Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Brukhanna

Vírus etpsoprc.ru//specrtop.org

Recommended Posts

Olá.. meu Pen foi infectado por etpsoprc.ru//specrtop.org, e sem saber o pluguei no meu PC q tb foi infectado.. começou a aparecer vários ícones de atualização do windows ao lado do relógio e não consigo mais atualizar o windows.

Podem me ajudar?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue informações:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16496

Run by Marcia at 10:41:12 on 2013-07-29

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.2039.1243 [GMT -3:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\TIM Communicator\module\devicemon.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\Users\Marcia\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ig.com.br/

uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - c:\program files\gbplugin\gbiehuni.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: &Pesquisar: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office12\REFIEBAR.DLL

uRun: [Google Update] "c:\users\marcia\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Facebook Update] "c:\users\marcia\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [GoogleChromeAutoLaunch_DEA00BC47806F0DC9E20C56886F0CD15] "c:\users\marcia\appdata\local\google\chrome\application\chrome.exe" --no-startup-window

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\users\marcia\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\marcia\appdata\local\facebook\messenger\2.1.4814.0\FacebookMessenger.exe

StartupFolder: c:\users\marcia\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\144435E2E45445 : DHCPNameServer = 10.10.10.1 8.8.8.8

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\4455F4455434E2E45445 : DHCPNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\64043545D2E45647022514D414C484F402949494F533433313D213838383 : DHCPNameServer = 192.168.90.1 8.8.8.8

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\E4F465144554340223028243435373D25383639392 : DHCPNameServer = 200.204.0.10

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\E4F465144554340233028243435373D25383639392 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\E4F46514455434028243435373D25383639392 : DHCPNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\E4F46514455434E2E4544523028283537323D28393332392 : DHCPNameServer = 200.204.0.10 200.204.0.138

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginUni - c:\program files\gbplugin\gbiehUni.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - c:\program files\gbplugin\gbiehuni.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-28 21576]

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-3-28 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-3-28 204784]

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-28 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-28 175176]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-1-20 46392]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2013-3-28 104752]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-28 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-28 369584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-28 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-28 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-31 46808]

R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-5-31 137960]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2013-6-28 409144]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-17 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-17 701512]

R2 OrolixDeviceMonitor;Orolix Device Monitor;c:\program files\tim communicator\module\devicemon.exe [2011-10-5 32672]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-2-28 73984]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-17 22856]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2013-4-23 31088]

R3 netr28u;Driver para Vista do RT2870 USB Wireless LAN Card;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-2-28 102784]

S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-2-28 11136]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-5 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]

S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-2-28 89856]

S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2013-2-28 26624]

S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\drivers\ew_juwwanecm.sys [2013-2-28 186880]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2013-4-23 31088]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 107392]

S3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-28 14848]

S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 StorSvc;Serviço de Armazenamento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-28 49664]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-30 1343400]

S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2013-07-28 00:53:57 -------- d-----w- c:\programdata\Tarma Installer

2013-07-28 00:33:10 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd49394d-45bb-43ea-8c52-9f8e3ffdf366}\mpengine.dll

2013-07-27 18:54:18 -------- d-----w- c:\program files\Discador itelefonica

2013-07-25 00:14:16 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-07-18 00:59:53 -------- d-----w- c:\users\marcia\appdata\roaming\Malwarebytes

2013-07-18 00:59:40 -------- d-----w- c:\programdata\Malwarebytes

2013-07-18 00:59:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-18 00:59:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-07-18 00:59:08 -------- d-----w- c:\users\marcia\appdata\local\Programs

2013-07-18 00:39:46 -------- d-----w- c:\windows\ERUNT

2013-07-17 10:55:42 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2013-07-17 10:55:39 698504 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d6f9aae1-81fd-430c-9240-4197543e7bee}\gapaengine.dll

2013-07-13 10:52:16 -------- d-----w- c:\programdata\Kaspersky Lab

2013-07-13 10:34:32 -------- d-----w- c:\programdata\Panda Security

2013-07-13 10:34:22 -------- d-----w- c:\program files\Panda USB Vaccine

2013-07-13 09:37:25 388608 ----a-w- c:\users\marcia\appdata\roaming\microsoft\windows\network shortcuts\HijackThis.exe

2013-07-12 22:13:05 -------- d-----w- c:\windows\system32\MRT

2013-07-09 20:45:44 -------- d-----w- c:\program files\CCleaner

2013-07-09 18:42:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-09 18:40:54 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-09 18:10:38 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-07-09 18:10:21 509440 ----a-w- c:\windows\system32\qedit.dll

2013-07-09 18:10:19 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-09 18:10:12 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2013-07-09 18:10:11 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2013-07-09 18:10:10 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll

2013-07-09 18:10:08 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL

2013-07-09 18:10:04 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-07-09 18:09:26 680960 ----a-w- c:\program files\windows defender\MpSvc.dll

2013-07-09 18:09:25 392704 ----a-w- c:\program files\windows defender\MpClient.dll

2013-07-09 18:09:24 224768 ----a-w- c:\program files\windows defender\MpCommu.dll

2013-07-06 23:13:34 -------- d-----w- c:\program files\Microsoft Security Client

2013-07-06 23:13:00 -------- d-----w- C:\6848820a38824a8892

2013-07-06 23:05:15 -------- d-----w- C:\c8955e6fa3d5190be0

2013-07-06 12:24:13 903168 ----a-w- c:\windows\system32\certutil.exe

2013-07-06 12:24:09 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-07-06 12:24:08 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-06 12:24:07 43008 ----a-w- c:\windows\system32\certenc.dll

2013-07-06 12:24:07 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-06 12:23:19 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-06 12:23:17 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-07-06 12:23:05 1505280 ----a-w- c:\windows\system32\d3d11.dll

2013-07-06 12:01:50 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-07-06 12:01:23 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-07-06 12:01:15 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-07-06 12:01:12 492544 ----a-w- c:\windows\system32\win32spl.dll

2013-07-06 08:46:46 -------- d-sh--w- c:\users\marcia\appdata\roaming\f7b4f

2013-07-06 08:46:45 -------- d-sh--w- C:\f68ac

2013-07-02 00:02:23 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{764a28e2-1b68-4a52-bea8-2979ba77771a}\mpengine.dll

.

==================== Find3M ====================

.

2013-07-29 12:57:17 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-07-13 06:38:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-13 06:38:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-27 22:13:22 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-06-27 22:13:22 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-06-19 00:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-19 00:50:08 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-06-10 17:42:22 46392 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-05-09 08:59:10 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-09 08:59:09 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-05-09 08:59:09 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-05-09 08:59:08 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr

2013-05-02 05:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 10:43:12,49 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 30/12/2011 13:23:19

System Uptime: 29/07/2013 09:56:53 (1 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7507

Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz | CPU 1 | 2419/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 199,035 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP177: 06/07/2013 20:23:44 - Windows Update

RP178: 07/07/2013 01:48:54 - Windows Update

RP179: 07/07/2013 05:18:26 - Windows Update

RP180: 09/07/2013 15:11:09 - Windows Update

RP181: 09/07/2013 18:03:24 - Windows Update

RP182: 09/07/2013 18:48:54 - Windows Update

RP183: 09/07/2013 23:06:04 - Windows Update

RP184: 12/07/2013 17:23:35 - Windows Update

RP185: 12/07/2013 17:38:32 - Windows Update

RP186: 12/07/2013 19:11:25 - Windows Update

RP187: 15/07/2013 22:17:16 - Windows Update

RP188: 19/07/2013 09:20:30 - Windows Update

RP189: 24/07/2013 21:12:49 - Windows Update

RP190: 27/07/2013 21:32:05 - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7) - Português

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

avast! Internet Security

Bing Bar

CCleaner

Controle ActiveX do Windows Live Mesh para Conexões Remotas

D3DX10

Discador iTelefonica

Facebook Messenger 2.1.4814.0

Free YouTube to MP3 Converter version 3.12.0.128

Google Chrome

Google Update Helper

Intel® Graphics Media Accelerator Driver

Junk Mail filter update

K-Lite Mega Codec Pack 8.1.0

Malwarebytes Anti-Malware versão 1.75.0.1300

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Panda USB Vaccine 1.0.1.4

PCI SoftV92 Modem

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)

TIM Communicator

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-07-29 12:51:47

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 MAXTOR_STM3250310AS rev.3.AAF 232,89GB

Running: gmer.exe; Driver: C:\Users\Marcia\AppData\Local\Temp\pwdiypog.sys

---- Kernel code sections - GMER 2.1 ----

.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 820459E5 1 Byte [06]

.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82065512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\winlogon.exe[448] kernel32.dll!FreeLibraryAndExitThread 770503B0 5 Bytes JMP 3C4ABF18 C:\Program Files\GbPlugin\gbiehUni.dll

.text C:\Windows\system32\winlogon.exe[448] kernel32.dll!FreeLibrary 7705EF67 5 Bytes JMP 3C4ABFA0 C:\Program Files\GbPlugin\gbiehUni.dll

.text C:\Windows\Explorer.EXE[1120] RPCRT4.dll!IUnknown_QueryInterface_Proxy 77CD4FC2 6 Bytes JMP 70F4000A

.text C:\Windows\Explorer.EXE[1120] ole32.dll!CoUnmarshalInterface 773EF150 6 Bytes JMP 710B000A

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.07.31.07

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Marcia :: MARCIA-PC [administrador]

Proteção: Não permitir

31/07/2013 19:41:43

mbam-log-2013-07-31 (19-41-43).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 203613

Tempo decorrido: 10 minuto(s), 33 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 3

C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 5

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Marcia\AppData\Local\Temp\4F45A810\wc.exe (PUP.Optional.Yontoo) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue Log

ComboFix 13-08-02.03 - Marcia 03/08/2013 18:54:24.1.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.2039.1165 [GMT -3:00]

Executando de: c:\users\Marcia\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\DEBUG.log

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-07-03 to 2013-08-03 ))))))))))))))))))))))))))))

.

.

2013-08-03 22:12 . 2013-08-03 22:13 -------- d-----w- c:\users\Marcia\AppData\Local\temp

2013-08-03 22:12 . 2013-08-03 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-03 21:50 . 2013-08-03 21:50 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2013-08-03 10:20 . 2013-08-03 10:22 -------- d-----w- C:\0390db489c4ddd2de8d85f8c

2013-08-03 10:04 . 2013-08-03 10:04 -------- d-----w- c:\programdata\Panda Security

2013-08-03 09:27 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-08-03 01:14 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC4A7D77-1D14-4CA7-855A-4BD09645C609}\mpengine.dll

2013-08-03 00:46 . 2013-06-12 00:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-31 22:39 . 2013-08-03 00:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-07-30 00:34 . 2013-07-30 00:34 -------- d-----w- c:\program files\Oracle

2013-07-29 23:53 . 2013-07-29 23:53 -------- d-----w- c:\program files\Common Files\Java

2013-07-29 23:51 . 2013-07-30 00:30 -------- d-----w- c:\program files\Java

2013-07-27 18:54 . 2013-08-03 00:44 -------- d-----w- c:\program files\Discador itelefonica

2013-07-18 00:59 . 2013-07-18 00:59 -------- d-----w- c:\users\Marcia\AppData\Roaming\Malwarebytes

2013-07-18 00:59 . 2013-07-18 00:59 -------- d-----w- c:\programdata\Malwarebytes

2013-07-18 00:59 . 2013-07-18 00:59 -------- d-----w- c:\users\Marcia\AppData\Local\Programs

2013-07-13 10:52 . 2013-07-13 10:52 -------- d-----w- c:\programdata\Kaspersky Lab

2013-07-13 10:34 . 2013-08-03 10:04 -------- d-----w- c:\program files\Panda USB Vaccine

2013-07-12 22:13 . 2013-08-03 09:36 -------- d-----w- c:\windows\system32\MRT

2013-07-09 20:45 . 2013-07-09 20:46 -------- d-----w- c:\program files\CCleaner

2013-07-09 18:42 . 2013-05-29 01:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-09 18:40 . 2013-05-29 01:41 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-09 18:10 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll

2013-07-09 18:10 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-09 18:10 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-09 18:10 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-09 18:10 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-09 18:10 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-09 18:10 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-07-09 18:09 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-09 18:09 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-09 18:09 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-07 04:55 . 2013-07-07 04:50 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A382078A-A3B7-4956-BCA5-4FB4AE607C5C}\gapaengine.dll

2013-07-06 23:13 . 2013-08-03 10:22 -------- d-----w- c:\program files\Microsoft Security Client

2013-07-06 23:13 . 2013-07-06 23:13 -------- d-----w- C:\6848820a38824a8892

2013-07-06 23:05 . 2013-07-06 23:05 -------- d-----w- C:\c8955e6fa3d5190be0

2013-07-06 12:24 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe

2013-07-06 12:24 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-07-06 12:24 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-06 12:24 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-06 12:24 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll

2013-07-06 12:23 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-06 12:23 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-07-06 12:23 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll

2013-07-06 12:01 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-07-06 12:01 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-07-06 12:01 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-07-06 12:01 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll

2013-07-06 08:46 . 2013-07-06 23:37 -------- d-sh--w- c:\users\Marcia\AppData\Roaming\f7b4f

2013-07-06 08:46 . 2013-07-06 08:47 -------- d-----w- C:\f68ac

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-03 10:09 . 2013-04-23 10:22 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-08-03 09:32 . 2012-03-31 17:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-08-03 09:32 . 2012-01-02 20:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-27 22:13 . 2013-03-28 16:26 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-06-27 22:13 . 2013-03-28 16:25 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-06-27 22:13 . 2013-03-28 16:25 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-06-19 00:50 . 2013-06-19 00:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-19 00:50 . 2013-01-20 18:59 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-06-12 04:18 . 2013-07-02 00:02 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{764A28E2-1B68-4A52-BEA8-2979BA77771A}\mpengine.dll

2013-06-10 17:42 . 2012-01-20 23:06 46392 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2013-05-10 22:53 . 2011-03-28 20:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-09 08:59 . 2013-03-28 16:25 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-05-09 08:59 . 2013-03-28 16:25 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-05-09 08:59 . 2013-03-28 16:25 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-09 08:59 . 2013-03-28 16:25 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-05-09 08:59 . 2013-03-28 16:25 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-05-09 08:59 . 2013-03-28 16:25 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-09 08:59 . 2013-03-28 16:26 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-05-09 08:59 . 2013-03-28 16:25 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-05-09 08:58 . 2013-03-28 16:24 41664 ----a-w- c:\windows\avastSS.scr

2013-05-09 08:58 . 2012-01-12 22:09 229648 ----a-w- c:\windows\system32\aswBoot.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

2013-01-30 18:49 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Marcia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-16 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]

.

c:\users\Marcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\Marcia\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2013-06-10 1396792]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2013-06-10 17:36 1396792 ----a-w- c:\program files\GbPlugin\gbiehuni.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 136176]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-12-09 102784]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-12-09 11136]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 136176]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-12-09 89856]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-12-09 26624]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-12-09 186880]

R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-08-03 31088]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-19 107392]

R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-06-20 295376]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]

R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-30 1343400]

R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 aswKbd;aswKbd; [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2013-03-06 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-06-10 46392]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2013-05-09 137960]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2013-06-10 409144]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 OrolixDeviceMonitor;Orolix Device Monitor;c:\program files\TIM Communicator\module\devicemon.exe [2011-10-05 32672]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-12-09 73984]

S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-08-03 31088]

S3 netr28u;Driver para Vista do RT2870 USB Wireless LAN Card;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-08-03 01:31 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 09:32]

.

2013-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3739481919-3303727947-521798687-1000Core.job

- c:\users\Marcia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16 19:39]

.

2013-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3739481919-3303727947-521798687-1000UA.job

- c:\users\Marcia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16 19:39]

.

2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 20:16]

.

2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 20:16]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.ig.com.br/

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\E4F46514455434E2E4544523028283537323D28393332392: DhcpNameServer = 200.204.0.10 200.204.0.138

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-08-03 19:17:17

ComboFix-quarantined-files.txt 2013-08-03 22:17

.

Pré-execução: 214.900.953.088 bytes disponíveis

Pós execução: 214.651.228.160 bytes disponíveis

.

- - End Of File - - 6916C2C1E1C371F5F29C79E2C9D1D4EC

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Renato baixei o Kaspersky porém meu PC desliga durante o scan e agora ele não para de desligar.. até restaurei o sistema e mesmo assim ele não parou de desligar do nada.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desligar ou reiniciar?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ele desliga.. hj ele normalizou, mas como aconteceu isso enquanto tentava escanear com o Kaspersky não repeti o procedimento, pois fiquei com medo de acontecer de novo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Isso dificilmente tem relação com malware, geralmente problemas de desligamentos repentinos estão associados com a fonte do computador. Recomendo que busque ajuda no setor de HARDWARE do fórum.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Conversando com um tecnico, ele tb me disse q pode ser a fonte, além dele desligar, está fazendo um barulho estranho, parecido com aquelas máquinas de fazer garapa.. eu vou trocar a fonte pra ver se resolve.

Obgda!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, nos mantenha avisados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Renato..

O problema era mesmo a fonte, já foi trocada e o PC parou de desligar e fazer aquele barulhão..! Rodei o Kapersky, segue o Log:

Status: Deleted (events: 1)

27/08/2013 23:06:26 Deleted Trojan program Trojan-Downloader.Win32.BHO.ujz C:\Documents and Settings\All Users\WMP6748.dll High

Status: Quarantined (events: 1)

29/08/2013 18:56:06 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Marcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programas\Startup\StartUpdate_2266162.scr High

Status: Absent (events: 8)

29/08/2013 23:31:50 Not found Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Marcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartUpdate_2266162.scr High

29/08/2013 23:31:50 Not found Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Marcia\Dados de aplicativos\Microsoft\Windows\Start Menu\Programas\Startup\StartUpdate_2266162.scr High

29/08/2013 23:31:50 Not found Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Marcia\Dados de aplicativos\Microsoft\Windows\Start Menu\Programs\Startup\StartUpdate_2266162.scr High

29/08/2013 23:31:50 Not found Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Marcia\Menu Iniciar\Programas\Startup\StartUpdate_2266162.scr High

29/08/2013 23:31:50 Not found Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Marcia\Menu Iniciar\Programs\Startup\StartUpdate_2266162.scr High

29/08/2013 23:31:50 Not found Trojan program Trojan-Downloader.Win32.BHO.ujz C:\Documents and Settings\Todos os Usuários\WMP6748.dll High

29/08/2013 23:31:50 Not found Trojan program Trojan-Downloader.Win32.BHO.ujz C:\ProgramData\WMP6748.dll High

29/08/2013 23:31:50 Not found Trojan program Trojan-Downloader.Win32.BHO.ujz C:\Users\All Users\WMP6748.dll High

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe e execute o ComboFix novamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe a demora, estive ausente..

Segue Log ComboFix

ComboFix 13-09-24.02 - Marcia 24/09/2013 18:29:32.4.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.2039.785 [GMT -3:00]

Executando de: c:\users\Marcia\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 114 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Marcia\AppData\Local\Google\Chrome\User Data\Default\Preferences

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-24 to 2013-09-24 ))))))))))))))))))))))))))))

.

.

2013-09-24 21:37 . 2013-09-24 21:37 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-09-24 21:37 . 2013-09-24 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-24 21:24 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FFCFCCC-D1A0-4FB7-BE68-3C7FC2B2E60E}\mpengine.dll

2013-09-10 23:04 . 2013-08-02 01:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-10 23:04 . 2013-08-02 00:43 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-10 23:04 . 2013-08-02 00:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-10 23:04 . 2013-08-02 00:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-10 23:04 . 2013-08-02 01:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-24 20:32 . 2013-04-23 10:22 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-09-19 21:39 . 2012-03-31 17:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-19 21:39 . 2012-01-02 20:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-30 07:48 . 2013-03-28 16:26 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-08-30 07:48 . 2013-03-28 16:25 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-08-30 07:48 . 2013-03-28 16:25 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-30 07:48 . 2013-03-28 16:25 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-08-30 07:48 . 2013-03-28 16:25 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-30 07:48 . 2013-03-28 16:25 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-30 07:48 . 2013-03-28 16:25 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-08-30 07:48 . 2013-03-28 16:26 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-08-30 07:48 . 2013-03-28 16:25 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-08-30 07:48 . 2013-03-28 16:25 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-08-30 07:48 . 2013-03-28 16:25 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-30 07:47 . 2013-03-28 16:24 41664 ----a-w- c:\windows\avastSS.scr

2013-08-30 07:47 . 2012-01-12 22:09 229648 ----a-w- c:\windows\system32\aswBoot.exe

2013-08-23 22:52 . 2013-08-23 22:52 2681 ----a-w- c:\programdata\tt.bat

2013-08-17 12:35 . 2013-08-17 12:35 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-08-17 12:35 . 2013-08-06 01:06 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-08-17 12:35 . 2013-08-06 01:06 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-08-17 00:09 . 2013-08-16 23:44 181064 ----a-w- c:\windows\PSEXESVC.EXE

2013-08-07 07:22 . 2011-12-30 23:15 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-07-25 08:57 . 2013-08-14 22:58 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-19 01:41 . 2013-08-14 22:55 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-09 05:03 . 2013-08-14 22:58 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-09 05:03 . 2013-08-14 22:58 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-07-09 04:53 . 2013-08-14 22:58 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-07-09 04:52 . 2013-08-14 22:59 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-07-09 04:50 . 2013-08-14 22:59 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 04:46 . 2013-08-14 22:59 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-07-09 04:46 . 2013-08-14 22:59 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-09 04:46 . 2013-08-14 22:59 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-06 05:05 . 2013-08-14 22:59 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

2013-01-30 18:49 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Marcia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-16 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

c:\users\Marcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\Marcia\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2013-06-10 1396792]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2013-06-10 17:36 1396792 ----a-w- c:\program files\GbPlugin\gbiehuni.dll

.

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]

R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-09-24 31088]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]

R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-30 1343400]

R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 aswKbd;aswKbd; [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2013-03-06 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-06-10 46392]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2013-08-30 137960]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2013-06-10 409144]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]

S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2013-09-24 31088]

S3 netr28u;Driver para Vista do RT2870 USB Wireless LAN Card;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-19 07:19 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:39]

.

2013-09-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3739481919-3303727947-521798687-1000Core.job

- c:\users\Marcia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16 19:39]

.

2013-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3739481919-3303727947-521798687-1000UA.job

- c:\users\Marcia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16 19:39]

.

2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 20:16]

.

2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 20:16]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.ig.com.br/

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-HijackThis - c:\users\Marcia\Documents\Forum\HijackThis\HijackThis.exe

.

.

.

Tempo para conclusão: 2013-09-24 18:38:59

ComboFix-quarantined-files.txt 2013-09-24 21:38

.

Pré-execução: 214.609.543.168 bytes disponíveis

Pós execução: 214.675.390.464 bytes disponíveis

.

- - End Of File - - D5E27751348BD102536515C4910FF39D

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Essa já é a quarta execução do ComboFix, por quê?

Compartilhar este post


Link para o post
Compartilhar em outros sites
você vai continuar me ajudando ?

Com certeza ajudo a todos que procuram ajuda, mas é imperativo seguirem as instruções à risca!! Executar múltiplas vezes o ComboFix sem acompanhamento, não apenas é perigoso para você, como dificulta muito minha análise.

Vá para a pasta C:\Qoobox e procure arquivos combofixX.txt

Onde X equivale a um número, depois me informe quantos arquivos tem.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Encontrei esses arquivos na pasta :

2013-09-24 21:38:36 . 2013-09-24 21:38:36 926 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-HijackThis.reg.dat

2013-09-24 21:35:01 . 2013-09-24 21:35:01 15,270 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2013-09-24 21:29:31 . 2013-09-24 21:29:31 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr

2013-09-24 21:26:49 . 2013-09-24 21:29:32 82 ----a-w- C:\Qoobox\Quarantine\catchme.log

2013-07-18 00:03:34 . 2013-09-24 21:26:58 84,035 ----a-w- C:\Qoobox\Quarantine\C\Users\Marcia\AppData\Local\Google\Chrome\User Data\Default\Preferences.vir

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você postou o conteúdo da pasta Quarantine!

Eu preciso saber da pasta anterior, a QOOBOX.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sem problemas, poste um log atualizado do DDS.

Como tem estado o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16514 BrowserJavaVersion: 10.40.2

Run by Marcia at 21:29:33 on 2013-10-16

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.2039.1141 [GMT -3:00]

.

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\WmiPrvSE.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ig.com.br/

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - c:\program files\gbplugin\gbiehuni.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: &Pesquisar: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office12\REFIEBAR.DLL

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\marcia\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\marcia\appdata\local\facebook\messenger\2.1.4814.0\FacebookMessenger.exe

StartupFolder: c:\users\marcia\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: RestrictRun = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: RestrictRun = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\2594A5F4D41425028243435373D21393634392 : DHCPNameServer = 192.168.50.1 8.8.8.8

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\4505D2C494E4B4F5830343137334 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\E4F46514455434022302829383537323D28393332392 : DHCPNameServer = 200.204.0.10

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\E4F46514455434023302829383537323D28393332392 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{4B2EFB14-0852-44A1-B683-5D5627E5717A}\E4F4651445543402829383537323D28393332392 : DHCPNameServer = 192.168.100.1 200.204.0.10 200.204.0.138

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginUni - c:\program files\gbplugin\gbiehUni.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - c:\program files\gbplugin\gbiehuni.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-28 21576]

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-3-28 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-3-28 204784]

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-28 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-28 177864]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2012-1-20 46392]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2013-3-28 104752]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-28 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-28 369584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-28 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-28 66336]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2013-4-23 31088]

R3 netr28u;Driver para Vista do RT2870 USB Wireless LAN Card;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-5 39272]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2013-4-23 31088]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-28 14848]

S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-28 49664]

.

=============== Created Last 30 ================

.

2013-10-15 21:56:47 -------- d-----w- c:\users\marcia\appdata\local\{293765C6-2FA0-4FE6-BF34-4FEFD438BFD4}

2013-10-15 18:17:42 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{77f47d0c-82ad-4833-a9e0-44a477ac8cdb}\mpengine.dll

2013-10-13 09:11:54 -------- d-----w- c:\users\marcia\appdata\local\{30B56917-595A-48E9-A1FF-C3661585DB76}

2013-10-11 09:33:34 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-10-11 09:33:33 6016 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-10-11 09:33:33 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-10-11 09:33:33 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-10-11 09:33:33 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-10-11 09:33:33 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-10-11 09:33:33 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-10-11 08:06:52 231424 ----a-w- c:\windows\system32\mswsock.dll

2013-10-08 20:53:10 -------- d-----w- c:\programdata\Oracle

2013-10-08 20:43:18 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-09-24 21:39:06 -------- d-sh--w- C:\$RECYCLE.BIN

2013-09-24 21:26:54 98816 ----a-w- c:\windows\sed.exe

2013-09-24 21:26:54 256000 ----a-w- c:\windows\PEV.exe

2013-09-24 21:26:54 208896 ----a-w- c:\windows\MBR.exe

2013-09-21 19:24:42 -------- d-----w- c:\users\marcia\appdata\local\{180AC993-EE95-4021-8003-F4224336B174}

.

==================== Find3M ====================

.

2013-10-16 20:31:58 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-10-08 21:39:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-08 21:39:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-08 20:43:04 868264 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-10-08 20:43:03 790440 ----a-w- c:\windows\system32\deployJava1.dll

2013-09-25 13:27:24 46392 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-30 07:48:12 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-08-30 07:48:12 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-30 07:48:11 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-08-30 07:48:11 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr

2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll

2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll

2013-08-23 22:52:18 2681 ----a-w- c:\programdata\tt.bat

2013-08-07 07:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe

2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-08-01 11:03:36 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-20 10:33:12 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-07-19 01:41:01 2048 ----a-w- c:\windows\system32\tzres.dll

.

============= FINISH: 21:31:13,01 ===============

Aparentemente parece tudo normal, porém ele demora a ligar e a desligar!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×