386560]

R3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2009-07-30 20992]

R3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2009-07-30 33792]

R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 94208]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]

R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-06-03 233472]

R4 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2013-01-31 188760]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-02-08 60216]

S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-02-08 245048]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-02-08 39224]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-06-10 46392]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-03-29 208184]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-02-08 170808]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]

S2 avgwd;Watchdog do AVG;d:\program files\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2013-06-10 409144]

S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]

S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-07-19 31088]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-13 17:38 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:38]

.

2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-21 13:36]

.

2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-21 13:36]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = localhost:8080

IE: &Enviar para o OneNote - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

TCP: DhcpNameServer = 201.6.2.70 192.168.0.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)

ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)

ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)

Notify-SDWinLogon - SDWinLogon.dll

MSConfigStartUp-Acrobat Assistant 8 - d:\adobe cs-5.5\Acrobat 10.0\Acrobat\Acrotray.exe

MSConfigStartUp-Adobe Acrobat Speed Launcher - d:\adobe cs-5.5\Acrobat 10.0\Acrobat\Acrobat_sl.exe

MSConfigStartUp-Adobe Reader Speed Launcher - d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-NavSincroLiteDetector - c:\users\Fabio\AppData\Roaming\NavCity\NavSincro Lite\NavSincroLite.exe

AddRemove-WinRAR archiver - D:\uninstall.exe

AddRemove-UnityWebPlayer - c:\users\Fabio\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-2210660338-1797116530-1192027259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (S-1-5-21-2210660338-1797116530-1192027259-1000)

@Denied: (2) (LocalSystem)

"Progid"="Outlook.File.vcf.14"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-07-19 19:26:07

ComboFix-quarantined-files.txt 2013-07-19 22:26

.

Pré-execução: 6.279.356.416 bytes disponíveis

Pós execução: 6.839.508.992 bytes disponíveis

.

- - End Of File - - 8E3E875292F0C392BABAE83AB29188E7

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Status: Detected (events: 26)

24/07/2013 20:11:57 Detected Trojan program Trojan.Win32.Buzus.dhfh C:\Documents and Settings\Eliane\AppData\Local\VirtualStore\Windows\infocard.exb High

24/07/2013 20:13:30 Detected Trojan program Trojan.Win32.Buzus.dhfh C:\Documents and Settings\Eliane\Configurações locais\VirtualStore\Windows\infocard.exb High

24/07/2013 20:28:56 Detected Trojan program HEUR:Exploit.Script.Generic C:\Documents and Settings\Pedro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6a689481-1d1243f9 High

24/07/2013 21:34:25 Detected Trojan program HEUR:Trojan.Script.Generic C:\Qoobox\Quarantine\C\Users\Antonio\AppData\Roaming\FLORIO_PC.pac.vir High

24/07/2013 21:52:04 Detected Trojan program Trojan.Win32.Buzus.dhfh C:\Users\Eliane\AppData\Local\VirtualStore\Windows\infocard.exb High

24/07/2013 21:57:27 Detected Trojan program Trojan.Win32.Buzus.dhfh C:\Users\Eliane\Configurações locais\VirtualStore\Windows\infocard.exb High

24/07/2013 22:16:58 Detected Trojan program HEUR:Exploit.Script.Generic C:\Users\Pedro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6a689481-1d1243f9 High

25/07/2013 00:51:17 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\autorun.inf.lnk High

25/07/2013 00:51:17 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\Bisavo.lnk High

25/07/2013 00:51:17 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\asiq12.6.lnk High

25/07/2013 00:51:17 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\celular.lnk High

25/07/2013 00:51:17 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\Câmera.lnk High

25/07/2013 00:51:18 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\Festa Junina.lnk High

25/07/2013 00:51:18 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\formatura.lnk High

25/07/2013 00:51:18 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\GAHIA.lnk High

25/07/2013 00:51:18 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\Imposto de Renda.lnk High

25/07/2013 00:51:18 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\marmitex.lnk High

25/07/2013 00:51:19 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\Minha Música.lnk High

25/07/2013 00:51:19 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\porque Povo.lnk High

25/07/2013 00:51:19 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\Previdencia.lnk High

25/07/2013 00:51:19 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\private.lnk High

25/07/2013 00:51:19 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\Sofa.lnk High

25/07/2013 00:51:20 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\sTarWars.lnk High

25/07/2013 00:51:20 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\telefone.lnk High

25/07/2013 00:51:20 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\ubatuba.lnk High

25/07/2013 00:51:20 Detected Trojan program HEUR:Trojan.WinLNK.Generic D:\Usuarios\Fabio\PENDRIVE\UP.lnk High

Compartilhar este post


Link para o post
Compartilhar em outros sites

O conteúdo dessa pasta: "D:\Usuarios\Fabio\PENDRIVE\" te é importante?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


ClearJavaCache::

Folder::

D:\Usuarios\Fabio\PENDRIVE

File::

C:\Documents and Settings\Eliane\AppData\Local\VirtualStore\Windows \infocard.exb
C:\Documents and Settings\Eliane\Configurações locais\VirtualStore\Windows\infocard.exb
C:\Users\Eliane\AppData\Local\VirtualStore\Windows \infocard.exb
C:\Users\Eliane\Configurações locais\VirtualStore\Windows\infocard.exb

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-07-18.04 - Fabio 26/07/2013 19:17:42.2.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3317.1866 [GMT -3:00]

Executando de: c:\users\Fabio\Downloads\ComboFix.exe

Comandos utilizados :: c:\users\Fabio\Desktop\cfscript.txt

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\documents and settings\Eliane\AppData\Local\VirtualStore\Windows \infocard.exb"

"c:\documents and settings\Eliane\Configurações locais\VirtualStore\Windows\infocard.exb"

"c:\users\Eliane\AppData\Local\VirtualStore\Windows \infocard.exb"

"c:\users\Eliane\Configurações locais\VirtualStore\Windows\infocard.exb"

.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

d:\usuarios\Fabio\PENDRIVE

d:\usuarios\Fabio\PENDRIVE\100613_aco_sofa_datena.mp3

d:\usuarios\Fabio\PENDRIVE\100725_sofa.mp3

d:\usuarios\Fabio\PENDRIVE\100815_sofa.mp3

d:\usuarios\Fabio\PENDRIVE\11284534871-IRPF-A-2012-2011-ORIGI.DEC

d:\usuarios\Fabio\PENDRIVE\11284534871-IRPF-A-2012-2011-ORIGI.REC

d:\usuarios\Fabio\PENDRIVE\11284534871-IRPF-A-2013-2012-ORIGI.DBK

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\20121204-1 Proced_Alteração Prestador Proceds. AMB.doc

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\conferencia metricas.sql

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\EXTRAÇÃO DW DECENDIOS 20120102-2.0.doc

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\EXTRAÇÃO DW PRODUÇÃO 20120814-5.0.doc

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\EXTRAÇÃO DW PRODUÇÃO FOR SUPPORT 20120529-5.0.doc

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\FIX bill_cat relat desp rec intercambio.sql

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\FIX PGSAD pos-carga ate outubro2012.sql

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\close.awk

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\iwsdesenv.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\iwsfabio.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\loadstage.awk

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\loadstage_ans_sip_rn152.awk

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\loadstage_diasi.awk

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\loadstage_microsiga.awk

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\loadstage_ssa.awk

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\loadstageanssiprn152_desenv.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\loadstagedesenv.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\loadstagediasi_desenv.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\loadstagemicrosiga_desenv.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\loadstagessa_desenv.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\nohup.out

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\roda_conferencia.txt

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\schema.ini

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\sp_ans_sip_rn152_desenv.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\spdiasi_desenv.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\spindgest_desenv.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\spmicrosiga_desenv.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\caller\spssa_desenv.sh

d:\usuarios\Fabio\PENDRIVE\4685 - PCMI\11dez2012\iq_work\dev\sql\iws.sql

D:\Usuari

.

2013-07-09 23:19 . 2013-06-11 23:43 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-07-09 23:19 . 2013-06-11 23:43 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll

2013-07-09 23:19 . 2013-06-11 23:42 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2013-07-09 23:19 . 2013-06-11 23:42 235520 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2013-07-09 23:19 . 2013-06-11 23:43 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-09 23:19 . 2013-06-12 00:23 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2013-07-09 18:18 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-09 18:18 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-09 18:18 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-09 18:18 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-09 18:18 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-09 18:18 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-09 18:18 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

r

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"AVG_UI"="d:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]

"BCSSync"="d:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avgbrasil.com.br/br-pt.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNjMyMTkyNDkzLVQxNS1CQSsxLUtWMys3LVhMKzEtQkFSOUcrMS1GTCs5LVhPMzYrMS1GOU03Qys1LUNJQTEwKzItTElDKzExLVNQMSsxLVNQMVRCKzEtRkwxMCsxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzE∏=90&ver=10.0.1375" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoAutorun"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2013-06-10 1396792]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2013-06-10 17:36 1396792 ----a-w- c:\program files\GbPlugin\gbiehuni.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ed83]

c:\users\Fabio\AppData\Roaming\fb9\ed83.js [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2011-03-30 11:46 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]

2011-01-12 10:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2009-06-03 12:51 102400 ----a-w- d:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-07-22 20:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 16:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]

2006-08-09 13:27 36864 ------w- d:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

.

R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2006-12-04 203264]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-18 36608]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]

R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-07-26 31088]

R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2010-04-16 1521544]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2009-07-30 386560]

R3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2009-07-30 20992]

R3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2009-07-30 33792]

R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 94208]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]

R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-06-03 233472]

R4 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2013-01-31 188760]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-02-08 60216]

S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-02-08 245048]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-02-08 39224]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-06-10 46392]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-03-29 208184]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-02-08 170808]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]

S2 AVGIDSAgent;AVGIDSAgent;d:\program files\AVG\AVG2013\avgidsagent.exe [2013-05-14 4937264]

S2 avgwd;Watchdog do AVG;d:\program files\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2013-06-10 409144]

S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]

S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-07-26 31088]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-13 17:38 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:38]

.

2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-21 13:36]

.

2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-21 13:36]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = localhost:8080

IE: &Enviar para o OneNote - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

TCP: DhcpNameServer = 201.6.2.70 192.168.0.1

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-2210660338-1797116530-1192027259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (S-1-5-21-2210660338-1797116530-1192027259-1000)

@Denied: (2) (LocalSystem)

"Progid"="Outlook.File.vcf.14"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'Explorer.exe'(472)

c:\program files\GbPlugin\gbiehuni.dll

c:\windows\System32\SyncCenter.dll

.

------------------------ Outros Processos em Execução ------------------------

.

d:\progra~1\AVG\AVG2013\avgrsx.exe

d:\program files\AVG\AVG2013\avgcsrvx.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

d:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

d:\program files\AVG\AVG2013\avgnsx.exe

d:\program files\AVG\AVG2013\avgemcx.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

d:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\System32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\igfxsrvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-07-26 19:48:25 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-07-26 22:48

ComboFix2.txt 2013-07-19 22:26

.

Pré-execução: 5.529.387.008 bytes disponíveis

Pós execução: 1.218.523.136 bytes disponíveis

.

- - End Of File - - B4C65287ED792AD707C5DF3D3C3B5ADC

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como tem estado o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aparentemente, está ok - pelos logs, está tudo certo?

Outra dúvida, tenho um segundo computador aqui em casa (da minha esposa) - posso abrir uma outra mensagem para ele?

Grato,

Fabio

Compartilhar este post


Link para o post
Compartilhar em outros sites
Outra dúvida, tenho um segundo computador aqui em casa (da minha esposa) - posso abrir uma outra mensagem para ele?

Segundo as regras, apenas após 30 dias.

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite ComboFix /Uninstall . Isso desinstalará o ComboFix de sua máquina.

Faça download do OTC

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone do OTC.
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×